2017-12-09 09:08:18 +01:00
|
|
|
<?php
|
|
|
|
// File size is limited by Nginx site to 10M
|
|
|
|
// To speed things up, we do not include prerequisites
|
|
|
|
header('Content-Type: text/plain');
|
|
|
|
require_once "vars.inc.php";
|
|
|
|
// Do not show errors, we log to using error_log
|
|
|
|
ini_set('error_reporting', 0);
|
|
|
|
// Init database
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
|
|
|
//$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
|
|
|
|
$dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
|
2017-12-09 09:08:18 +01:00
|
|
|
$opt = [
|
|
|
|
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
|
|
|
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
|
|
|
PDO::ATTR_EMULATE_PREPARES => false,
|
|
|
|
];
|
|
|
|
try {
|
|
|
|
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
|
|
|
|
}
|
|
|
|
catch (PDOException $e) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: " . $e);
|
2017-12-09 09:08:18 +01:00
|
|
|
http_response_code(501);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
// Init Redis
|
|
|
|
$redis = new Redis();
|
|
|
|
$redis->connect('redis-mailcow', 6379);
|
|
|
|
|
|
|
|
// Functions
|
|
|
|
function parse_email($email) {
|
|
|
|
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
|
|
|
|
$a = strrpos($email, '@');
|
|
|
|
return array('local' => substr($email, 0, $a), 'domain' => substr(substr($email, $a), 1));
|
|
|
|
}
|
|
|
|
if (!function_exists('getallheaders')) {
|
|
|
|
function getallheaders() {
|
|
|
|
if (!is_array($_SERVER)) {
|
|
|
|
return array();
|
|
|
|
}
|
|
|
|
$headers = array();
|
|
|
|
foreach ($_SERVER as $name => $value) {
|
|
|
|
if (substr($name, 0, 5) == 'HTTP_') {
|
|
|
|
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $headers;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-26 13:51:55 +02:00
|
|
|
$raw_data_content = file_get_contents('php://input');
|
|
|
|
$raw_data = mb_convert_encoding($raw_data_content, 'HTML-ENTITIES', "UTF-8");
|
2017-12-09 09:08:18 +01:00
|
|
|
$headers = getallheaders();
|
|
|
|
|
|
|
|
$qid = $headers['X-Rspamd-Qid'];
|
2019-01-17 22:00:18 +01:00
|
|
|
$subject = $headers['X-Rspamd-Subject'];
|
2017-12-09 09:08:18 +01:00
|
|
|
$score = $headers['X-Rspamd-Score'];
|
|
|
|
$rcpts = $headers['X-Rspamd-Rcpt'];
|
|
|
|
$user = $headers['X-Rspamd-User'];
|
|
|
|
$ip = $headers['X-Rspamd-Ip'];
|
|
|
|
$action = $headers['X-Rspamd-Action'];
|
|
|
|
$sender = $headers['X-Rspamd-From'];
|
|
|
|
$symbols = $headers['X-Rspamd-Symbols'];
|
|
|
|
|
|
|
|
$raw_size = (int)$_SERVER['CONTENT_LENGTH'];
|
|
|
|
|
2020-03-03 19:10:28 +01:00
|
|
|
if (empty($sender)) {
|
2020-04-08 21:55:17 +02:00
|
|
|
error_log("QUARANTINE: Unknown sender, assuming empty-env-from@localhost");
|
|
|
|
$sender = 'empty-env-from@localhost';
|
2020-03-03 19:10:28 +01:00
|
|
|
}
|
|
|
|
|
2017-12-09 09:08:18 +01:00
|
|
|
try {
|
2018-10-11 11:55:52 +02:00
|
|
|
$max_size = (int)$redis->Get('Q_MAX_SIZE');
|
|
|
|
if (($max_size * 1048576) < $raw_size) {
|
|
|
|
error_log(sprintf("QUARANTINE: Message too large: %d b exceeds %d b", $raw_size, ($max_size * 1048576)));
|
|
|
|
http_response_code(505);
|
|
|
|
exit;
|
2017-12-09 09:08:18 +01:00
|
|
|
}
|
|
|
|
if ($exclude_domains = $redis->Get('Q_EXCLUDE_DOMAINS')) {
|
|
|
|
$exclude_domains = json_decode($exclude_domains, true);
|
|
|
|
}
|
|
|
|
$retention_size = (int)$redis->Get('Q_RETENTION_SIZE');
|
|
|
|
}
|
|
|
|
catch (RedisException $e) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: " . $e);
|
2017-12-09 09:08:18 +01:00
|
|
|
http_response_code(504);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2018-01-17 15:22:11 +01:00
|
|
|
$rcpt_final_mailboxes = array();
|
|
|
|
|
|
|
|
// Loop through all rcpts
|
2017-12-09 09:08:18 +01:00
|
|
|
foreach (json_decode($rcpts, true) as $rcpt) {
|
2019-03-11 15:29:30 +01:00
|
|
|
// Remove tag
|
|
|
|
$rcpt = preg_replace('/^(.*?)\+.*(@.*)$/', '$1$2', $rcpt);
|
|
|
|
|
2018-01-17 15:22:11 +01:00
|
|
|
// Break rcpt into local part and domain part
|
|
|
|
$parsed_rcpt = parse_email($rcpt);
|
|
|
|
|
|
|
|
// Skip if not a mailcow handled domain
|
|
|
|
try {
|
|
|
|
if (!$redis->hGet('DOMAIN_MAP', $parsed_rcpt['domain'])) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
catch (RedisException $e) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: " . $e);
|
2018-01-17 15:22:11 +01:00
|
|
|
http_response_code(504);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Skip if domain is excluded
|
|
|
|
if (in_array($parsed_rcpt['domain'], $exclude_domains)) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log(sprintf("QUARANTINE: Skipped domain %s", $parsed_rcpt['domain']));
|
2017-12-09 09:08:18 +01:00
|
|
|
continue;
|
|
|
|
}
|
2018-01-17 15:22:11 +01:00
|
|
|
|
|
|
|
// Always assume rcpt is not a final mailbox but an alias for a mailbox or further aliases
|
|
|
|
//
|
|
|
|
// rcpt
|
|
|
|
// |
|
|
|
|
// mailbox <-- goto ---> alias1, alias2, mailbox2
|
|
|
|
// | |
|
|
|
|
// mailbox3 |
|
|
|
|
// |
|
|
|
|
// alias3 ---> mailbox4
|
|
|
|
//
|
2017-12-09 09:08:18 +01:00
|
|
|
try {
|
2018-01-17 15:22:11 +01:00
|
|
|
$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :rcpt AND `active` = '1'");
|
2017-12-09 09:08:18 +01:00
|
|
|
$stmt->execute(array(
|
2018-01-17 15:22:11 +01:00
|
|
|
':rcpt' => $rcpt
|
2017-12-09 09:08:18 +01:00
|
|
|
));
|
|
|
|
$gotos = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
|
2018-01-17 15:22:11 +01:00
|
|
|
if (empty($gotos)) {
|
|
|
|
$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :rcpt AND `active` = '1'");
|
|
|
|
$stmt->execute(array(
|
|
|
|
':rcpt' => '@' . $parsed_rcpt['domain']
|
|
|
|
));
|
|
|
|
$gotos = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
|
|
|
|
}
|
2019-05-01 00:56:12 +02:00
|
|
|
if (empty($gotos)) {
|
|
|
|
$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :rcpt AND `active` = '1'");
|
|
|
|
$stmt->execute(array(':rcpt' => $parsed_rcpt['domain']));
|
|
|
|
$goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['target_domain'];
|
|
|
|
if ($goto_branch) {
|
|
|
|
$gotos = $parsed_rcpt['local'] . '@' . $goto_branch;
|
|
|
|
}
|
|
|
|
}
|
2018-01-17 15:22:11 +01:00
|
|
|
$gotos_array = explode(',', $gotos);
|
|
|
|
|
|
|
|
$loop_c = 0;
|
|
|
|
|
|
|
|
while (count($gotos_array) != 0 && $loop_c <= 20) {
|
|
|
|
|
|
|
|
// Loop through all found gotos
|
|
|
|
foreach ($gotos_array as $index => &$goto) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: quarantine pipe: query " . $goto . " as username from mailbox");
|
2018-01-17 15:22:11 +01:00
|
|
|
$stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :goto AND `active`= '1';");
|
|
|
|
$stmt->execute(array(':goto' => $goto));
|
|
|
|
$username = $stmt->fetch(PDO::FETCH_ASSOC)['username'];
|
|
|
|
if (!empty($username)) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: quarantine pipe: mailbox found: " . $username);
|
2018-01-17 15:22:11 +01:00
|
|
|
// Current goto is a mailbox, save to rcpt_final_mailboxes if not a duplicate
|
|
|
|
if (!in_array($username, $rcpt_final_mailboxes)) {
|
|
|
|
$rcpt_final_mailboxes[] = $username;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$parsed_goto = parse_email($goto);
|
|
|
|
if (!$redis->hGet('DOMAIN_MAP', $parsed_goto['domain'])) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE:" . $goto . " is not a mailcow handled mailbox or alias address");
|
2018-01-17 15:22:11 +01:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
$stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :goto AND `active` = '1'");
|
|
|
|
$stmt->execute(array(':goto' => $goto));
|
|
|
|
$goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
|
2019-05-01 00:56:12 +02:00
|
|
|
if ($goto_branch) {
|
|
|
|
error_log("QUARANTINE: quarantine pipe: goto address " . $goto . " is a alias branch for " . $goto_branch);
|
|
|
|
$goto_branch_array = explode(',', $goto_branch);
|
|
|
|
} else {
|
|
|
|
$stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain` WHERE `alias_domain` = :domain AND `active` AND '1'");
|
|
|
|
$stmt->execute(array(':domain' => $parsed_goto['domain']));
|
|
|
|
$goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['target_domain'];
|
|
|
|
if ($goto_branch) {
|
|
|
|
error_log("QUARANTINE: quarantine pipe: goto domain " . $parsed_gto['domain'] . " is a domain alias branch for " . $goto_branch);
|
|
|
|
$goto_branch_array = array($parsed_gto['local'] . '@' . $goto_branch);
|
|
|
|
}
|
|
|
|
}
|
2018-01-17 15:22:11 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
// goto item was processed, unset
|
|
|
|
unset($gotos_array[$index]);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Merge goto branch array derived from previous loop (if any), filter duplicates and unset goto branch array
|
|
|
|
if (!empty($goto_branch_array)) {
|
|
|
|
$gotos_array = array_unique(array_merge($gotos_array, $goto_branch_array));
|
|
|
|
unset($goto_branch_array);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Reindex array
|
|
|
|
$gotos_array = array_values($gotos_array);
|
|
|
|
|
|
|
|
// Force exit if loop cannot be solved
|
|
|
|
// Postfix does not allow for alias loops, so this should never happen.
|
|
|
|
$loop_c++;
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: quarantine pipe: goto array count on loop #". $loop_c . " is " . count($gotos_array));
|
2017-12-09 09:08:18 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
catch (PDOException $e) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: " . $e->getMessage());
|
2017-12-09 09:08:18 +01:00
|
|
|
http_response_code(502);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
2018-01-17 15:22:11 +01:00
|
|
|
|
|
|
|
foreach ($rcpt_final_mailboxes as $rcpt) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: quarantine pipe: processing quarantine message for rcpt " . $rcpt);
|
2017-12-09 09:08:18 +01:00
|
|
|
try {
|
2019-01-16 10:50:34 +01:00
|
|
|
$stmt = $pdo->prepare("INSERT INTO `quarantine` (`qid`, `subject`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
|
2019-01-17 22:00:18 +01:00
|
|
|
VALUES (:qid, :subject, :score, :sender, :rcpt, :symbols, :user, :ip, :msg, :action)");
|
2017-12-09 09:08:18 +01:00
|
|
|
$stmt->execute(array(
|
|
|
|
':qid' => $qid,
|
2019-01-16 10:50:34 +01:00
|
|
|
':subject' => $subject,
|
2017-12-09 09:08:18 +01:00
|
|
|
':score' => $score,
|
|
|
|
':sender' => $sender,
|
|
|
|
':rcpt' => $rcpt,
|
|
|
|
':symbols' => $symbols,
|
|
|
|
':user' => $user,
|
|
|
|
':ip' => $ip,
|
|
|
|
':msg' => $raw_data,
|
|
|
|
':action' => $action
|
|
|
|
));
|
2018-02-08 20:13:36 +01:00
|
|
|
$stmt = $pdo->prepare('DELETE FROM `quarantine` WHERE `rcpt` = :rcpt AND `id` NOT IN (
|
2017-12-09 09:08:18 +01:00
|
|
|
SELECT `id`
|
|
|
|
FROM (
|
|
|
|
SELECT `id`
|
2018-02-08 20:13:36 +01:00
|
|
|
FROM `quarantine`
|
2018-01-17 15:22:11 +01:00
|
|
|
WHERE `rcpt` = :rcpt2
|
2017-12-09 09:08:18 +01:00
|
|
|
ORDER BY id DESC
|
|
|
|
LIMIT :retention_size
|
|
|
|
) x
|
|
|
|
);');
|
|
|
|
$stmt->execute(array(
|
|
|
|
':rcpt' => $rcpt,
|
2018-01-17 15:22:11 +01:00
|
|
|
':rcpt2' => $rcpt,
|
2017-12-09 09:08:18 +01:00
|
|
|
':retention_size' => $retention_size
|
|
|
|
));
|
|
|
|
}
|
|
|
|
catch (PDOException $e) {
|
2018-10-11 11:55:52 +02:00
|
|
|
error_log("QUARANTINE: " . $e->getMessage());
|
2017-12-09 09:08:18 +01:00
|
|
|
http_response_code(503);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|