From c8de1625e3014dd62eb12e72472e18112242b78e Mon Sep 17 00:00:00 2001 From: Marcello Coutinho Date: Wed, 14 Sep 2011 15:41:36 -0300 Subject: Postfix - Include native SPF extra options Include sysctl sets on startup script Remove some old code from postfix.inc --- config/postfix/postfix.inc | 74 ++++++++++++---------------------- config/postfix/postfix_antispam.xml | 12 ++++-- config/postfix/postfix_view_config.php | 2 +- pkg_config.8.xml | 6 +-- pkg_config.8.xml.amd64 | 6 +-- 5 files changed, 42 insertions(+), 58 deletions(-) diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index 7ba67e56..e8152be7 100644 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -3,6 +3,8 @@ postfix.inc part of the Postfix package for pfSense Copyright (C) 2010 Erik Fonnesbeck + Copyright (C) 2011 Marcello Coutinho + All rights reserved. Redistribution and use in source and binary forms, with or without @@ -198,46 +200,7 @@ function sync_package_postfix() { #restart syslog daemon system_syslogd_start(); } - - /* - #insert new syslog definition - if (preg_match("/.*mail.crit.(.*)/",$line,$matches)){ - if ($postfix_config['log_to'] == "/var/log/system.log"){ - system("/usr/bin/touch /var/log/maillog"); - $new_sys_log .= $postfix_log.$matches[1]."\n".$line; - } - else - {$new_sys_log .= $postfix_log.$postfix_log_sufix."\n".$line;} - } - else{ - #remove previous syslog definition - $new_sys_log .= (preg_match("/mail.(info|debug|log)/",$line)?"":$line); - } - } - file_put_contents($sys_log_file,$new_sys_log, LOCK_EX); - - } - - #update /var/etc/syslog.conf - $sys_log_file="/var/etc/syslog.conf"; - $sys_log = file($sys_log_file); - $postfix_log .= $postfix_log_sufix; - $new_sys_log=""; - foreach ($sys_log as $line) - $new_sys_log.=(preg_match("/mail.(info|debug|log)/",$line)?$postfix_log."\n":$line); - #include if conf does not exist in crontab - $new_sys_log.=(!preg_match("/mail.(info|debug|log)/",$new_sys_log)?"\n".$postfix_log."\n\n":""); - file_put_contents($sys_log_file,$new_sys_log, LOCK_EX); - #check crontab changes - $md5_new_file = trim(md5_file($sys_log_file)); - $md5_old_file = trim(file_get_contents($sys_log_file.'.md5')); - if($md5_new_file <> $md5_old_file){ - mwexec('/usr/bin/killall -HUP syslogd'); - file_put_contents($sys_log_file.'.md5',$md5_new_file, LOCK_EX); - } - */ - #} - + #check_debug if($postfix_config['debug_list'] && $postfix_config['debug_list']!=""){ $check_debug ="\n#Debugging postfix\n"; @@ -388,7 +351,18 @@ smtpd_recipient_restrictions = reject_unauth_destination, EOF; } #check spf option -$spf=($antispam['postfix_spf']?"check_policy_service unix:private/spf,\n\t\t\t\t":""); +switch($antispam['postfix_spf']){ + case 'spf_mark_only': + $postfix_main.= "spf_mark_only = yes\n"; + $spf="reject_spf_invalid_sender,\n\t\t\t\t"; + break; + case 'disable': + $spf=""; + break; + default: + $spf=$antispam['postfix_spf'].",\n\t\t\t\t"; + break; +} $postfix_main=preg_replace("/SPFSPFSPF/",$spf,$postfix_main); $postfix_main .= $postfix_main_antispam.$check_debug; switch ($antispam['zombie_blocker']) @@ -513,8 +487,6 @@ virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache -spf unix - n n - - spawn - user=nobody argv=/usr/local/sbin/postfix-policyd-spf MASTEREOF2; @@ -545,7 +517,16 @@ MASTEREOF2; } function postfix_start(){ global $config; - $start = "/usr/local/sbin/postfix start\n"; + $start=<< "postfix.sh", "start" => $start, "stop" => $stop)); @@ -556,7 +537,7 @@ function postfix_start(){ if ($config['installedpackages']['postfix']['config'][0]['enable_postfix']){ log_error("Reloading/starting postfix"); system('/bin/chmod +x /usr/local/etc/rc.d/postfix.sh'); - mwexec_bg("/usr/local/sbin/postfix reload || /usr/local/sbin/postfix start"); + mwexec_bg("/usr/local/sbin/postfix reload || /usr/local/etc/rc.d/postfix.sh start"); log_error("Postfix setup completed"); } else{ @@ -593,9 +574,6 @@ function postfix_validate_input($post, &$input_errors) { } function postfix_php_install_command() { - #small freebsd packages for full functional ldap and spf options - system('/usr/sbin/pkg_add -r postfix-policyd-spf'); - #system('/usr/sbin/pkg_add -r p5-perl-ldap'); sync_package_postfix(); } diff --git a/config/postfix/postfix_antispam.xml b/config/postfix/postfix_antispam.xml index b014da03..fa518efa 100644 --- a/config/postfix/postfix_antispam.xml +++ b/config/postfix/postfix_antispam.xml @@ -174,7 +174,7 @@ - 10 + 06 @@ -202,7 +202,7 @@ textarea 70 - 03 + 05 RBL threshold @@ -220,7 +220,13 @@ SPF lookup postfix_spf - checkbox + select + + + + + + The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery.]]> diff --git a/config/postfix/postfix_view_config.php b/config/postfix/postfix_view_config.php index 0f92574f..c73e9cb4 100644 --- a/config/postfix/postfix_view_config.php +++ b/config/postfix/postfix_view_config.php @@ -86,7 +86,7 @@ include("head.inc"); http://www.postfix.org/ It can do first and second line antispam combat before sending incoming mail to local mail servers.
- Postfix also can check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]>
+ Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]> Services http://www.pfsense.com/packages/config/postfix/postfix.xml http://files.pfsense.org/packages/8/All/ postfix-2.8.5,1.tbz - 2.8.5,1 pkg v.2.0.2 - Beta + 2.8.5,1 pkg v.2.1 + RC1 2.0 postfix.xml /usr/ports/mail/postfix diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 052cd7f0..5cc53755 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -427,13 +427,13 @@ http://www.postfix.org/ It can do first and second line antispam combat before sending incoming mail to local mail servers.
- Postfix also can check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]>
+ Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]> Services http://www.pfsense.com/packages/config/postfix/postfix.xml http://files.pfsense.org/packages/amd64/8/All/ postfix-2.8.5,1.tbz - 2.8.5,1 pkg v.2.0.2 - Beta + 2.8.5,1 pkg v.2.1 + RC1 2.0 postfix.xml /usr/ports/mail/postfix -- cgit v1.2.3