aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rwxr-xr-xconfig/postfix/adexport.pl189
-rw-r--r--config/postfix/postfix.inc654
-rw-r--r--config/postfix/postfix.xml150
-rw-r--r--config/postfix/postfix_acl.xml208
-rw-r--r--config/postfix/postfix_antispam.xml268
-rw-r--r--config/postfix/postfix_recipients.php4
-rw-r--r--config/postfix/postfix_recipients.xml208
-rw-r--r--config/postfix/postfix_sync.xml167
-rw-r--r--config/postfix/postfix_syslog.php5
-rw-r--r--config/postfix/postfix_view_config.php111
-rw-r--r--config/snort/snort_alerts.php23
-rw-r--r--config/snort/snort_check_for_rule_updates.php33
-rw-r--r--config/snort/snort_download_rules.php33
-rw-r--r--config/snort/snort_rules_edit.php10
-rw-r--r--config/squid/squid.inc3
-rw-r--r--config/unbound/unbound.xml2
-rw-r--r--config/unbound/unbound_acls.xml2
-rw-r--r--config/unbound/unbound_advanced.xml2
18 files changed, 1993 insertions, 79 deletions
diff --git a/config/postfix/adexport.pl b/config/postfix/adexport.pl
new file mode 100755
index 00000000..185848f1
--- /dev/null
+++ b/config/postfix/adexport.pl
@@ -0,0 +1,189 @@
+#!/usr/bin/perl -w
+##############################################################################
+#
+# Script to export a list of all email addresses from Active Directory
+# Brian Landers <brian@packetslave.com>
+#
+# This code is in the public domain. Your use of this code is at your own
+# risk, and no warranty is implied. The author accepts no liability for any
+# damages or risks incurred by its use.
+#
+##############################################################################
+# This script would be most useful for generating an access.db file on a
+# sendmail gateway server. You would run it to generate a list of all
+# valid email addresses, then insert those addresses into access.db as
+# follows:
+#
+# To:bob@example.com RELAY
+# To:jim@example.com RELAY
+# To:joe@example.com RELAY
+#
+# Then, you'd create a default entry for the domain that rejects all other
+# recipients (since if they're not in the list, they're by definition invalid).
+#
+# To:example.com ERROR:"User unknown"
+#
+# For this to work, you need to have "example.com" in your relay-domains
+# file (normally /etc/mail/relay-domains), and you need to enable the
+# "blacklist_recipients" FEATURE in your sendmail.mc file.
+#
+# FEATURE(`blacklist_recipients')
+#
+# See also my genaccessdb script at packetslave.com for ideas on how to
+# generate the access.db file from this list of addresses
+#
+##############################################################################
+# $Id: adexport,v 1.2 2011/08/20 23:30:52 blanders Exp $
+
+use strict;
+$|++;
+
+use Net::LDAP;
+use Net::LDAP::Control::Paged;
+use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
+
+#our ($cn,$passwd,$base);
+#($cn,$passwd,$base)=@_ARGV;
+#print "$cn \n $passwd \n $base";
+#exit;
+
+# ---- Constants ----
+our $bind = $ARGV[2].','.$ARGV[1]; # AD account
+our $passwd = $ARGV[3]; # AD password
+our $base = $ARGV[1]; # Start from root
+our @servers;
+push (@servers,$ARGV[0]);
+our $filter = '(|(objectClass=publicFolder)(&(sAMAccountName=*)(mail=*)))';
+# -------------------
+
+
+# We use this to keep track of addresses we've seen
+my %gSeen;
+
+# Connect to the server, try each one until we succeed
+my $ldap = undef;
+foreach( @servers ) {
+ $ldap = Net::LDAP->new( $_ );
+ last if $ldap;
+
+ # If we get here, we didn't connect
+ die "Unable to connect to any LDAP servers!\n";
+}
+
+# Create our paging control. Exchange has a maximum recordset size of
+# 1000 records by default. We have to use paging to get the full list.
+
+my $page = Net::LDAP::Control::Paged->new( size => 100 );
+
+# Try to bind (login) to the server now that we're connected
+my $msg = $ldap->bind( dn => $bind,
+ password => $passwd
+ );
+
+# If we can't bind, we can't continue
+if( $msg->code() ) {
+ die( "error while binding:", $msg->error_text(), "\n" );
+}
+
+# Build the args for the search
+my @args = ( base => $base,
+ scope => "subtree",
+ filter => $filter,
+ attrs => [ "proxyAddresses" ],
+ callback => \&handle_object,
+ control => [ $page ],
+ );
+
+# Now run the search in a loop until we run out of results. This code
+# is taken pretty much directly from the example code in the perldoc
+# page for Net::LDAP::Control::Paged
+
+my $cookie;
+while(1) {
+ # Perform search
+ my $mesg = $ldap->search( @args );
+
+ # Only continue on LDAP_SUCCESS
+ $mesg->code and last;
+
+ # Get cookie from paged control
+ my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last;
+ $cookie = $resp->cookie or last;
+
+ # Set cookie in paged control
+ $page->cookie($cookie);
+}
+
+if( $cookie ) {
+ # We had an abnormal exit, so let the server know we do not want any more
+ $page->cookie($cookie);
+ $page->size(0);
+ $ldap->search( @args );
+}
+
+# Finally, unbind from the server
+$ldap->unbind;
+
+# ------------------------------------------------------------------------
+# Callback function that gets called for each record we get from the server
+# as we get it. We look at the type of object and call the appropriate
+# handler function
+#
+
+sub handle_object {
+
+ my $msg = shift; # Net::LDAP::Message object
+ my $data = shift; # May be Net::LDAP::Entry or Net::LDAP::Reference
+
+ # Only process if we actually got data
+ return unless $data;
+
+ return handle_entry( $msg, $data ) if $data->isa("Net::LDAP::Entry");
+ return handle_reference( $msg, $data ) if $data->isa("Net::LDAP::Reference");
+
+ # If we get here, it was something we're not prepared to handle,
+ # so just return silently.
+
+ return;
+}
+
+# ------------------------------------------------------------------------
+# Handler for a Net::LDAP::Entry object. This is an actual record. We
+# extract all email addresses from the record and output only the SMTP
+# ones we haven't seen before.
+
+sub handle_entry {
+
+ my $msg = shift;
+ my $data = shift;
+
+ # Extract the email addressess, selecting only the SMTP ones, and
+ # filter them so that we only get unique addresses
+
+ my @mails = grep { /^smtp:/i && !$gSeen{$_}++ }
+ $data->get_value( "proxyAddresses" );
+
+ # If we found any, strip off the SMTP: identifier and print them out
+ if( @mails ) {
+ print map { s/^smtp:(.+)$/\L$1\n/i; $_ } @mails;
+ }
+}
+
+# ------------------------------------------------------------------------
+# Handler for a Net::LDAP::Reference object. This is a 'redirect' to
+# another portion of the directory. We simply extract the references
+# from the object and resubmit them to the handle_object function for
+# processing.
+
+sub handle_reference {
+
+ my $msg = shift;
+ my $data = shift;
+
+ foreach my $obj( $data->references() ) {
+
+ # Oooh, recursion! Might be a reference to another reference, after all
+ return handle_object( $msg, $obj );
+ }
+}
+
diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc
index cf470c8f..5577f4d5 100644
--- a/config/postfix/postfix.inc
+++ b/config/postfix/postfix.inc
@@ -27,50 +27,526 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-
require_once("util.inc");
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("globals.inc");
-function sync_package_postfix() {
+function px_text_area_decode($text){
+ return preg_replace('/\r\n/', "\n",base64_decode($text));
+}
+
+function px_get_real_interface_address($iface) {
global $config;
+ $iface = convert_friendly_interface_to_real_interface_name($iface);
+ $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6"));
+ list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line);
+ return array($ip, long2ip(hexdec($netmask)));
+}
+function sync_relay_recipients($via_cron="cron"){
+ global $config;
+ #relay recipients
+ if ($config['installedpackages']['postfixrecipients']['config']) {
+ $relay_recipients="";
+ $relay_ldap_recipients="";
+ $ad_export="/usr/local/etc/postfix/adexport.pl";
+ foreach ($config['installedpackages']['postfixrecipients']['config'] as $postfix_recipients_config) {
+ if($postfix_recipients_config['location'] && file_exists($postfix_recipients_config['location']))
+ $relay_recipients .= file_get_contents($postfix_recipients_config['location']);
+ if($postfix_recipients_config['custom_recipients'])
+ $relay_recipients .= px_text_area_decode($postfix_recipients_config['custom_recipients']);
+ if($postfix_recipients_config['enable_ldap']){
+ #validate cront job
+ if(preg_match("/(\d+)(\w)/",$postfix_recipients_config['freq'],$matches)){
+ $cron_sufix="\t*\t*\troot\t/usr/local/bin/php /usr/local/www/postfix_recipients.php";
+ switch ($matches[2]){
+ case m:
+ $cron= "*/".$matches[1]."\t*\t*".$cron_sufix;
+ break;
+ case h:
+ $cron= "0\t*/".$matches[1]."\t*".$cron_sufix;
+ break;
+ case d:
+ $cron= "0\t0\t*/".$matches[1].$cron_sufix;
+ break;
+ default:
+ $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'";
+ }
+ #update cront job file
+ $crontab = file('/etc/crontab');
+ foreach ($crontab as $line)
+ $new_cron.=(preg_match("/postfix_recipients.php/",$line)?$cron."\n":$line);
+ #include if conf does not exist in crontab
+ $new_cron.=(!preg_match("/postfix_recipients.php/",$new_cron)?"\n".$cron."\n\n":"");
+ file_put_contents("/etc/crontab",$new_cron, LOCK_EX);
+ #check crontab changes
+ $md5_new_file = trim(md5_file('/etc/crontab'));
+ if(file_exists('/etc/crontab.md5'))
+ $md5_old_file = trim(file_get_contents('/etc/crontab.md5'));
+ if($md5_new_file <> $md5_old_file){
+ mwexec('/usr/bin/killall -HUP cron');
+ file_put_contents("/etc/crontab.md5",$md5_new_file, LOCK_EX);
+ }
+ }
+ $relay_ldap_recipients="";
+ if ($via_cron == "gui"){
+ #running via pfsense gui, not time for ldap fetch.
+ $ldap_recipients='/usr/local/etc/postfix/relay_ldap_recipients.txt';
+ if (!file_exists($ldap_recipients))
+ system('/usr/bin/touch '. $ldap_recipients);
+ $relay_ldap_recipients=file_get_contents($ldap_recipients);
+ }
+ else{
+ #running via crontab, time to get ldap content.
+ $ldap_temp=array();
+ foreach ($postfix_recipients_config['row'] as $postfix_ldap) {
+ print "extracting from ".$postfix_ldap['dc']."...";
+ $filename="/usr/local/etc/postfix/relay_ldap_recipients.".$postfix_ldap['dc'].".txt";
+ exec($ad_export." ".$postfix_ldap['dc']." ".$postfix_ldap['cn']." ".$postfix_ldap['username']." ".$postfix_ldap['password'],$ldap_fetch,$status);
+ if ($status == 0){
+ #write backup conf for ldap server
+ $fp=fopen($filename,"w+");
+ foreach($ldap_fetch as $key => $value)
+ fwrite($fp,$value."\n");
+ fclose($fp);
+ }
+ else{
+ if (file_exists($filename)) {
+ #LDAP fetch failed...read backup file.
+ print "Restoring backup file for ".$postfix_ldap['dc']."...";
+ $ldap_fetch=file($filename);
+ }
+ else{
+ #we never got any info from this server.
+ print "There is no backup file for ".$postfix_ldap['dc']."...";
+ $ldap_fetch=array();
+ }
+ }
+ $ldap_all = array_merge($ldap_temp,$ldap_fetch);
+ $ldap_temp=$ldap_all;
+ print "(".count($ldap_fetch).")\n";
+ $ldap_fetch=array();
+ }
+ $ldap_unique=array_unique($ldap_all);
+ print "Total ldap recipients:".count($ldap_all)."\tunique:".count($ldap_unique)."\n";
+ foreach($ldap_unique as $recipient)
+ $relay_ldap_recipients.=($recipient != ""?$recipient." OK\n":"");
+
+ #save ldap relay recipients
+ file_put_contents("/usr/local/etc/postfix/relay_ldap_recipients.txt",$relay_ldap_recipients, LOCK_EX);
+ }
+ }
+ }
+ #save all relay recipients and reload postfix
+ file_put_contents("/usr/local/etc/postfix/relay_recipients",$relay_ldap_recipients."\n".$relay_recipients, LOCK_EX);
+ exec("/usr/local/sbin/postmap /usr/local/etc/postfix/relay_recipients");
+ mwexec("/usr/local/sbin/postfix reload");
+ }
+ if($relay_recipients !="" || $relay_ldap_recipients!="")
+ return("relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients\n");
+}
+function sync_package_postfix() {
+ global $config;
$relay_domains = "";
$transport = "";
- $message_size_limit = "10240000";
-
- if (is_array($config['installedpackages']['postfix']['config'])) {
- foreach ($config['installedpackages']['postfix']['config'] as $postfix_config) {
- if (isset($postfix_config['message_size_limit']))
- $message_size_limit = $postfix_config['message_size_limit'];
- if (is_array($postfix_config['row'])) {
- foreach ($postfix_config['row'] as $postfix_row) {
- $relay_domains .= ' ' . $postfix_row['domain'];
- if (!empty($postfix_row['mailserverip']))
- $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n";
+ $postfix_config=$config['installedpackages']['postfix']['config'][0];
+ $message_size_limit=($postfix_config['message_size_limit']?$postfix_config['message_size_limit']:"10240000");
+ $process_limit=($postfix_config['process_limit']?$postfix_config['process_limit']:"100");
+ if (is_array($postfix_config['row'])) {
+ foreach ($postfix_config['row'] as $postfix_row) {
+ $relay_domains .= ' ' . $postfix_row['domain'];
+ if (!empty($postfix_row['mailserverip']))
+ $transport .= $postfix_row['domain'] . " smtp:[" . $postfix_row['mailserverip'] . "]\n";
}
}
+ #check logging
+ if ($postfix_config['log_to']){
+ switch($postfix_config['log_to']){
+ case 'maillog':
+ system("/usr/bin/touch /var/log/maillog");
+ $mail_syslog="mail.crit;";
+ break;
+ case 'none':
+ $mail_syslog="mail.crit;";
+ break;
+ default:
+ $mail_syslog='mail.*;';
+ break;
+ }
+ #update /etc/inc/system.inc
+ $sys_log_file='/etc/inc/system.inc';
+ $sys_log = file($sys_log_file);
+ $new_sys_log="";
+ $found_mail=0;
+ foreach ($sys_log as $line){
+ $new_line=preg_replace('/mail.(.|crit);/',$mail_syslog,$line);
+ #set syslog entry mail.* %/var/log/maillog when log_to = system
+ if (preg_match ('/mail.(.|crit);/',$line) && $postfix_config['log_to'] =="maillog")
+ $new_sys_log .= 'mail.*'."\t\t\t\t\t\t".'/var/log/maillog'."\n";
+ #remove syslog entry mail.* %/var/log/maillog when log_to != system
+ if (preg_match ("/^mail/",$line))
+ $new_sys_log .="";
+ else
+ $new_sys_log .= $new_line;
+ }
+ if (!file_exists('/root/system.inc.backup')) {
+ copy ($sys_log_file,'/root/system.inc.backup');
+ }
+ file_put_contents($sys_log_file,$new_sys_log, LOCK_EX);
+ #mwexec('/usr/local/bin/php -q /usr/local/www/postfix_syslog.php');
+ #restart syslog daemon
+ system_syslogd_start();
+ }
+
+ /*
+ #insert new syslog definition
+ if (preg_match("/.*mail.crit.(.*)/",$line,$matches)){
+ if ($postfix_config['log_to'] == "/var/log/system.log"){
+ system("/usr/bin/touch /var/log/maillog");
+ $new_sys_log .= $postfix_log.$matches[1]."\n".$line;
+ }
+ else
+ {$new_sys_log .= $postfix_log.$postfix_log_sufix."\n".$line;}
+ }
+ else{
+ #remove previous syslog definition
+ $new_sys_log .= (preg_match("/mail.(info|debug|log)/",$line)?"":$line);
+ }
+ }
+ file_put_contents($sys_log_file,$new_sys_log, LOCK_EX);
+
+ }
+
+ #update /var/etc/syslog.conf
+ $sys_log_file="/var/etc/syslog.conf";
+ $sys_log = file($sys_log_file);
+ $postfix_log .= $postfix_log_sufix;
+ $new_sys_log="";
+ foreach ($sys_log as $line)
+ $new_sys_log.=(preg_match("/mail.(info|debug|log)/",$line)?$postfix_log."\n":$line);
+ #include if conf does not exist in crontab
+ $new_sys_log.=(!preg_match("/mail.(info|debug|log)/",$new_sys_log)?"\n".$postfix_log."\n\n":"");
+ file_put_contents($sys_log_file,$new_sys_log, LOCK_EX);
+ #check crontab changes
+ $md5_new_file = trim(md5_file($sys_log_file));
+ $md5_old_file = trim(file_get_contents($sys_log_file.'.md5'));
+ if($md5_new_file <> $md5_old_file){
+ mwexec('/usr/bin/killall -HUP syslogd');
+ file_put_contents($sys_log_file.'.md5',$md5_new_file, LOCK_EX);
}
+ */
+ #}
+
+ #check_debug
+ if($postfix_config['debug_list'] && $postfix_config['debug_list']!=""){
+ $check_debug ="\n#Debugging postfix\n";
+ $check_debug.="debug_peer_list = ".px_text_area_decode($postfix_config['debug_list'])."\n";
+ $check_debug.="debug_peer_level = ".$postfix_config['debug_level']."\n\n";
}
+ #check relay recipients
+ $all_relay_recipients=sync_relay_recipients('gui');
+
+ $copyright=<<<ABOUT
+#Part of the Postfix package for pfSense
+#Copyright (C) 2010 Erik Fonnesbeck
+#Copyright (C) 2011 Marcello Coutinho
+#All rights reserved.
+#DO NOT EDIT THIS FILE
+
- $postfix_main =
+ABOUT;
+ $postfix_main="#main.cf\n".$copyright;
+ #Header Maps
+ if ($config['installedpackages']['postfixacl']['config'][0]['header_maps']){
+ $postfix_main .= "header_checks = regexp:/usr/local/etc/postfix/header_check\n";
+ $header_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['header_maps']);
+ }
+ #MIME Maps
+ if ($config['installedpackages']['postfixacl']['config'][0]['mime_maps']){
+ $postfix_main .= "mime_header_checks = regexp:/usr/local/etc/postfix/mime_check\n";
+ $mime_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['mime_maps']);
+ }
+ #Body Maps
+ if ($config['installedpackages']['postfixacl']['config'][0]['body_maps']){
+ $postfix_main .= "body_checks = regexp:/usr/local/etc/postfix/body_check\n";
+ $body_check = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['body_maps']);
+ }
+ #Client CIDR
+ if ($config['installedpackages']['postfixacl']['config'][0]['cal_cidr']){
+ if ($antispam['zombie_blocker']=='disabled')
+ $cal_cidr = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['cal_cidr']);
+ else
+ #formatar o arquivo retirando os 'oks'
+ $cal_cidr_tmp = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['cal_cidr']);
+ $cal_cidr = preg_replace('/ ok/i'," permit",$cal_cidr_tmp);
+ }
+ #Client REGEXP
+ if ($config['installedpackages']['postfixacl']['config'][0]['cal_regexp']){
+ $cal_regexp = px_text_area_decode($config['installedpackages']['postfixacl']['config'][0]['cal_regexp']);
+ }
+ $postfix_main .= px_text_area_decode($postfix_config['maincf'])."\n".
"relay_domains ={$relay_domains}\n" .
"transport_maps = hash:/usr/local/etc/postfix/transport\n" .
"local_recipient_maps =\n" .
+ $all_relay_recipients.
"mydestination =\n" .
"mynetworks_style = host\n" .
- "message_size_limit = {$message_size_limit}\n";
+ "message_size_limit = {$message_size_limit}\n" .
+ "default_process_limit = {$process_limit}\n";
+ #assign antispam options
+ $antispam=$config['installedpackages']['postfixantispam']['config'][0];
+
+ if($antispam['antispam_enabled']){
+ switch ($antispam['antispam_software']){
+ case "mailscanner":
+ $header_check .= (!preg_match("/^Received:/",$header_check)?"\n/^Received:/ HOLD\n":"");
+ $postfix_main_antispam = "#Saving all mail after header/body/rbl/spf checks to mailscanner\n\n";
+ break;
+ case "policyd2":
+ if ($antispam['antispam_location']){
+ $postfix_main_antispam = <<<EOF
+#using policyd v2
+client_throttle = check_policy_service {$antispam['antispam_location']}
+smtpd_client_restrictions = check_policy_service {$antispam['antispam_location']}
+smtpd_restriction_classes =
+ has_our_domain_as_sender
+ client_throttle
+smtpd_end_of_data_restrictions = check_policy_service {$antispam['antispam_location']}
+
+
+EOF;
+ }
+ else{
+ $postfix_main_antispam = "Policyd v2 has no location set.\n\n";
+ }
+ break;
+ }
+ }
+
+ if ($antispam['header_check'] == "strong")
+ {
+ $postfix_main .= <<<EOF
+disable_vrfy_command = yes
+strict_rfc821_envelopes = yes
+
+#Just reject after helo,sender,client,recipient tests
+smtpd_delay_reject = yes
+
+# Don't talk to mail systems that don't know their own hostname.
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_unknown_helo_hostname
+
+smtpd_sender_restrictions = reject_non_fqdn_sender,
+ reject_unknown_sender_domain,
+ reject_unauth_pipelining,
+ reject_multi_recipient_bounce,
+ permit
+# Allow connections from specified local clients and strong check everybody else.
+smtpd_client_restrictions = check_client_access regexp:/usr/local/etc/postfix/cal_regexp,
+ check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
+ reject_unknown_client_hostname,
+ reject_unauth_pipelining,
+ reject_multi_recipient_bounce,
+ permit
+
+smtpd_recipient_restrictions = reject_invalid_helo_hostname,
+ reject_unknown_recipient_domain,
+ reject_non_fqdn_helo_hostname,
+ reject_non_fqdn_recipient,
+ reject_unauth_destination,
+ reject_unauth_pipelining,
+ reject_multi_recipient_bounce,
+ SPFSPFSPFRBLRBLRBL
+
+EOF;
+ }
+else
+ {
+ #erro nas listas de bloqueio
+ $postfix_main .= <<<EOF
+#Just reject after helo,sender,client,recipient tests
+smtpd_delay_reject = yes
+
+# Don't talk to mail systems that don't know their own hostname.
+smtpd_helo_required = yes
+smtpd_helo_restrictions = reject_unknown_helo_hostname
+
+smtpd_sender_restrictions = reject_unknown_sender_domain,
+ RBLRBLRBL
+
+# Allow connections from specified local clients and rbl check everybody else if rbl check are set.
+smtpd_client_restrictions = check_client_access regexp:/usr/local/etc/postfix/cal_regexp,
+ check_client_access cidr:/usr/local/etc/postfix/cal_cidr,
+ RBLRBLRBL
+
+# Whitelisting: local clients may specify any destination domain.
+smtpd_recipient_restrictions = reject_unauth_destination,
+ SPFSPFSPFRBLRBLRBL
+
+EOF;
+ }
+#check spf option
+$spf=($antispam['postfix_spf']?"check_policy_service unix:private/spf,\n\t\t\t\t":"");
+$postfix_main=preg_replace("/SPFSPFSPF/",$spf,$postfix_main);
+$postfix_main .= $postfix_main_antispam.$check_debug;
+switch ($antispam['zombie_blocker'])
+ {
+ case "enforce":
+ case "drop":
+ case "ignore":
+ $postscreen=1;
+ break;
+
+ case "disabled":
+ $postscreen=0;
+ break;
+ }
+ if ($antispam['soft_bounce'] == "enabled")
+ {
+ $postfix_main.="soft_bounce = yes\n";
+ }
+
+ if ($postscreen==1) #Postscreen enabled
+ {
+ if(preg_match("/(\d+),(\d+)(s|m|h|w)/",$antispam['greet_time'],$greet)){
+ $postfix_main.='postscreen_greet_wait = ${stress?'.$greet[1].'}${stress:'.$greet[2].'}'.$greet[3]."\n";
+ }
+ $ag=$antispam['after_greeting'];
+ if($ag["postscreen_disable_vrfy_command"]){
+ $postfix_main.="postscreen_disable_vrfy_command = yes\n";
+ }
+ if($ag["postscreen_non_smtp_command_enable"]){
+ $postfix_main.="postscreen_non_smtp_command_enable = yes\n";
+ $postfix_main.="postscreen_non_smtp_command_action = ".$antispam['zombie_blocker']."\n";
+ }
+ if($ag["postscreen_pipelining_enable"]){
+ $postfix_main.="postscreen_pipelining_enable = yes\n";
+ $postfix_main.="postscreen_pipelining_action = ".$antispam['zombie_blocker']."\n";
+ }
+ if($ag["postscreen_bare_newline_enable"]){
+ $postfix_main.="postscreen_bare_newline_enable = yes\n";
+ $postfix_main.="postscreen_bare_newline_action = ".$antispam['zombie_blocker']."\n";
+ }
+ if($ag["postscreen_greet_check"]){
+ $postfix_main.="postscreen_greet_action = ".$antispam['zombie_blocker']."\n";
+ }
+
+ $postfix_main.="postscreen_access_list = cidr:/usr/local/etc/postfix/cal_cidr\n";
+ $postfix_main.="postscreen_dnsbl_action= ".$antispam['zombie_blocker']."\n";
+ $postfix_main.="postscreen_blacklist_action= ".$antispam['zombie_blocker']."\n";
+
+ #postscreen interface loop
+ $ifaces = ($postfix_config['enabled_interface'] ? $postfix_config['enabled_interface'] : 'wan');
+ $real_ifaces = array();
+ $postfix_master="";
+ foreach (explode(",", $ifaces) as $i => $iface) {
+ $real_ifaces[] = px_get_real_interface_address($iface);
+ if($real_ifaces[$i][0]) {
+ $postfix_master .=$real_ifaces[$i][0].":25 inet n - n - 1 postscreen\n";
+ $postfix_master .=($antispam['soft_bounce'] == "postscreen"?" -o soft_bounce=yes\n":"");
+ }
+ }
+ $postfix_master .= $postfix_inets.<<<MASTEREOF
+smtpd pass - - n - - smtpd
+dnsblog unix - - n - 0 dnsblog
+tlsproxy unix - - n - 0 tlsproxy
+
+MASTEREOF;
+ $rbl2="";
+ if ($antispam['rbl_servers'] != "")
+ {
+ $postfix_main .= "postscreen_dnsbl_sites=" . $antispam['rbl_servers']."\n";
+ $postfix_main .= "postscreen_dnsbl_threshold=" . $antispam['rbl_threshold']."\n";
+ }
+ }
+ else
+ { #Postscreen disabled
+ if ($antispam['rbl_servers'] != "")
+ {
+ $RBL = explode(",",$antispam['rbl_servers']);
+ foreach ($RBL as $rbl)
+ {
+ $prefix=($rbl2 !=""?"\t\t\t\t":"");
+ $rbl2.= $prefix."reject_rbl_client $rbl,\n";
+ }
+ }
+
+ #interface loop
+ $postfix_inets="";
+ $ifaces = ($postfix_config['enabled_interface'] ? $postfix_config['enabled_interface'] : 'loopback');
+ $real_ifaces = array();
+ $postfix_master="";
+ foreach (explode(",", $ifaces) as $i => $iface) {
+ $real_ifaces[] = px_get_real_interface_address($iface);
+ if($real_ifaces[$i][0]) {
+ $postfix_master .=$real_ifaces[$i][0].":25 inet n - n - 1 smtpd\n";
+ }
+ }
+
+ }
+ $rbl2.=($rbl2 !=""?"\t\t\t\tpermit\n":"permit\n");
+ $postfix_main=preg_replace("/RBLRBLRBL/",$rbl2,$postfix_main);
+ $postfix_master .= <<<MASTEREOF2
+pickup fifo n - n 60 1 pickup
+cleanup unix n - n - 0 cleanup
+qmgr fifo n - n 300 1 qmgr
+tlsmgr unix - - n 1000? 1 tlsmgr
+rewrite unix - - n - - trivial-rewrite
+bounce unix - - n - 0 bounce
+defer unix - - n - 0 bounce
+trace unix - - n - 0 bounce
+verify unix - - n - 1 verify
+flush unix n - n 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - n - - smtp
+relay unix - - n - - smtp
+ -o smtp_fallback_relay=
+showq unix n - n - - showq
+error unix - - n - - error
+retry unix - - n - - error
+discard unix - - n - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+anvil unix - - n - 1 anvil
+scache unix - - n - 1 scache
+spf unix - n n - - spawn
+ user=nobody argv=/usr/local/sbin/postfix-policyd-spf
+# -o user=nobody
+# -o argv=/usr/local/sbin/postfix-policyd-spf
+
+MASTEREOF2;
+
conf_mount_rw();
log_error("Writing out configuration");
file_put_contents("/usr/local/etc/postfix/main.cf", $postfix_main, LOCK_EX);
+ file_put_contents("/usr/local/etc/postfix/master.cf", $postfix_master, LOCK_EX);
file_put_contents("/usr/local/etc/postfix/transport", $transport, LOCK_EX);
- exec("/usr/local/sbin/postmap /usr/local/etc/postfix/transport");
+ file_put_contents("/usr/local/etc/postfix/cal_cidr", $cal_cidr, LOCK_EX);
+ file_put_contents("/usr/local/etc/postfix/cal_regexp", $cal_regexp, LOCK_EX);
+ file_put_contents("/usr/local/etc/postfix/header_check", $header_check, LOCK_EX);
+ file_put_contents("/usr/local/etc/postfix/mime_check", $mime_check, LOCK_EX);
+ file_put_contents("/usr/local/etc/postfix/body_check", $body_check, LOCK_EX);
+ $FILES=array("transport");
+ foreach ($FILES as $file)
+ {
+ mwexec("/usr/local/sbin/postmap /usr/local/etc/postfix/".$file);
+ }
+
if (!is_dir("/etc/mail"))
mkdir("/etc/mail", 0755);
if (!file_exists("/etc/mail/aliases"))
touch("/etc/mail/aliases");
exec("/usr/local/bin/newaliases");
-
+ postfix_start();
+ postfix_sync_on_changes();
+}
+function postfix_start(){
+ global $config;
$start = "/usr/local/sbin/postfix start\n";
$stop = "/usr/local/sbin/postfix stop\n";
log_error("Writing rc_file");
@@ -78,18 +554,34 @@ function sync_package_postfix() {
conf_mount_ro();
- log_error("Stopping postfix");
- mwexec("/usr/local/etc/rc.d/postfix.sh stop");
sleep(1);
- log_error("Starting postfix");
- mwexec_bg("/usr/local/etc/rc.d/postfix.sh start");
- log_error("Postfix setup completed");
+ if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){
+ log_error("Reloading/starting postfix");
+ system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh');
+ mwexec_bg("/usr/local/sbin/postfix reload || /usr/local/sbin/postfix start");
+ log_error("Postfix setup completed");
+ }
+ else{
+ log_error("Stopping postfix");
+ mwexec("/usr/local/etc/rc.d/postfix.sh stop");
+ system('/bin/chmod -x /usr/local/etc/rc.d/postfix.sh');
+ }
}
function postfix_validate_input($post, &$input_errors) {
foreach ($post as $key => $value) {
if (empty($value))
continue;
+ if($key == "greet_time" && !preg_match("/(\d+),(\d+)(s|m|h|w)/",$value))
+ $input_errors[] = "Wrong greet time sintax.";
+ if($key == "message_size_limit" && !is_numeric($value))
+ $input_errors[] = "Message size limit must be numeric.";
+ if($key == "process_limit" && !is_numeric($value))
+ $input_errors[] = "Process limit must be numeric.";
+ if($key == "freq" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0))
+ $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'";
+ if (substr($key, 0, 2) == "dc" && !is_hostname($value))
+ $input_errors[] = "{$value} is not a valid host name.";
if (substr($key, 0, 6) == "domain" && is_numeric(substr($key, 6))) {
if (!is_domain($value))
$input_errors[] = "{$value} is not a valid domain name.";
@@ -103,6 +595,9 @@ function postfix_validate_input($post, &$input_errors) {
}
function postfix_php_install_command() {
+ #small freebsd packages for full functional ldap and spf options
+ system('/usr/sbin/pkg_add -r postfix-policyd-spf');
+ #system('/usr/sbin/pkg_add -r p5-perl-ldap');
sync_package_postfix();
}
@@ -114,4 +609,117 @@ function postfix_php_deinstall_command() {
conf_mount_ro();
}
-?> \ No newline at end of file
+/* Uses XMLRPC to synchronize the changes to a remote node */
+function postfix_sync_on_changes() {
+ global $config, $g;
+ log_error("[postfix] postfix_xmlrpc_sync.php is starting.");
+ $synconchanges = $config['installedpackages']['postfixsync']['config'][0]['synconchanges'];
+ if(!$synconchanges)
+ return;
+ foreach ($config['installedpackages']['postfixsync']['config'] as $rs ){
+ foreach($rs['row'] as $sh){
+ $sync_to_ip = $sh['ipaddress'];
+ $password = $sh['password'];
+ if($password && $sync_to_ip)
+ postfix_do_xmlrpc_sync($sync_to_ip, $password);
+ }
+ }
+ log_error("[postfix] postfix_xmlrpc_sync.php is ending.");
+}
+
+/* Do the actual XMLRPC sync */
+function postfix_do_xmlrpc_sync($sync_to_ip, $password) {
+ global $config, $g;
+
+ if(!$password)
+ return;
+
+ if(!$sync_to_ip)
+ return;
+
+ $xmlrpc_sync_neighbor = $sync_to_ip;
+ if($config['system']['webgui']['protocol'] != "") {
+ $synchronizetoip = $config['system']['webgui']['protocol'];
+ $synchronizetoip .= "://";
+ }
+ $port = $config['system']['webgui']['port'];
+ /* if port is empty lets rely on the protocol selection */
+ if($port == "") {
+ if($config['system']['webgui']['protocol'] == "http")
+ $port = "80";
+ else
+ $port = "443";
+ }
+ $synchronizetoip .= $sync_to_ip;
+
+ /* xml will hold the sections to sync */
+ $xml = array();
+ $xml['postfix'] = $config['installedpackages']['postfix'];
+ $xml['postfixacl'] = $config['installedpackages']['postfixacl'];
+ $xml['postfixrecipients'] = $config['installedpackages']['postfixrecipients'];
+ $xml['postfixantispam'] = $config['installedpackages']['postfixantispam'];
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($xml)
+ );
+
+ /* set a few variables needed for sync code borrowed from filter.inc */
+ $url = $synchronizetoip;
+ log_error("Beginning Postfix XMLRPC sync to {$url}:{$port}.");
+ $method = 'pfsense.merge_installedpackages_section_xmlrpc';
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ if($g['debug'])
+ $cli->setDebug(1);
+ /* send our XMLRPC message and timeout after 250 seconds */
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port}.";
+ log_error($error);
+ file_notice("sync_settings", $error, "Postfix Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "Postfix Settings Sync", "");
+ } else {
+ log_error("Postfix XMLRPC sync successfully completed with {$url}:{$port}.");
+ }
+
+ /* tell postfix to reload our settings on the destionation sync host. */
+ $method = 'pfsense.exec_php';
+ $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n";
+ $execcmd .= "sync_package_postfix();";
+
+ /* assemble xmlrpc payload */
+ $params = array(
+ XML_RPC_encode($password),
+ XML_RPC_encode($execcmd)
+ );
+
+ log_error("postfix XMLRPC reload data {$url}:{$port}.");
+ $msg = new XML_RPC_Message($method, $params);
+ $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
+ $cli->setCredentials('admin', $password);
+ $resp = $cli->send($msg, "250");
+ if(!$resp) {
+ $error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port} (pfsense.exec_php).";
+ log_error($error);
+ file_notice("sync_settings", $error, "postfix Settings Sync", "");
+ } elseif($resp->faultCode()) {
+ $cli->setDebug(1);
+ $resp = $cli->send($msg, "250");
+ $error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
+ log_error($error);
+ file_notice("sync_settings", $error, "postfix Settings Sync", "");
+ } else {
+ log_error("postfix XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php).");
+ }
+
+}
+
+?>
diff --git a/config/postfix/postfix.xml b/config/postfix/postfix.xml
index 831be1e4..11d0c92a 100644
--- a/config/postfix/postfix.xml
+++ b/config/postfix/postfix.xml
@@ -10,8 +10,10 @@
postfix.xml
part of the Postfix package for pfSense
Copyright (C) 2010 Erik Fonnesbeck
+ Copyright (C) 2011 Marcello Coutinho
+
All rights reserved.
- */
+ */
/* ========================================================================== */
/*
Redistribution and use in source and binary forms, with or without
@@ -42,8 +44,8 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>postfix</name>
- <version>1.1</version>
- <title>Services: Postfix Forwarder</title>
+ <version>1.2</version>
+ <title>Services: Postfix relay and antispam</title>
<include_file>/usr/local/pkg/postfix.inc</include_file>
<menu>
<name>Postfix Forwarder</name>
@@ -61,20 +63,158 @@
<prefix>/usr/local/pkg/</prefix>
<chmod>0755</chmod>
</additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_acl.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_antispam.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_sync.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_view_config.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/adexport.pl</item>
+ <prefix>/usr/local/etc/postfix</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+<tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>ACLs / Filter Maps</text>
+ <url>/pkg_edit.php?xml=postfix_acl.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Valid recipients</text>
+ <url>/pkg_edit.php?xml=postfix_recipients.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Antispam</text>
+ <url>/pkg_edit.php?xml=postfix_antispam.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=postfix_sync.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>View config files</text>
+ <url>/postfix_view_config.php</url>
+ </tab>
+</tabs>
<fields>
<field>
<name>Postfix General Settings</name>
<type>listtopic</type>
</field>
<field>
+ <fielddescr>Enable Postfix </fielddescr>
+ <fieldname>enable_postfix</fieldname>
+ <type>checkbox</type>
+ <description></description>
+ </field>
+ <field>
+ <fielddescr>Listen interface(s)</fielddescr>
+ <fieldname>enabled_interface</fieldname>
+ <description><![CDATA[Interface(s) that daemon will bind to.<br>Do not listen on WAN without a good "antispam/close relay" configuration.]]></description>
+ <type>interfaces_selection</type>
+ <required/>
+ <default_value>loopback</default_value>
+ <multiple/>
+ </field>
+ <field>
<fielddescr>Maximum message size</fielddescr>
<fieldname>message_size_limit</fieldname>
<type>input</type>
+ <size>10</size>
<description>
This setting governs the largest message size that will be accepted by this mail server. Ensure you have enough space to accommodate this size, and ensure this setting matches or is lower than the destination server(s).&lt;br/&gt;Default: 10240000 (10MB).
</description>
</field>
<field>
+ <fielddescr>Process Limit</fielddescr>
+ <fieldname>process_limit</fieldname>
+ <type>input</type>
+ <size>10</size>
+ <description>
+ The default maximal number of Postfix child processes that provide a given service.&lt;br/&gt;Default: 100
+ </description>
+ </field>
+ <field>
+ <fielddescr>custom main.cf options</fielddescr>
+ <fieldname>maincf</fieldname>
+ <description>Paste your custom code here. This code will be included at main.cf postfix file</description>
+ <type>textarea</type>
+ <cols>70</cols>
+ <rows>03</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <name>Logging</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Destination</fielddescr>
+ <fieldname>log_to</fieldname>
+ <description><![CDATA[Choose where you want to save log information about mails on this server.<br>
+ Using system log you can forward logging to a syslog server.<BR>
+ Status -> system Logs -> Settings]]></description>
+ <type>select</type>
+ <options>
+ <option><name>System log</name><value>system</value></option>
+ <option><name>/var/log/maillog</name><value>maillog</value></option>
+ <option><name>Disable logging</name><value>none</value></option>
+ </options>
+ </field>
+
+ <field>
+ <fielddescr>Debug peer list</fielddescr>
+ <fieldname>debug_list</fieldname>
+ <description><![CDATA[The "debug_peer_list" parameter specifies an optional list of domain or network patterns, /file/name patterns or type:name tables.<br>
+ When an SMTP client or server host name or address matches a pattern, increase the verbose logging level by the amount specified in the "debug_peer_level" parameter.]]></description>
+ <type>textarea</type>
+ <cols>70</cols>
+ <rows>3</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <fielddescr>Debug peer level</fielddescr>
+ <fieldname>debug_level</fieldname>
+ <description><![CDATA[The "debug_peer_level" parameter specifies the increment in verbose logging level when an SMTP client or server host name or address matches a pattern in the "debug_peer_list" parameter.]]></description>
+ <type>select</type>
+ <options>
+ <option><name>2</name><value>2</value></option>
+ <option><name>3</name><value>3</value></option>
+ <option><name>4</name><value>4</value></option>
+ <option><name>5</name><value>5</value></option>
+ <option><name>6</name><value>6</value></option>
+ </options>
+ </field>
+
+ <field>
<name>Domains to Forward</name>
<type>listtopic</type>
</field>
@@ -88,14 +228,14 @@
<fieldname>domain</fieldname>
<description>Enter the domain here (ex: example.com)</description>
<type>input</type>
- <size>20</size>
+ <size>30</size>
</rowhelperfield>
<rowhelperfield>
<fielddescr>Mail Server IP</fielddescr>
<fieldname>mailserverip</fieldname>
<description>Enter the mail server IP to forward to here.</description>
<type>input</type>
- <size>20</size>
+ <size>40</size>
</rowhelperfield>
</rowhelper>
</field>
diff --git a/config/postfix/postfix_acl.xml b/config/postfix/postfix_acl.xml
new file mode 100644
index 00000000..9c59c102
--- /dev/null
+++ b/config/postfix/postfix_acl.xml
@@ -0,0 +1,208 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ postfix.xml
+ part of the Postfix package for pfSense
+ Copyright (C) 2010 Marcello Coutinho
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>postfixacl</name>
+ <version>1.0</version>
+ <title>Services: Postfix relay and antispam</title>
+ <include_file>/usr/local/pkg/postfix.inc</include_file>
+ <menu>
+ <name>Postfix Antispam and mail Relay</name>
+ <tooltiptext>Configure Postfix Forwarder</tooltiptext>
+ <section>Services</section>
+ <url>pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>postfix</name>
+ <rcfile>postfix.sh</rcfile>
+ <executable>master</executable>
+ </service>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_acl.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_antispam.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_sync.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_view_config.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>ACLs / Filter Maps</text>
+ <url>/pkg_edit.php?xml=postfix_acl.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Valid recipients</text>
+ <url>/pkg_edit.php?xml=postfix_recipients.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Antispam</text>
+ <url>/pkg_edit.php?xml=postfix_antispam.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=postfix_sync.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>View config files</text>
+ <url>/postfix_view_config.php</url>
+ </tab>
+ </tabs>
+ <fields>
+ <field>
+ <name>Filters while receiving mail</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Header</fielddescr>
+ <fieldname>header_maps</fieldname>
+ <description><![CDATA[<strong>REGEXP filters</strong><a href=http://www.postfix.org/regexp_table.5.html> that are applied to initial message headers(except for the headers that are processed with mime_header_checks</a> Hint:<br>
+ /^Subject: viagra|cialis|levitra|day price:/i REJECT<br>
+ /^From: spammer@myspam.net/i REJECT<br>
+ /^From: *@mytrustdomain OK<br>
+ See http://www.postfix.org/header_checks.5.html for more help]]>
+ </description>
+ <type>textarea</type>
+ <cols>80</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <fielddescr>MIME</fielddescr>
+ <fieldname>mime_maps</fieldname>
+ <description><![CDATA[<strong>REGEXP filters</strong><a href=http://www.postfix.org/regexp_table.5.html> that are applied to MIME related message headers only.</a> Hint:<br>
+ /^name=[^>]*\.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.<br>
+ /^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?\.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|\{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}\})\b/ REJECT ".$2" file attachment types not allowed]]>
+ </description>
+ <type>textarea</type>
+ <cols>80</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <fielddescr>body</fielddescr>
+ <fieldname>body_maps</fieldname>
+ <description><![CDATA[<strong>REGEXP filters</strong><a href=http://www.postfix.org/regexp_table.5.html> that are applied to all other content, including multi-part message boundaries.</a> Hint:<br>
+ # First skip over base 64 encoded text to save CPU cycles.<br>
+ ~^[[:alnum:]+/]{60,}$~ OK]]>
+ </description>
+ <type>textarea</type>
+ <cols>80</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+
+ <field>
+ <name>Client Access List</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>CIDR</fielddescr>
+ <fieldname>cal_cidr</fieldname>
+ <description><![CDATA[Paste your client access list in CIDR format(standard ip/domain and action) one per line.<br>
+ This list is used by postfix/postscreen to check who has access or not to this relay. Hint:<br>
+ 192.168.3.2 OK<br>spammer.junkdomain.com REJECT]]>
+ </description>
+ <type>textarea</type>
+ <cols>80</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+ <field>
+ <fielddescr>REGEXP</fielddescr>
+ <fieldname>cal_regexp</fieldname>
+ <description><![CDATA[Paste your client access list in REGEXP format one per line.<br>
+ This list is used by postfix to check who has access or not to this relay.Hint:<br>
+ /.*\.dsl\..*/ REJECT DSLs not allowed<br>
+ /.*\.adsl\..*/ REJECT DSLs not allowed]]>
+ </description>
+ <type>textarea</type>
+ <cols>80</cols>
+ <rows>10</rows>
+ <encoding>base64</encoding>
+ </field>
+ </fields>
+ <custom_php_install_command>
+ postfix_php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ postfix_php_deinstall_command();
+ </custom_php_deinstall_command>
+ <custom_php_validation_command>
+ postfix_validate_input($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ sync_package_postfix();
+ </custom_php_resync_config_command>
+</packagegui>
diff --git a/config/postfix/postfix_antispam.xml b/config/postfix/postfix_antispam.xml
new file mode 100644
index 00000000..ef794776
--- /dev/null
+++ b/config/postfix/postfix_antispam.xml
@@ -0,0 +1,268 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ postfix.xml
+ part of the Postfix package for pfSense
+ Copyright (C) 2011 Marcello Coutinho
+
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>postfix_antispam</name>
+ <version>1.0</version>
+ <title>Services: Postfix relay and antispam</title>
+ <include_file>/usr/local/pkg/postfix.inc</include_file>
+ <menu>
+ <name>Postfix Antispam and mail Relay</name>
+ <tooltiptext>Configure Postfix Forwarder</tooltiptext>
+ <section>Services</section>
+ <url>pkg_edit.php?xml=postfix_antispam.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>postfix</name>
+ <rcfile>postfix.sh</rcfile>
+ <executable>master</executable>
+ </service>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_acl.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_antispam.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_sync.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_view_config.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+<tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>ACLs / Filter Maps</text>
+ <url>/pkg_edit.php?xml=postfix_acl.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Valid recipients</text>
+ <url>/pkg_edit.php?xml=postfix_recipients.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Antispam</text>
+ <url>/pkg_edit.php?xml=postfix_antispam.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=postfix_sync.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>View config files</text>
+ <url>/postfix_view_config.php</url>
+ </tab>
+</tabs>
+ <fields>
+ <field>
+ <name>Postfix Antispam Settings</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Header verification </fielddescr>
+ <fieldname>header_check</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>Strong</name><value>strong</value></option>
+ <option><name>Basic</name><value>basic</value></option>
+ </options>
+ <description>Enable sender, client, recipients and rfc verification</description>
+ </field>
+ <field>
+ <fielddescr>Zombie blocker</fielddescr>
+ <fieldname>zombie_blocker</fieldname>
+ <description>
+ <![CDATA[<a target=_new href='http://www.postfix.org/POSTSCREEN_README.html'>Use postfix 2.8 Postscreen feature to detect zombie spammers</a>]]>
+ </description>
+ <type>select</type>
+ <options>
+ <option><name>Enabled with enforce</name><value>enforce</value></option>
+ <option><name>Enabled with drop</name><value>drop</value></option>
+ <option><name>Enabled with ignore</name><value>ignore</value></option>
+ <option><name>Disabled</name><value>disabled</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>greet wait time</fielddescr>
+ <fieldname>greet_time</fieldname>
+ <type>input</type>
+ <size>10</size>
+ <description><![CDATA[<strong>syntax: 2,6s&nbsp;&nbsp;&nbsp;</strong>(default: up to 2 seconds under stress, up to 6 seconds otherwise)<br>
+ The amount of time that postscreen will wait for an SMTP client to send a command before its turn, and for DNS blocklist lookup results to arrive .<br>
+ Specify a non-zero time value (an integral value plus an optional one-letter suffix that specifies the time unit).<br>
+ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).]]>
+ </description>
+ </field>
+ <field>
+ <fielddescr>After greeting tests</fielddescr>
+ <fieldname>after_greeting</fieldname>
+ <description>
+ <![CDATA[<a target=_new href='http://www.postfix.org/POSTSCREEN_README.html'>Postscreen After greeting tests. All these options are recomended.</a>]]>
+ </description>
+ <type>select</type>
+ <options>
+ <option><name>postscreen_bare_newline_enable</name><value>postscreen_bare_newline_enable</value></option>
+ <option><name>postscreen_disable_vrfy_command</name><value>postscreen_disable_vrfy_command</value></option>
+ <option><name>postscreen_non_smtp_command_enable</name><value>postscreen_non_smtp_command_enable</value></option>
+ <option><name>postscreen_pipelining_enable</name><value>postscreen_pipelining_enable</value></option>
+ <option><name>postscreen_greet_check</name><value>postscreen_greet_check</value></option>
+ </options>
+ <rows>10</rows>
+ <multiple/>
+ </field>
+ <field>
+ <fielddescr>Soft Bounce</fielddescr>
+ <fieldname>soft_bounce</fieldname>
+ <type>select</type>
+ <options>
+ <option><name>Enabled only in postscreen</name><value>postscreen</value></option>
+ <option><name>Enabled</name><value>enabled</value></option>
+ <option><name>Disabled</name><value>disabled</value></option>
+ </options>
+ <description><![CDATA[Safety net to keep mail queued that would otherwise be returned to the sender.<br>
+ This parameter disables locally-generated bounces, and prevents the Postfix SMTP server from rejecting mail permanently, by changing 5xx reply codes into 4xx.<br>
+ However, soft_bounce is no cure for address rewriting mistakes or mail routing mistakes.]]>
+ </description>
+ </field>
+ <field>
+ <fielddescr>RBL server List</fielddescr>
+ <fieldname>rbl_servers</fieldname>
+ <description><![CDATA[
+ ex: dnsbl.sorbs.net, bl.spamcop.net*2, dnslb.local*-5, cbl.abuseat.org, b.barracudacentral.org, dnsbl.invaluement.com<BR>
+ Check some rbl servers at http://www.anti-abuse.org/multi-rbl-check/<br><br>
+ You can also create a local rbl dns server to whitelist some hosts/domains<br>
+ See how it works in http://www.postfix.org/postconf.5.html#postscreen_dnsbl_sites]]>
+ </description>
+ <type>textarea</type>
+ <cols>70</cols>
+ <rows>03</rows>
+ </field>
+ <field>
+ <fielddescr>RBL threshold</fielddescr>
+ <fieldname>rbl_threshold</fieldname>
+ <description>How many RBL Lists Postscreen must find clien's ip address to block sender.</description>
+ <type>select</type>
+ <options>
+ <option><name>1</name><value>1</value></option>
+ <option><name>2</name><value>2</value></option>
+ <option><name>3</name><value>3</value></option>
+ <option><name>4</name><value>4</value></option>
+ <option><name>5</name><value>5</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>SPF lookup</fielddescr>
+ <fieldname>postfix_spf</fieldname>
+ <type>checkbox</type>
+ <description>
+ <![CDATA[<a target=_new href='http://www.openspf.org/Introduction'>The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.</a>]]>
+ </description>
+ </field>
+ <field>
+ <name><![CDATA[Third part Antispam Settings ]]></name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Use Third part antispam</fielddescr>
+ <fieldname>antispam_enabled</fieldname>
+ <type>checkbox</type>
+ <description></description>
+ </field>
+ <field>
+ <fielddescr>Software</fielddescr>
+ <fieldname>antispam_software</fieldname>
+ <description>Select Third part solution to use. See postfix forwarder package info page for instaling instructions</description>
+ <type>select</type>
+ <options>
+ <option><name>Mailscanner + Spamassassin + clamav</name><value>mailscanner</value></option>
+ <option><name>Policyd v2 + amavis</name><value>policyd2</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Policydv2 Location</fielddescr>
+ <fieldname>antispam_location</fieldname>
+ <description>inet:ipaddress:port of antispam server if it is not installed local.</description>
+ <type>input</type>
+ <size>50</size>
+ </field>
+ </fields>
+ <custom_php_install_command>
+ postfix_php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ postfix_php_deinstall_command();
+ </custom_php_deinstall_command>
+ <custom_php_validation_command>
+ postfix_validate_input($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ sync_package_postfix();
+ </custom_php_resync_config_command>
+</packagegui>
diff --git a/config/postfix/postfix_recipients.php b/config/postfix/postfix_recipients.php
new file mode 100644
index 00000000..0deb2f79
--- /dev/null
+++ b/config/postfix/postfix_recipients.php
@@ -0,0 +1,4 @@
+<?php
+require_once ('/usr/local/pkg/postfix.inc');
+sync_relay_recipients("cron");
+?> \ No newline at end of file
diff --git a/config/postfix/postfix_recipients.xml b/config/postfix/postfix_recipients.xml
new file mode 100644
index 00000000..450b6df4
--- /dev/null
+++ b/config/postfix/postfix_recipients.xml
@@ -0,0 +1,208 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ postfix_recipients.xml
+ part of the Postfix package for pfSense
+ Copyright (C) 2011 Marcello Coutinho
+ All rights reserved.
+*/
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>postfixrecipients</name>
+ <version>1.0</version>
+ <title>Services: Postfix relay and antispam</title>
+ <include_file>/usr/local/pkg/postfix.inc</include_file>
+ <menu>
+ <name>Postfix Antispam and mail Relay</name>
+ <tooltiptext>Configure Postfix Forwarder</tooltiptext>
+ <section>Services</section>
+ <url>pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>postfix</name>
+ <rcfile>postfix.sh</rcfile>
+ <executable>master</executable>
+ </service>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_acl.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_antispam.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_sync.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_view_config.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+<tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>ACLs / Filter Maps</text>
+ <url>/pkg_edit.php?xml=postfix_acl.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Valid recipients</text>
+ <url>/pkg_edit.php?xml=postfix_recipients.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>Antispam</text>
+ <url>/pkg_edit.php?xml=postfix_antispam.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=postfix_sync.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>View config files</text>
+ <url>/postfix_view_config.php</url>
+ </tab>
+</tabs>
+ <fields>
+ <field>
+ <name>Get Valid recipients from Active Directory</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable LDAP fetch</fielddescr>
+ <fieldname>enable_ldap</fieldname>
+ <type>checkbox</type>
+ <description><![CDATA[Extract valid email addresses from Active Directory.<br>
+ Before using LDAP fetch you must install p5-perl-ldap package(hint: <strong>/usr/sbin/pkg_add -r p5-perl-ldap</strong>)]]></description>
+ </field>
+ <field>
+ <fielddescr>Frequency</fielddescr>
+ <fieldname>freq</fieldname>
+ <description>Wait time between each fetch HINT 30m(30 minutes), 1h(one hour), 1d(one day)</description>
+ <type>input</type>
+ <size>15</size>
+ </field>
+ <field>
+ <fielddescr><![CDATA[<strong>HINTS</strong><br>Hostname:<br>dc1.mysite.com<br><br>Domain:<br>dc=mysite,dc=com<br><br>Username:<br>cn=antispam,cn=Users<br>]]></fielddescr>
+ <fieldname>none</fieldname>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>Hostname</fielddescr>
+ <fieldname>dc</fieldname>
+ <type>input</type>
+ <size>20</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Domain</fielddescr>
+ <fieldname>cn</fieldname>
+ <type>input</type>
+ <size>22</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Username</fielddescr>
+ <fieldname>username</fieldname>
+ <type>input</type>
+ <size>20</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Password</fielddescr>
+ <fieldname>password</fieldname>
+ <type>password</type>
+ <size>10</size>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+ <field>
+ <name>Get Valid recipients from local file</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Location</fielddescr>
+ <name>location</name>
+ <type>input</type>
+ <size>80</size>
+ </field>
+ <field>
+ <name>Custom Valid recipients</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Custom list</fielddescr>
+ <fieldname>custom_recipients</fieldname>
+ <description><![CDATA[Paste your valid recipients here, one per line. <strong>HINT user@mycompany.com OK</strong>]]></description>
+ <type>textarea</type>
+ <cols>60</cols>
+ <rows>15</rows>
+ <encoding>base64</encoding>
+ </field>
+ </fields>
+ <custom_php_install_command>
+ postfix_php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ postfix_php_deinstall_command();
+ </custom_php_deinstall_command>
+ <custom_php_validation_command>
+ postfix_validate_input($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ sync_package_postfix();
+ </custom_php_resync_config_command>
+</packagegui>
diff --git a/config/postfix/postfix_sync.xml b/config/postfix/postfix_sync.xml
new file mode 100644
index 00000000..f859e795
--- /dev/null
+++ b/config/postfix/postfix_sync.xml
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+ <copyright>
+ <![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+ postfix_sync.xml
+ part of the Postfix package for pfSense
+ Copyright (C) 2010 Marcello Coutinho
+ All rights reserved.
+ */
+/* ========================================================================== */
+/*
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
+/* ========================================================================== */
+ ]]>
+ </copyright>
+ <description>Describe your package here</description>
+ <requirements>Describe your package requirements here</requirements>
+ <faq>Currently there are no FAQ items provided.</faq>
+ <name>postfix_sync</name>
+ <version>1.0</version>
+ <title>Services: Postfix relay and antispam</title>
+ <include_file>/usr/local/pkg/postfix.inc</include_file>
+ <menu>
+ <name>Postfix Antispam and mail Relay</name>
+ <tooltiptext>Configure Postfix Forwarder</tooltiptext>
+ <section>Services</section>
+ <url>pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ </menu>
+ <service>
+ <name>postfix</name>
+ <rcfile>postfix.sh</rcfile>
+ <executable>master</executable>
+ </service>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix.inc</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_acl.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_antispam.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_sync.xml</item>
+ <prefix>/usr/local/pkg/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_view_config.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+ <additional_files_needed>
+ <item>http://www.pfsense.org/packages/config/postfix/postfix_recipients.php</item>
+ <prefix>/usr/local/www/</prefix>
+ <chmod>0755</chmod>
+ </additional_files_needed>
+<tabs>
+ <tab>
+ <text>General</text>
+ <url>/pkg_edit.php?xml=postfix.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>ACLs / Filter Maps</text>
+ <url>/pkg_edit.php?xml=postfix_acl.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Valid recipients</text>
+ <url>/pkg_edit.php?xml=postfix_recipients.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>Antispam</text>
+ <url>/pkg_edit.php?xml=postfix_antispam.xml&amp;id=0</url>
+ </tab>
+ <tab>
+ <text>XMLRPC Sync</text>
+ <url>/pkg_edit.php?xml=postfix_sync.xml&amp;id=0</url>
+ <active/>
+ </tab>
+ <tab>
+ <text>View config files</text>
+ <url>/postfix_view_config.php</url>
+ </tab>
+</tabs>
+ <fields>
+ <field>
+ <name>Postfix XMLRPC Sync</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Automatically sync Postfix configuration changes</fielddescr>
+ <fieldname>synconchanges</fieldname>
+ <description>pfSense will automatically sync changes to the hosts defined below.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Remote Server</fielddescr>
+ <fieldname>none</fieldname>
+ <type>rowhelper</type>
+ <rowhelper>
+ <rowhelperfield>
+ <fielddescr>IP Address</fielddescr>
+ <fieldname>ipaddress</fieldname>
+ <description>IP Address of remote server</description>
+ <type>input</type>
+ <size>20</size>
+ </rowhelperfield>
+ <rowhelperfield>
+ <fielddescr>Password</fielddescr>
+ <fieldname>password</fieldname>
+ <description>Password for remote server.</description>
+ <type>password</type>
+ <size>20</size>
+ </rowhelperfield>
+ </rowhelper>
+ </field>
+ </fields>
+ <custom_php_install_command>
+ postfix_php_install_command();
+ </custom_php_install_command>
+ <custom_php_deinstall_command>
+ postfix_php_deinstall_command();
+ </custom_php_deinstall_command>
+ <custom_php_validation_command>
+ postfix_validate_input($_POST, &amp;$input_errors);
+ </custom_php_validation_command>
+ <custom_php_resync_config_command>
+ sync_package_postfix();
+ </custom_php_resync_config_command>
+</packagegui>
diff --git a/config/postfix/postfix_syslog.php b/config/postfix/postfix_syslog.php
new file mode 100644
index 00000000..5901c775
--- /dev/null
+++ b/config/postfix/postfix_syslog.php
@@ -0,0 +1,5 @@
+<?php
+require_once("/etc/inc/pkg-utils.inc");
+require_once("/etc/inc/system.inc");
+system_syslogd_start();
+?>
diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php
new file mode 100644
index 00000000..1b3e9fc5
--- /dev/null
+++ b/config/postfix/postfix_view_config.php
@@ -0,0 +1,111 @@
+<?php
+/*
+ postfix_view_config.php
+ part of pfSense (http://www.pfsense.com/)
+ Copyright (C) 2010 Marcello Coutinho <marcellocoutinho@gmail.com>
+ based on varnish_view_config.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
+if(strstr($pfSversion, "1.2"))
+ $one_two = true;
+
+$pgtitle = "Postfix: View Configuration";
+include("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+
+<?php if($one_two): ?>
+<p class="pgtitle"><?=$pgtitle?></font></p>
+<?php endif; ?>
+
+<?php if ($savemsg) print_info_box($savemsg); ?>
+
+<form action="postfix_view_config.php" method="post">
+
+<div id="mainlevel">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=postfix.xml&id=0");
+ $tab_array[] = array(gettext("ACLs / Filter Maps"), false, "/pkg_edit.php?xml=postfix_acl.xml&id=0");
+ $tab_array[] = array(gettext("Valid Recipients"), false, "/pkg_edit.php?xml=postfix_recipients.xml&id=0");
+ $tab_array[] = array(gettext("Antispam"), false, "/pkg_edit.php?xml=postfix_antispam.xml&id=0");
+ $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=postfix_sync.xml&id=0");
+ $tab_array[] = array(gettext("View config files"), true, "/postfix_view_config.php");
+
+ display_top_tabs($tab_array);
+?>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabcont" >
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=0'" value="main.cf">&nbsp;
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=1'" value="master.cf">&nbsp;
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=2'" value="relay_recipients">&nbsp;
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=3'" value="header_check">&nbsp;
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=4'" value="mime_check">&nbsp;
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=5'" value="body_check">&nbsp;
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=6'" value="clients CIDR">&nbsp;
+ <input type="button" onClick="location.href='./postfix_view_config.php?file=7'" value="clients REGEXP">&nbsp;
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont" >
+ <textarea id="varnishlogs" rows="50" cols="100%">
+<?php
+ $files_array[]="/usr/local/etc/postfix/main.cf";
+ $files_array[]="/usr/local/etc/postfix/master.cf";
+ $files_array[]="/usr/local/etc/postfix/relay_recipients";
+ $files_array[]="/usr/local/etc/postfix/header_check";
+ $files_array[]="/usr/local/etc/postfix/mime_check";
+ $files_array[]="/usr/local/etc/postfix/body_check";
+ $files_array[]="/usr/local/etc/postfix/clients_cidr";
+ $files_array[]="/usr/local/etc/postfix/clients_regexp";
+ $id=($_REQUEST['file']?$_REQUEST['file']:"0");
+ $config_file = file_get_contents("$files_array[$id]");
+ echo $files_array[$id]."\n".$config_file;
+?>
+ </textarea>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+ </table>
+</div>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 8e81d16a..7bd47934 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -80,34 +80,36 @@ if ($_POST['save'])
write_config();
header("Location: /snort/snort_alerts.php");
+ exit;
}
}
if ($_POST['delete'])
{
- conf_mount_rw();
if(file_exists('/var/log/snort/alert'))
{
+ conf_mount_rw();
@file_put_content("/var/log/snort/alert", "");
post_delete_logs();
mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
mwexec('/bin/chmod 660 /var/log/snort/*', true);
- sleep(2);
mwexec('/usr/bin/killall -HUP snort', true);
+ conf_mount_ro();
+
+ header("Location: /snort/snort_alerts.php");
+ exit;
}
- conf_mount_ro();
}
if ($_POST['download'])
{
- ob_start(); //importanr or other post will fail
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}.tar.gz";
- exec("/usr/bin/tar cfz /tmp/snort_logs_{$save_date}.tar.gz /var/log/snort");
+ exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort");
- if (file_exists("/tmp/snort_logs_{$save_date}.tar.gz")) {
+ if (file_exists("/tmp/{$file_name}")) {
$file = "/tmp/snort_logs_{$save_date}.tar.gz";
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
header("Pragma: private"); // needed for IE
@@ -117,10 +119,11 @@ if ($_POST['download'])
header("Content-length: ".filesize($file));
header("Content-disposition: attachment; filename = {$file_name}");
readfile("$file");
- exec("/bin/rm /tmp/snort_logs_{$save_date}.tar.gz");
- od_end_clean(); //importanr or other post will fail
- } else
- echo 'Error no saved file.';
+ exec("/bin/rm /tmp/{$file_name}");
+ }
+
+ header("Location: /snort/snort_alerts.php");
+ exit;
}
diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php
index 97efa0b7..995dc4bc 100644
--- a/config/snort/snort_check_for_rule_updates.php
+++ b/config/snort/snort_check_for_rule_updates.php
@@ -150,7 +150,7 @@ if ($emergingthreats == 'on')
update_status(gettext("Downloading emergingthreats md5 file..."));
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz.md5');
+ $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
@file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
update_status(gettext("Done downloading emergingthreats md5"));
}
@@ -286,7 +286,7 @@ if ($emergingthreats == "on")
}else{
update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
+ download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
update_status(gettext('Done downloading Emergingthreats rules file.'));
}
}
@@ -340,11 +340,9 @@ if ($snortdownload == 'on')
if (file_exists("{$tmpfname}/{$snort_filename}")) {
if ($pfsense_stable == 'yes')
- {
$freebsd_version_so = 'FreeBSD-7-2';
- }else{
- $freebsd_version_so = 'FreeBSD-8-0';
- }
+ else
+ $freebsd_version_so = 'FreeBSD-8-1';
update_status(gettext("Extracting Snort.org rules..."));
update_output_window(gettext("May take a while..."));
@@ -356,14 +354,17 @@ if ($snortdownload == 'on')
sleep(2);
exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
- /* extract so rules on for x86 for now */
- /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */
+ /* extract so rules */
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
if($snort_arch == 'x86'){
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ } else if ($snort_arch == 'x64') {
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ }
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
" so_rules/chat.rules/" .
" so_rules/dos.rules/" .
" so_rules/exploit.rules/" .
@@ -412,7 +413,6 @@ if ($snortdownload == 'on')
update_output_window(gettext("Error Line 755"));
$snortdownload = 'off';
}
- }
}
/* Untar emergingthreats rules to tmp */
@@ -633,11 +633,6 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
/* might have to add a sleep for 3sec for flash drives or old drives */
exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
- /* TODO: Remove this code when x64 so rules are ready */
- if($snort_arch == 'x64'){
- exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules");
- }
-
}
}
}
diff --git a/config/snort/snort_download_rules.php b/config/snort/snort_download_rules.php
index c7b98b25..b3a0fd80 100644
--- a/config/snort/snort_download_rules.php
+++ b/config/snort/snort_download_rules.php
@@ -203,7 +203,7 @@ if ($emergingthreats == 'on')
update_status(gettext("Downloading emergingthreats md5 file..."));
ini_set('user_agent','Mozilla/4.0 (compatible; MSIE 6.0)');
// $image = @file_get_contents("http://www.mtest.local/pub-bin/oinkmaster.cgi/{$oinkid}/version.txt");
- $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz.md5');
+ $image = @file_get_contents('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz.md5');
@file_put_contents("{$tmpfname}/{$emergingthreats_filename_md5}", $image);
update_status(gettext("Done downloading emergingthreats md5"));
}
@@ -346,7 +346,7 @@ if ($emergingthreats == "on")
}else{
update_status(gettext("There is a new set of Emergingthreats rules posted. Downloading..."));
update_output_window(gettext("May take 4 to 10 min..."));
- download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
+ download_file_with_progress_bar('http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz', "{$tmpfname}/{$emergingthreats_filename}");
update_status(gettext('Done downloading Emergingthreats rules file.'));
}
}
@@ -404,7 +404,7 @@ if ($snortdownload == 'on')
{
$freebsd_version_so = 'FreeBSD-7-2';
}else{
- $freebsd_version_so = 'FreeBSD-8-0';
+ $freebsd_version_so = 'FreeBSD-8-1';
}
update_status(gettext("Extracting Snort.org rules..."));
@@ -417,14 +417,18 @@ if ($snortdownload == 'on')
sleep(2);
exec('/usr/local/bin/perl /usr/local/bin/snort_rename.pl s/^/snort_/ *.rules');
- /* extract so rules on for x86 for now */
- /* TODO: ask snort.org to build x64 version of so rules for Freebsd 8.1 Sept 05,2010 */
- if($snort_arch == 'x86'){
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/");
- exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
- exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.8.6.1/* /usr/local/lib/snort/dynamicrules/");
- /* extract so rules none bin and rename */
- exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
+ /* extract so rules */
+ exec('/bin/mkdir -p /usr/local/lib/snort/dynamicrules/');
+ if($snort_arch == 'x86') {
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/");
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/i386/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ } else if ($snort_arch == 'x64') {
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/");
+ exec("/bin/mv -f {$snortdir}/so_rules/precompiled/$freebsd_version_so/x86-64/2.9.0.5/* /usr/local/lib/snort/dynamicrules/");
+ }
+ /* extract so rules none bin and rename */
+ exec("/usr/bin/tar xzf {$tmpfname}/{$snort_filename} -C {$snortdir} so_rules/bad-traffic.rules/" .
" so_rules/chat.rules/" .
" so_rules/dos.rules/" .
" so_rules/exploit.rules/" .
@@ -473,7 +477,6 @@ if ($snortdownload == 'on')
update_output_window(gettext("Error Line 755"));
$snortdownload = 'off';
}
- }
}
/* Untar emergingthreats rules to tmp */
@@ -693,12 +696,6 @@ function oinkmaster_run($id, $if_real, $iface_uuid)
/* might have to add a sleep for 3sec for flash drives or old drives */
exec("/usr/local/bin/perl /usr/local/bin/oinkmaster.pl -C /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/oinkmaster_{$iface_uuid}_{$if_real}.conf -o /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules > /usr/local/etc/snort/oinkmaster_{$iface_uuid}_{$if_real}.log");
-
- /* TODO: Remove this code when x64 so rules are ready */
- if($snort_arch == 'x64'){
- exec("/bin/rm -r /usr/local/etc/snort/snort_{$iface_uuid}_{$if_real}/rules/*.so.rules");
- }
-
}
}
}
diff --git a/config/snort/snort_rules_edit.php b/config/snort/snort_rules_edit.php
index 266750fa..330630f4 100644
--- a/config/snort/snort_rules_edit.php
+++ b/config/snort/snort_rules_edit.php
@@ -86,6 +86,16 @@ if (strstr($splitcontents[$lineid], $findme))
if ($highlight == "no")
$splitcontents[$lineid] = substr($splitcontents[$lineid], 2);
+if (!function_exists('get_middle')) {
+ function get_middle($source, $beginning, $ending, $init_pos) {
+ $beginning_pos = strpos($source, $beginning, $init_pos);
+ $middle_pos = $beginning_pos + strlen($beginning);
+ $ending_pos = strpos($source, $ending, $beginning_pos);
+ $middle = substr($source, $middle_pos, $ending_pos - $middle_pos);
+ return $middle;
+ }
+}
+
if ($_POST) {
if ($_POST['save']) {
diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index 7a31f750..ad98ab14 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -690,6 +690,7 @@ function squid_resync_cache() {
$memory_cache_size = ($settings['memory_cache_size'] ? $settings['memory_cache_size'] : 8);
$max_objsize = ($settings['maximum_object_size'] ? $settings['maximum_object_size'] : 10);
$min_objsize = ($settings['minimum_object_size'] ? $settings['minimum_object_size'] : 0);
+ $max_objsize_in_mem = ($settings['maximum_objsize_in_mem'] ? $settings['maximum_objsize_in_mem'] : 32);
$cache_policy = ($settings['cache_replacement_policy'] ? $settings['cache_replacement_policy'] : 'heap LFUDA');
$memory_policy = ($settings['memory_replacement_policy'] ? $settings['memory_replacement_policy'] : 'heap GDSF');
$offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off');
@@ -712,7 +713,7 @@ function squid_resync_cache() {
$conf = <<<EOD
cache_mem $memory_cache_size MB
-maximum_object_size_in_memory 32 KB
+maximum_object_size_in_memory $max_objsize_in_mem KB
memory_replacement_policy $memory_policy
cache_replacement_policy $cache_policy
cache_dir $disk_cache_opts
diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml
index 04b3f91c..ff73d1ed 100644
--- a/config/unbound/unbound.xml
+++ b/config/unbound/unbound.xml
@@ -47,7 +47,7 @@
<name>Unbound DNS</name>
<tooltiptext>Setup Unbound specific settings</tooltiptext>
<section>Services</section>
- <url>pkg_edit.php?xml=unbound.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=unbound.xml&amp;id=0</url>
</menu>
<service>
<name>unbound</name>
diff --git a/config/unbound/unbound_acls.xml b/config/unbound/unbound_acls.xml
index 992a9c63..7c6840ce 100644
--- a/config/unbound/unbound_acls.xml
+++ b/config/unbound/unbound_acls.xml
@@ -47,7 +47,7 @@
<name>Unbound DNS</name>
<tooltiptext>Setup Unbound specific settings</tooltiptext>
<section>Services</section>
- <url>pkg_edit.php?xml=unbound.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=unbound.xml&amp;id=0</url>
</menu>
<tabs>
<tab>
diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml
index 03ba8157..10449b2d 100644
--- a/config/unbound/unbound_advanced.xml
+++ b/config/unbound/unbound_advanced.xml
@@ -47,7 +47,7 @@
<name>Unbound DNS</name>
<tooltiptext>Setup Unbound specific settings</tooltiptext>
<section>Services</section>
- <url>pkg_edit.php?xml=unbound.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=unbound.xml&amp;id=0</url>
</menu>
<service>
<name>unbound</name>