This commit is contained in:
andryyy 2017-03-02 11:23:23 +01:00
parent 5f7fb2e7c2
commit d891bc8894
155 changed files with 26539 additions and 2916 deletions

1
.env Symbolic link
View File

@ -0,0 +1 @@
mailcow.conf

8
.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
rebuild-images.sh
data/conf/sogo/sieve.creds
data/conf/dovecot/dovecot-master.passwd
mailcow.conf
mailcow.conf_backup
data/conf/nginx/listen*active
data/web/inc/vars.local.inc.php
site/

5
README.md Normal file
View File

@ -0,0 +1,5 @@
# mailcow: dockerized - 🐮 + 🐋 = 💕
[![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=JWBSYHF4SMC68)
Please see the official documentation for instructions => [mailcow.email/dockerized](https://mailcow.email/dockerized)

View File

@ -1,124 +0,0 @@
/*
This is the GitHub theme for highlight.js
github.com style (c) Vasily Polovnyov <vast@whiteants.net>
*/
.hljs {
display: block;
overflow-x: auto;
color: #333;
-webkit-text-size-adjust: none;
}
.hljs-comment,
.diff .hljs-header,
.hljs-javadoc {
color: #998;
font-style: italic;
}
.hljs-keyword,
.css .rule .hljs-keyword,
.hljs-winutils,
.nginx .hljs-title,
.hljs-subst,
.hljs-request,
.hljs-status {
color: #333;
font-weight: bold;
}
.hljs-number,
.hljs-hexcolor,
.ruby .hljs-constant {
color: #008080;
}
.hljs-string,
.hljs-tag .hljs-value,
.hljs-phpdoc,
.hljs-dartdoc,
.tex .hljs-formula {
color: #d14;
}
.hljs-title,
.hljs-id,
.scss .hljs-preprocessor {
color: #900;
font-weight: bold;
}
.hljs-list .hljs-keyword,
.hljs-subst {
font-weight: normal;
}
.hljs-class .hljs-title,
.hljs-type,
.vhdl .hljs-literal,
.tex .hljs-command {
color: #458;
font-weight: bold;
}
.hljs-tag,
.hljs-tag .hljs-title,
.hljs-rule .hljs-property,
.django .hljs-tag .hljs-keyword {
color: #000080;
font-weight: normal;
}
.hljs-attribute,
.hljs-variable,
.lisp .hljs-body,
.hljs-name {
color: #008080;
}
.hljs-regexp {
color: #009926;
}
.hljs-symbol,
.ruby .hljs-symbol .hljs-string,
.lisp .hljs-keyword,
.clojure .hljs-keyword,
.scheme .hljs-keyword,
.tex .hljs-special,
.hljs-prompt {
color: #990073;
}
.hljs-built_in {
color: #0086b3;
}
.hljs-preprocessor,
.hljs-pragma,
.hljs-pi,
.hljs-doctype,
.hljs-shebang,
.hljs-cdata {
color: #999;
font-weight: bold;
}
.hljs-deletion {
background: #fdd;
}
.hljs-addition {
background: #dfd;
}
.diff .hljs-change {
background: #0086b3;
}
.hljs-chunk {
color: #aaa;
}

File diff suppressed because one or more lines are too long

View File

@ -1,178 +0,0 @@
/*
* Sphinx doesn't have support for section dividers like we do in
* MkDocs, this styles the section titles in the nav
*
* https://github.com/mkdocs/mkdocs/issues/175
*/
.wy-menu-vertical span {
line-height: 18px;
padding: 0.4045em 1.618em;
display: block;
position: relative;
font-size: 90%;
color: #838383;
}
.wy-menu-vertical .subnav a {
padding: 0.4045em 2.427em;
}
/*
* Long navigations run off the bottom of the screen as the nav
* area doesn't scroll.
*
* https://github.com/mkdocs/mkdocs/pull/202
*/
.wy-nav-side {
height: 100%;
overflow-y: auto;
}
/*
* readthedocs theme hides nav items when the window height is
* too small to contain them.
*
* https://github.com/mkdocs/mkdocs/issues/#348
*/
.wy-menu-vertical ul {
margin-bottom: 2em;
}
/*
* Wrap inline code samples otherwise they shoot of the side and
* can't be read at all.
*
* https://github.com/mkdocs/mkdocs/issues/313
* https://github.com/mkdocs/mkdocs/issues/233
* https://github.com/mkdocs/mkdocs/issues/834
*/
code {
white-space: pre-wrap;
word-wrap: break-word;
padding: 2px 5px;
}
/**
* Make code blocks display as blocks and give them the appropriate
* font size and padding.
*
* https://github.com/mkdocs/mkdocs/issues/855
* https://github.com/mkdocs/mkdocs/issues/834
* https://github.com/mkdocs/mkdocs/issues/233
*/
pre code {
white-space: pre;
word-wrap: normal;
display: block;
padding: 12px;
font-size: 12px;
}
/*
* Fix link colors when the link text is inline code.
*
* https://github.com/mkdocs/mkdocs/issues/718
*/
a code {
color: #2980B9;
}
a:hover code {
color: #3091d1;
}
a:visited code {
color: #9B59B6;
}
/*
* The CSS classes from highlight.js seem to clash with the
* ReadTheDocs theme causing some code to be incorrectly made
* bold and italic.
*
* https://github.com/mkdocs/mkdocs/issues/411
*/
pre .cs, pre .c {
font-weight: inherit;
font-style: inherit;
}
/*
* Fix some issues with the theme and non-highlighted code
* samples. Without and highlighting styles attached the
* formatting is broken.
*
* https://github.com/mkdocs/mkdocs/issues/319
*/
.no-highlight {
display: block;
padding: 0.5em;
color: #333;
}
/*
* Additions specific to the search functionality provided by MkDocs
*/
.search-results article {
margin-top: 23px;
border-top: 1px solid #E1E4E5;
padding-top: 24px;
}
.search-results article:first-child {
border-top: none;
}
form .search-query {
width: 100%;
border-radius: 50px;
padding: 6px 12px; /* csslint allow: box-model */
border-color: #D1D4D5;
}
.wy-menu-vertical li ul {
display: inherit;
}
.wy-menu-vertical li ul.subnav ul.subnav{
padding-left: 1em;
}
.wy-menu-vertical .subnav li.current > a {
padding-left: 2.42em;
}
.wy-menu-vertical .subnav li.current > ul li a {
padding-left: 3.23em;
}
/*
* Improve inline code blocks within admonitions.
*
* https://github.com/mkdocs/mkdocs/issues/656
*/
.admonition code {
color: #404040;
border: 1px solid #c7c9cb;
border: 1px solid rgba(0, 0, 0, 0.2);
background: #f8fbfd;
background: rgba(255, 255, 255, 0.7);
}
/*
* Account for wide tables which go off the side.
* Override borders to avoid wierdness on narrow tables.
*
* https://github.com/mkdocs/mkdocs/issues/834
* https://github.com/mkdocs/mkdocs/pull/1034
*/
.rst-content .section .docutils {
width: 100%;
overflow: auto;
display: block;
border: none;
}
td, th {
border: 1px solid #e1e4e5 !important; /* csslint allow: important */
border-collapse: collapse;
}

View File

@ -0,0 +1,87 @@
From ubuntu:xenial
MAINTAINER Andre Peters <andre.peters@servercow.de>
ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C
RUN dpkg-divert --local --rename --add /sbin/initctl \
&& ln -sf /bin/true /sbin/initctl \
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
&& ln -sf /bin/true /usr/bin/ischroot
RUN apt-get update
RUN apt-get -y install dovecot-common \
dovecot-core \
dovecot-imapd \
dovecot-lmtpd \
dovecot-managesieved \
dovecot-sieve \
dovecot-mysql \
dovecot-pop3d \
dovecot-dev \
syslog-ng \
syslog-ng-core \
ca-certificates \
supervisor \
wget \
curl \
build-essential \
autotools-dev \
automake \
libauthen-ntlm-perl \
libcrypt-ssleay-perl \
libdigest-hmac-perl \
libfile-copy-recursive-perl \
libio-compress-perl \
libio-socket-inet6-perl \
libio-socket-ssl-perl \
libio-tee-perl \
libmodule-scandeps-perl \
libnet-ssleay-perl \
libpar-packer-perl \
libreadonly-perl \
libterm-readkey-perl \
libtest-pod-perl \
libtest-simple-perl \
libunicode-string-perl \
liburi-perl \
libdbi-perl \
liblockfile-simple-perl \
libdbd-mysql-perl \
libipc-run-perl \
make \
cpanminus
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
RUN cpanm Data::Uniqid Mail::IMAPClient String::Util
RUN echo '* * * * * root /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync
RUN echo '30 3 * * * vmail /usr/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync
WORKDIR /tmp
RUN wget http://hg.dovecot.org/dovecot-antispam-plugin/archive/tip.tar.gz -O - | tar xvz \
&& cd /tmp/dovecot-antispam* \
&& ./autogen.sh \
&& ./configure --prefix=/usr \
&& make \
&& make install
COPY ./imapsync /usr/local/bin/imapsync
COPY ./postlogin.sh /usr/local/bin/postlogin.sh
COPY ./imapsync_cron.pl /usr/local/bin/imapsync_cron.pl
COPY ./rspamd-pipe /usr/local/bin/rspamd-pipe
COPY ./docker-entrypoint.sh /
COPY ./supervisord.conf /etc/supervisor/supervisord.conf
RUN chmod +x /usr/local/bin/rspamd-pipe
RUN chmod +x /usr/local/bin/imapsync_cron.pl
RUN groupadd -g 5000 vmail
RUN useradd -g vmail -u 5000 vmail -d /var/vmail
EXPOSE 24 10001
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

View File

@ -0,0 +1,28 @@
#!/bin/bash
set -e
# Hard-code env vars to imapsync due to cron not passing them to the perl script
sed -i "/^\$DBUSER/c\\\$DBUSER='${DBUSER}';" /usr/local/bin/imapsync_cron.pl
sed -i "/^\$DBPASS/c\\\$DBPASS='${DBPASS}';" /usr/local/bin/imapsync_cron.pl
sed -i "/^\$DBNAME/c\\\$DBNAME='${DBNAME}';" /usr/local/bin/imapsync_cron.pl
# Set Dovecot config parameters, escape " in db password
DBPASS=$(echo ${DBPASS} | sed 's/"/\\"/g')
sed -i "/^connect/c\connect = \"host=mysql dbname=${DBNAME} user=${DBUSER} password=${DBPASS}\"" /etc/dovecot/sql/*
[[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
[[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
cat /etc/dovecot/sieve_after > /var/vmail/sieve/global.sieve
sievec /var/vmail/sieve/global.sieve
chown -R vmail:vmail /var/vmail/sieve
# Do not do this every start-up, it may take a very long time. So we use a stat check here.
if [[ $(stat -c %U /var/vmail/) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail ; fi
# Create random master for SOGo sieve features
RAND_USER=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1)
RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1)
echo ${RAND_USER}:$(doveadm pw -s SHA1 -p ${RAND_PASS}) > /etc/dovecot/dovecot-master.passwd
echo ${RAND_USER}:${RAND_PASS} > /etc/sogo/sieve.creds
exec "$@"

9488
data/Dockerfiles/dovecot/imapsync Executable file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,72 @@
#!/usr/bin/perl
use DBI;
use File::Temp qw/ mkstemp /;
use LockFile::Simple qw(lock trylock unlock);
use Data::Dumper qw(Dumper);
use IPC::Run 'run';
use String::Util 'trim';
$DBNAME = '';
$DBUSER = '';
$DBPASS = '';
$run_dir="/tmp";
$dsn = "DBI:mysql:database=" . $DBNAME . ";host=mysql";
$lock_file = $run_dir . "/imapsync_busy";
$lockmgr = LockFile::Simple->make(-autoclean => 1, -max => 1);
$lockmgr->lock($lock_file) || die "can't lock ${lock_file}";
$dbh = DBI->connect($dsn, $DBUSER, $DBPASS);
open my $file, '<', "/etc/sogo/sieve.creds";
my $creds = <$file>;
close $file;
my ($master_user, $master_pass) = split /:/, $creds;
my $sth = $dbh->prepare("SELECT id, user1, user2, host1, authmech1, password1, exclude, port1, enc1, delete2duplicates, maxage, subfolder2 FROM imapsync WHERE active = 1 AND (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(last_run) > mins_interval * 60 OR last_run IS NULL)");
$sth->execute();
my $row;
while ($row = $sth->fetchrow_arrayref()) {
$id = @$row[0];
$user1 = @$row[1];
$user2 = @$row[2];
$host1 = @$row[3];
$authmech1 = @$row[4];
$password1 = @$row[5];
$exclude = @$row[6];
$port1 = @$row[7];
$enc1 = @$row[8];
$delete2duplicates = @$row[9];
$maxage = @$row[10];
$subfolder2 = @$row[11];
if ($enc1 eq "TLS") { $enc1 = "--tls1"; } elsif ($enc1 eq "SSL") { $enc1 = "--ssl1"; } else { undef $enc1; }
run [ "/usr/local/bin/imapsync",
"--timeout1", "10",
"--tmpdir", "/tmp",
"--subscribeall",
($exclude eq "" ? () : ("--exclude", $exclude)),
($subfolder2 eq "" ? () : ('--subfolder2', $subfolder2)),
($maxage eq "0" ? () : ('--maxage', $maxage)),
($delete2duplicates ne "1" ? () : ('--delete2duplicates')),
(!defined($enc1) ? () : ($enc1)),
"--host1", $host1,
"--user1", $user1,
"--password1", $password1,
"--port1", $port1,
"--host2", "localhost",
"--user2", $user2 . '*' . trim($master_user),
"--password2", trim($master_pass),
'--no-modulesversion'], ">", \my $stdout;
$update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, last_run = NOW() WHERE id = ?");
$update->bind_param( 1, ${stdout} );
$update->bind_param( 2, ${id} );
$update->execute();
}
$sth->finish();
$dbh->disconnect();
$lockmgr->unlock($lock_file);

View File

@ -0,0 +1,4 @@
#!/bin/sh
export MASTER_USER=$USER
exec "$@"

View File

@ -0,0 +1,8 @@
#!/bin/bash
if [[ ${2} == "learn_spam" ]]; then
/usr/bin/curl --data-binary @- http://rspamd:11334/learnspam < /dev/stdin
elif [[ ${2} == "learn_ham" ]]; then
/usr/bin/curl --data-binary @- http://rspamd:11334/learnham < /dev/stdin
fi
# Always return 0 to satisfy Dovecot...
exit 0

View File

@ -0,0 +1,21 @@
[supervisord]
nodaemon=true
[program:syslog-ng]
command=/usr/sbin/syslog-ng --foreground --no-caps
redirect_stderr=true
autostart=true
stdout_syslog=true
[program:dovecot]
command=/usr/sbin/dovecot -F
autorestart=true
[program:logfiles]
command=/usr/bin/tail -f /var/log/mail.log /var/log/syslog
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
[program:cron]
command=/usr/sbin/cron -f
autorestart=true

View File

View File

View File

@ -0,0 +1,26 @@
FROM ubuntu:xenial
MAINTAINER Andre Peters <andre.peters@debinux.de>
ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C
RUN dpkg-divert --local --rename --add /sbin/initctl \
&& ln -sf /bin/true /sbin/initctl \
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
&& ln -sf /bin/true /usr/bin/ischroot
RUN echo 'deb http://repo.powerdns.com/ubuntu xenial-rec-40 main' > /etc/apt/sources.list.d/pdns.list
RUN echo 'Package: pdns-*\n\
Pin: origin repo.powerdns.com\n\
Pin-Priority: 600\n' > /etc/apt/preferences.d/pdns
RUN apt-key adv --fetch-keys http://repo.powerdns.com/FD380FBB-pub.asc \
&& apt-get update \
&& apt-get install -y --force-yes pdns-recursor
CMD ["/usr/sbin/pdns_recursor"]
EXPOSE 53/udp
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

View File

@ -0,0 +1,18 @@
FROM php:7.1-fpm
MAINTAINER Andre Peters <andre.peters@servercow.de>
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update \
&& apt-get install -y zlib1g-dev libicu-dev g++ libidn11-dev libxml2-dev
RUN docker-php-ext-configure intl
RUN docker-php-ext-install intl pdo pdo_mysql xmlrpc
RUN pear install channel://pear.php.net/Net_IDNA2-0.1.1 Auth_SASL Net_IMAP NET_SMTP Net_IDNA2 Mail_mime
COPY ./docker-entrypoint.sh /
EXPOSE 9000
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["php-fpm"]

View File

@ -0,0 +1,7 @@
#!/bin/bash
set -e
if [[ ! -d "/data/dkim/txt" || ! -d "/data/dkim/keys" ]] ; then mkdir -p /data/dkim/{txt,keys} ; chown -R www-data:www-data /data/dkim; fi
if [[ $(stat -c %U /data/dkim/) != "www-data" ]] ; then chown -R www-data:www-data /data/dkim ; fi
exec "$@"

View File

@ -0,0 +1,33 @@
From ubuntu:xenial
MAINTAINER Andre Peters <andre.peters@servercow.de>
ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C
RUN dpkg-divert --local --rename --add /sbin/initctl \
&& ln -sf /bin/true /sbin/initctl \
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
&& ln -sf /bin/true /usr/bin/ischroot
RUN apt-get update
RUN apt-get install -y --no-install-recommends supervisor \
postfix \
sasl2-bin \
libsasl2-modules \
postfix \
postfix-mysql \
postfix-pcre \
syslog-ng \
syslog-ng-core \
ca-certificates
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
COPY supervisord.conf /etc/supervisor/supervisord.conf
COPY postfix.sh /opt/postfix.sh
EXPOSE 588
CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

View File

@ -0,0 +1,16 @@
#!/bin/bash
trap "postfix stop" EXIT
sed -i "/^user/c\user = ${DBUSER}" /opt/postfix/conf/sql/*
sed -i "/^password/c\password = ${DBPASS}" /opt/postfix/conf/sql/*
sed -i "/^dbname/c\dbname = ${DBNAME}" /opt/postfix/conf/sql/*
postconf -c /opt/postfix/conf
if [[ $? != 0 ]]; then
echo "Postfix configuration error, refusing to start."
exit 1
else
postfix -c /opt/postfix/conf start
sleep infinity
fi

View File

@ -0,0 +1,17 @@
[supervisord]
nodaemon=true
[program:syslog-ng]
command=/usr/sbin/syslog-ng --foreground --no-caps
redirect_stderr=true
autostart=true
stdout_syslog=true
[program:postfix]
command=/opt/postfix.sh
autorestart=true
[program:postfix-maillog]
command=/usr/bin/tail -f /var/log/mail.log
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0

View File

View File

@ -0,0 +1,26 @@
FROM ubuntu:xenial
MAINTAINER Andre Peters <andre.peters@servercow.de>
ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C
RUN dpkg-divert --local --rename --add /sbin/initctl \
&& ln -sf /bin/true /sbin/initctl \
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
&& ln -sf /bin/true /usr/bin/ischroot
RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
&& echo "deb http://rspamd.com/apt-stable/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
&& apt-get update \
&& apt-get --no-install-recommends -y --force-yes install rmilter cron syslog-ng syslog-ng-core supervisor
COPY supervisord.conf /etc/supervisor/supervisord.conf
EXPOSE 9000
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
RUN touch /var/log/mail.log && chmod 640 /var/log/mail.log && chown root:adm /var/log/mail.log
CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

View File

@ -0,0 +1,18 @@
[supervisord]
nodaemon=true
[program:syslog-ng]
command=/usr/sbin/syslog-ng --foreground --no-caps
redirect_stderr=true
autostart=true
stdout_syslog=true
[program:rmilter]
command=/usr/sbin/rmilter -n -c /etc/rmilter.conf.d/rmilter.conf
user=_rmilter
autorestart=true
[program:rmilter-syslog]
command=/usr/bin/tail -f /var/log/mail.log
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0

View File

@ -0,0 +1,27 @@
FROM ubuntu:xenial
MAINTAINER Andre Peters <andre.peters@debinux.de>
ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C
RUN dpkg-divert --local --rename --add /sbin/initctl \
&& ln -sf /bin/true /sbin/initctl \
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
&& ln -sf /bin/true /usr/bin/ischroot
RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
&& echo "deb http://rspamd.com/apt-stable/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
&& apt-get update \
&& apt-get -y install rspamd ca-certificates
RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local
# "Hardcoded" - we need them
RUN echo 'settings = "http://nginx:8081/settings.php";' > /etc/rspamd/modules.d/settings.conf
CMD ["/usr/bin/rspamd","-f", "-u", "_rspamd", "-g", "_rspamd"]
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
USER _rspamd
EXPOSE 11333 11334

View File

@ -0,0 +1,51 @@
FROM ubuntu:xenial
MAINTAINER Andre Peters <andre.peters@servercow.de>
ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C
ENV GOSU_VERSION 1.9
RUN dpkg-divert --local --rename --add /sbin/initctl \
&& ln -sf /bin/true /sbin/initctl \
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
&& ln -sf /bin/true /usr/bin/ischroot
RUN apt-get update \
&& apt-get install -y --no-install-recommends apt-transport-https \
ca-certificates \
wget \
syslog-ng \
syslog-ng-core \
supervisor \
mysql-client \
cron \
&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true
RUN apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 \
&& echo "deb http://packages.inverse.ca/SOGo/nightly/3/ubuntu/ xenial xenial" > /etc/apt/sources.list.d/sogo.list \
&& apt-get update \
&& apt-get -y --force-yes install sogo sogo-activesync
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
RUN echo '* * * * * sogo /usr/sbin/sogo-ealarms-notify' > /etc/cron.d/sogo
RUN echo '* * * * * sogo /usr/sbin/sogo-tool expire-sessions 60' >> /etc/cron.d/sogo
RUN echo '0 0 * * * sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds' >> /etc/cron.d/sogo
COPY ./reconf-domains.sh /
COPY supervisord.conf /etc/supervisor/supervisord.conf
#EXPOSE 20000
#EXPOSE 9191
#EXPOSE 9192
CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

View File

@ -0,0 +1,98 @@
#!/bin/bash
# Wait for MySQL to warm-up
while mysqladmin ping --host mysql --silent; do
# Recreate view
mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP VIEW IF EXISTS sogo_view"
mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
CREATE VIEW sogo_view (c_uid, domain, c_name, c_password, c_cn, mail, aliases, ad_aliases, home, kind, multiple_bookings) AS
SELECT mailbox.username, mailbox.domain, mailbox.username, mailbox.password, mailbox.name, mailbox.username, IFNULL(ga.aliases, ''), IFNULL(gda.ad_alias, ''), CONCAT('/var/vmail/', maildir), mailbox.kind, mailbox.multiple_bookings FROM mailbox
LEFT OUTER JOIN grouped_mail_aliases ga ON ga.username = mailbox.username
LEFT OUTER JOIN grouped_domain_alias_address gda ON gda.username = mailbox.username
WHERE mailbox.active = '1';
EOF
mkdir -p /var/lib/sogo/GNUstep/Defaults/
# Generate plist header with timezone data
cat <<EOF > /var/lib/sogo/GNUstep/Defaults/sogod.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//GNUstep//DTD plist 0.9//EN" "http://www.gnustep.org/plist-0_9.xml">
<plist version="0.9">
<dict>
<key>OCSAclURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_acl</string>
<key>OCSCacheFolderURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_cache_folder</string>
<key>OCSEMailAlarmsFolderURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_alarms_folder</string>
<key>DomainFieldName</key>
<string>domain</string>
<key>OCSFolderInfoURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_folder_info</string>
<key>OCSSessionsFolderURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_sessions_folder</string>
<key>OCSStoreURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_store</string>
<key>SOGoProfileURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_user_profile</string>
<key>SOGoTimeZone</key>
<string>${TZ}</string>
<key>domains</key>
<dict>
EOF
# Generate multi-domain setup
while read line
do
echo " <key>${line}</key>
<dict>
<key>SOGoMailDomain</key>
<string>${line}</string>
<key>SOGoUserSources</key>
<array>
<dict>
<key>MailFieldNames</key>
<array>
<string>aliases</string>
<string>ad_aliases</string>
</array>
<key>KindFieldName</key>
<string>kind</string>
<key>MultipleBookingsFieldName</key>
<string>multiple_bookings</string>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>GAL</string>
<key>id</key>
<string>${line}</string>
<key>isAddressBook</key>
<string>YES</string>
<key>type</key>
<string>sql</string>
<key>userPasswordAlgorithm</key>
<string>ssha256</string>
<key>viewURL</key>
<string>mysql://${DBUSER}:${DBPASS}@mysql:3306/${DBNAME}/sogo_view</string>
</dict>
</array>
</dict>" >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
done < <(mysql --host mysql -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain;" -B -N)
# Generate footer
echo ' </dict>
</dict>
</plist>' >> /var/lib/sogo/GNUstep/Defaults/sogod.plist
# Fix permissions
chown sogo:sogo -R /var/lib/sogo/
chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
sleep 99999
done

View File

@ -0,0 +1,46 @@
[supervisord]
nodaemon=true
[program:syslog-ng]
command=/usr/sbin/syslog-ng --foreground --no-caps
redirect_stderr=true
autostart=true
stdout_syslog=true
[group:sogo-group]
programs=reconf-domains,sogo
[program:sogo]
command=/usr/sbin/sogod
user=sogo
autorestart=true
priority=20
[program:reconf-domains]
command=/reconf-domains.sh
autorestart=true
priority=10
[program:sogo-syslog]
command=/usr/bin/tail -f /var/log/syslog -f /var/log/sogo/sogo.log
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
[program:cron]
command=/usr/sbin/cron -f
autorestart=true
[program:sogo-webres]
command=/usr/bin/python -u -m SimpleHTTPServer 9192
directory=/usr/lib/GNUstep/SOGo/
user=sogo
autorestart=true
[inet_http_server]
port=9191
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=http://localhost:9191

View File

@ -0,0 +1,4 @@
#!/bin/bash
echo DBPASS=$(openssl rand -base64 32 | tr -dc _A-Z-a-z-0-9)
echo DBROOT=$(openssl rand -base64 32 | tr -dc _A-Z-a-z-0-9)

View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAr+geb+b9p5PgNMDUwtK3NxtmUJrHvnCSxkkLEBPFp/vVvEQV
eJQN3WNQVXjkqaAXQzWSkTz/URiKAKMSL/nx1+Es6HRXdR79GMc6kY1GBFMfhSwt
BzblNZ++WpD4JB3bL5prMrf2HiTqe617dlENoqK0kBEDGZq3En07aV+MIRuT8HSW
B4j1/St2DAKJYGCGVqPDgpFt7+aR8aXGkvoCMKpgiB32tNkmdDfzOdWmAdFS1KaV
RK+ap9WmwNdMH0BzCud9vhuJjdUZlhfmWuuT5XaGU+fftIlI191XYOEZHe44TLy1
xWwXUhc+BmhhSj3k75lNvtAxydVrZIyoVxpLHwIDAQABAoIBAARMxkGyAc1Q3hAs
Dodco0Hjl5Ks1ekf01apfm28Lf63NzhM6cFyzQv2W4ZbWCuVUDxCWPzX4t3Wnbj6
Q32MvI6sYG6mOWURhtpONG5OZ8G/Tmvw8oDUpLG03/BSzt4DJNJ7EdfBi3CdMmYn
jXcM8Cpjk8pZwBumHoeDLCqdPU2p1onq+iwMdQDKfq1ESBwEuXIO82x9y/O6zxNZ
HlWFDS5hLEt0UVWIV5aGK0/M/kzOCKwy7MMbJhHPYKy7Yvno2t+fJ6jiwswyEsCz
M2Z3DUWzgrT4DdWSV2Bns0X/xID5kH7EXm7GqsudbHHJNnr7LWuowFSOzAX47t+N
JgrRIaECgYEA1iFfpgO/awiNQLV1VpgA3pqzmFddEh74sFqILkSGd2fxH6BbgXJB
z+7Cu6jij8Odvf48suKsG9K0OwAehnR/ZgkrQmnKftf/pEZ+iLdsS/T8IZAXjQ4g
cLlYOOMuqIi8Ev1nT0/++IaSKro0CSDuuNtkqRCQ/ZMJtWzFxw3yZRcCgYEA0k1m
vaxvkSXqrYvFjDkPM5gUXcE4wx9t6Y4iwmRISLe6bJcfVfaT9oCz4o6p4dxZsoXw
SFSazFedqwQlzXMrrBd2rHYgg13N9LU9TggZXtSMOdye+dxk24P7GmJdWH5+S5vm
TqATs105AD95p7X8+H1TpW4liwW+eNjFqqO8HzkCgYBIuVj01z0BqwveOEK7wDA7
aisoyDMR3nbz3it2G0vX7fNUnG+3jQiRCDQW7ArWbMd8KYaP8rAlWvBfQXEclSBX
lTGeArQFVHK8Zjy/Thx3x6KB+6AkBfI6lphB6daE4ruNb4bQxwh/e6TU4hyeJRMu
sUSErt2vYWrgtSqOqkvyzQKBgBKExFZRd+WVLCwqEbQ+VgtaCfkTibcM7nXRkVgC
0qasnxru19CPDQp43N5HZ8g+yhtBVh5YbOUvle+4Rsfnq2HVExsur8BBo2A4EXTs
m6dRGiQCPHGOKcd2wMbbAJNJWD+6M7aavAFgZSOTc1gEW4laJ+J6Z43tbI9hr05O
asNpAoGAFje1QFMYw8s8ZTYVrfwafgDB/BNnQRVnQwTZRXcabAT5O0Wc8hTDPOun
aBNJ3oKSwBvt7Snsn1G/oeH0aZ6cI8kkYE+dyQ5YqSZZUbJF6g771iNv4lMvxRBN
BT/ihKzXb/t47z6W8dL5N1BSZ0KrwIrEkqCeHBlAW+G/FArrbZU=
-----END RSA PRIVATE KEY-----

18
data/assets/ssl/ca.pem Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIICzjCCAbigAwIBAgIRALtgn1eSIUIhoGv9nq94NYEwCwYJKoZIhvcNAQELMBIx
EDAOBgNVBAoTB21haWxjb3cwHhcNMTYxMjEzMTAxMTAwWhcNMTkxMTI4MTAxMTAw
WjASMRAwDgYDVQQKEwdtYWlsY293MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAr+geb+b9p5PgNMDUwtK3NxtmUJrHvnCSxkkLEBPFp/vVvEQVeJQN3WNQ
VXjkqaAXQzWSkTz/URiKAKMSL/nx1+Es6HRXdR79GMc6kY1GBFMfhSwtBzblNZ++
WpD4JB3bL5prMrf2HiTqe617dlENoqK0kBEDGZq3En07aV+MIRuT8HSWB4j1/St2
DAKJYGCGVqPDgpFt7+aR8aXGkvoCMKpgiB32tNkmdDfzOdWmAdFS1KaVRK+ap9Wm
wNdMH0BzCud9vhuJjdUZlhfmWuuT5XaGU+fftIlI191XYOEZHe44TLy1xWwXUhc+
BmhhSj3k75lNvtAxydVrZIyoVxpLHwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAKww
DwYDVR0TAQH/BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAF36qnigBDvvqRI0xksc
NkGFMB3JLKznOZ0DrWUx121/GHFaNNNeI7ECmyk2eRYKCEZNnxWa1/LJ7GWn7lRU
JD3OeWbhBUgA+HXoKl/jzXokuXMjYi/eFrgOofk2AqNDA5ioduS6A4vL8UDQc+74
WSS8za4zoVR4GtxqDG+msRzTNVWXRcaaaWSrWMfZtQcEKIeQGDkcccvZ+mzlFUsH
G1xxKuOPGjAwrxda4x+FY/dYdPbRV8ua0RQmYUMnROv507QnGZ9FdzdrvisZ67xx
5BfxbApAyxDD/p7B4Zh1daga2LYGRwMJuwYjXlw9uNxJVQwcxg4nppWF1KZ4Fz0c
EjY=
-----END CERTIFICATE-----

19
data/assets/ssl/cert.pem Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBDCCAe6gAwIBAgIQeJMoL/3dxhxhT9EwuRTL/DALBgkqhkiG9w0BAQswEjEQ
MA4GA1UEChMHbWFpbGNvdzAeFw0xNjEyMTMxMDExMDBaFw0xOTExMjgxMDExMDBa
MC0xEDAOBgNVBAoTB21haWxjb3cxGTAXBgNVBAMTEG1haWwuZXhhbXBsZS5vcmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRg0xT3At9DSb3H5OMp3K1
MpXAgYyotSK6TS61fC0QEHy2fMXiws7Agcye6Ln7CG63Fe1eN2jkdlefy9xJivS8
y5w0M8i168v5znzC8fnylL2iOiSYfK/B/oEqfU7YH4RcegO53oDDIUZmi4Frgnu7
39VVOU1ZyHEVqGJ2H2aAIkoZRjGzumD9Ym4LWGidtKJzBgFt/qmhUeWXipM8w281
XkQnJU79+x2ywnJSvEZ3r/ZVJC7kbjiVw+/k15k9Cxk6Ik8wmJ0X/+xWxoZomHQI
1LM0VKAS/iaU95dn2bplvL6jTiiyWAbrMjSKs4XbPt/fIbOicNkj6+CFy0MVfyyH
AgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIAqDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI
KwYBBQUHAwEwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQsDggEBAI/jBJa1P8nB
eHUN5muQmjBVDVOYyWAAEapOe2HYsBcpjaB2H8Iw3DQzJtz6peYeYSCmHRVqFLCm
VPrq36l9mPUotyPDPlQQAxCj9R2+WbGaJO+N/E1F8FQ94dr3jqwUyfjVPoqEjmIH
NFkvbA0RJOeBm9oYGdhM0wjOBV9c9MTHFG82nQ/zQeTuPb7GXuKIOXYCxoLNOZMw
UJ02Cqjv5ImrgOhcstAKX3Ip0urSvZUGvtPla4CGh+M6yDFJ08GzX6OiMIH207RW
jAbUXXERSUv/7hysdDjGo5HZjCeMzVu9KAxoZXqnmvkk8g2swKWtWBRcoeU1VGx0
Bx4Q4KMjuYQ=
-----END CERTIFICATE-----

View File

@ -0,0 +1,8 @@
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA9iHB0CRDhV8wfBgqnmvuJpl0fzL3qL75R4ZvQHlfMNLrxuIz2x9D
9zcDhPcBTVzV5Ay0AAkke4wP6r6wDQqXqBP4Y8IOkYAyLh3jM40jfHQzQt+5JdQl
ond3kiscBsFOch/vMfSLMu3lAb0YhPNTvrxhMz7LcVAWYl82swASupdiKR+MgaQr
XsugpmDKsHW60VmIM9B7K9Y+rNHwvMWkmISd0KxA8oOy1WJvsVEissMALZDE3c4w
2xHmO2lXxgEx3aez28736t4m/KW3g9Zr31a1M0KusmfY//fGkPk4NUrLBOS2xrgp
Y/rG1qSBdcVyerM0Ki93qCyHKYu4ene0OwIBAg==
-----END DH PARAMETERS-----

27
data/assets/ssl/key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA0YNMU9wLfQ0m9x+TjKdytTKVwIGMqLUiuk0utXwtEBB8tnzF
4sLOwIHMnui5+whutxXtXjdo5HZXn8vcSYr0vMucNDPItevL+c58wvH58pS9ojok
mHyvwf6BKn1O2B+EXHoDud6AwyFGZouBa4J7u9/VVTlNWchxFahidh9mgCJKGUYx
s7pg/WJuC1honbSicwYBbf6poVHll4qTPMNvNV5EJyVO/fsdssJyUrxGd6/2VSQu
5G44lcPv5NeZPQsZOiJPMJidF//sVsaGaJh0CNSzNFSgEv4mlPeXZ9m6Zby+o04o
slgG6zI0irOF2z7f3yGzonDZI+vghctDFX8shwIDAQABAoIBAQC9kiLnIgxXGyZt
pmmYdA6re1jatZ2zLSp+DcY8ul3/0hs195IKCyCOOSQPiR520Pt0t+duP46uYZIJ
aakp9gxaI5Vz+oMacH/AyaBDuDTj1Mf9WMSyIOfbDVCMRJOppGLcVh62+Gfjp2EO
+h2hTJBuvypFkbK2kVIZOaHVpbXWKw1oYuEcTftk9XfxxvfSMw1HQ12/P2CAcbaa
jPmVbisunv6kpXtewSBTcaLSYWJf1MYD5Hi8fzkD2FJSXYbfQd8RKvT2rj6FA7ux
CDMzbYhdnd7lc63OARCIjfCRNtDT1cZ3gR1CQHD98lWxmPQIZukv+w7s/bSrFgnQ
ROZ0ghBJAoGBAOmE/3d5FDmp0aJNxXynKcRGdpEEM4O40RIdqa2eR6Pa7aTRosao
z0qVgdFuJrqjlB3jgedxXEX1M0abCUzzM9Q5F7JLl+KsjwRwpkIOkPiyUncLp7LK
QbY3tvYBIdpjlF1USOMGRL4j11hqr4vQC/yPBF7jj81kCZDTbmZhp82jAoGBAOWu
ql5QFUOlmqkuWIAFkiLEZhOu+ptqkE+zG50CCGMJIX0dJ2PHXFyNGInomAeT0nbI
pbnK3x7KeEKiGrAqZFNCTHhApTwkrIj0L/RQbMDZ7u7j1AEUVNFEhIm62kg84FtG
xtfxVxredE+NQc/tyV3hXegdNZxegALirlcMKIvNAoGAWFwIxk48Ru1o8z72QQqH
lUsMRicOzwK5qV8r+xPvC6MlVL42F3F8rj4QFwzU/r4yp3SUjNyqC5aSRl8Xj9Re
gijwPHi6Cf09SHLPliMo29GtvnnchJxfbPF7+23GP3p6gy4HPk/65u9s5nnH3uFk
B7ad8sGsgg0eSXyXQ4okEn0CgYEAnogPuedGthlxBgMiPMMbmfm7hyyId4t3Ljuu
/JExnsHnpobf8EPjoVIWNOIhRWGnrCtUEEhR9tvDZCKljyDDfKBPTdU496lMmX8K
NnToi7gg7iy84T3aSVMktDgPgDrclMPmbZh8CeSvnVUfrtgu3Ci4+4Rlw5eKffNe
aGDQ/6UCgYAbUq9mRT2WOXIo+Dchi9VzDWgtfOw5VEyqkSpb7hPiIYx5jNaENnVK
cAi3iqbBgPJBuMlTrKmmaxdmssGOEZNJLuuXLDbCU+f5cpu5PQ4crC6UtRI5rlhp
8Yc+oiv3HWbSw3sVRpMFB6NP4DnvgFW3B2Wdfb/lNzPCKWqBsX7gWw==
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,247 @@
auth_mechanisms = plain login
#mail_debug = yes
log_path = /var/log/mail.log
disable_plaintext_auth = yes
# Uncomment on NFS share
#mmap_disable = yes
#mail_fsync = always
#mail_nfs_index = yes
#mail_nfs_storage = yes
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/
mail_plugins = quota acl zlib antispam
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
ssl_protocols = !SSLv3 !SSLv2
ssl_prefer_server_ciphers = yes
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_options = no_compression
# Automatically regenerates every week
ssl_dh_parameters_length = 2048
log_timestamp = "%Y-%m-%d %H:%M:%S "
recipient_delimiter = +
auth_master_user_separator = *
mail_prefetch_count = 30
passdb {
driver = passwd-file
args = /etc/dovecot/dovecot-master.passwd
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/sql/dovecot-mysql.conf
driver = sql
}
namespace inbox {
inbox = yes
location =
separator = /
mailbox "Trash" {
auto = subscribe
special_use = \Trash
}
mailbox "Deleted Messages" {
special_use = \Trash
}
mailbox "Deleted Items" {
special_use = \Trash
}
mailbox "Gelöschte Objekte" {
special_use = \Trash
}
mailbox "Papierkorb" {
special_use = \Trash
}
mailbox "Itens Excluidos" {
special_use = \Trash
}
mailbox "Itens Excluídos" {
special_use = \Trash
}
mailbox "Lixeira" {
special_use = \Trash
}
mailbox "Prullenbak" {
special_use = \Trash
}
mailbox "Verwijderde items" {
special_use = \Trash
}
mailbox "Archive" {
auto = subscribe
special_use = \Archive
}
mailbox "Archiv" {
special_use = \Archive
}
mailbox "Archives" {
special_use = \Archive
}
mailbox "Arquivo" {
special_use = \Archive
}
mailbox "Arquivos" {
special_use = \Archive
}
mailbox "Archief" {
special_use = \Archive
}
mailbox "Sent" {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox "Sent Items" {
special_use = \Sent
}
mailbox "Gesendet" {
special_use = \Sent
}
mailbox "Gesendete Objekte" {
special_use = \Sent
}
mailbox "Itens Enviados" {
special_use = \Sent
}
mailbox "Enviados" {
special_use = \Sent
}
mailbox "Verzonden items" {
special_use = \Sent
}
mailbox "Verzonden" {
special_use = \Sent
}
mailbox "Drafts" {
auto = subscribe
special_use = \Drafts
}
mailbox "Entwürfe" {
special_use = \Drafts
}
mailbox "Rascunhos" {
special_use = \Drafts
}
mailbox "Concepten" {
special_use = \Drafts
}
mailbox "Junk" {
auto = subscribe
special_use = \Junk
}
mailbox "Junk E-mail" {
special_use = \Junk
}
mailbox "Spam" {
special_use = \Junk
}
mailbox "Lixo Eletrônico" {
special_use = \Junk
}
mailbox "Ongewenste e-mail" {
special_use = \Junk
}
prefix =
}
namespace {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:%%h/:INDEXPVT=~/Shared/%%u
subscriptions = no
list = yes
}
protocols = imap sieve lmtp pop3
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
service auth {
inet_listener auth-inet {
port = 10001
}
unix_listener auth-master {
mode = 0600
user = vmail
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = root
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
process_min_avail = 2
vsz_limit = 128M
}
service imap {
executable = imap imap-postlogin
}
service managesieve {
process_limit = 256
}
service lmtp {
inet_listener lmtp-inet {
port = 24
}
user = vmail
}
listen = *,[::]
ssl_cert = </etc/ssl/mail/cert.pem
ssl_key = </etc/ssl/mail/key.pem
userdb {
args = /etc/dovecot/sql/dovecot-mysql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib antispam
}
protocol lmtp {
mail_plugins = quota sieve acl zlib
auth_socket_path = /var/run/dovecot/auth-master
}
protocol sieve {
managesieve_logout_format = bytes=%i/%o
}
plugin {
acl_anyone = allow
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
acl = vfile
quota = dict:Userquota::proxy::sqlquota
quota_rule2 = Trash:storage=+100%%
antispam_backend = mailtrain
antispam_spam = Junk
antispam_trash = Trash
antispam_mail_sendmail = /usr/local/bin/rspamd-pipe
antispam_mail_spam = learn_spam
antispam_mail_notspam = learn_ham
# Do not complain about empty parameter
antispam_mail_sendmail_args = --blind
sieve = /var/vmail/sieve/%u.sieve
sieve_after = /var/vmail/sieve/global.sieve
sieve_max_script_size = 1M
sieve_quota_max_scripts = 0
sieve_quota_max_storage = 0
}
dict {
sqlquota = mysql:/etc/dovecot/sql/dovecot-dict-sql.conf
}
remote 127.0.0.1 {
disable_plaintext_auth = no
}
submission_host = postfix:588
mail_max_userip_connections = 500
service imap-postlogin {
executable = script-login /usr/local/bin/postlogin.sh
unix_listener imap-postlogin {
}
}

View File

@ -0,0 +1,24 @@
require "fileinto";
require "mailbox";
require "variables";
require "subaddress";
require "envelope";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}
if allof (
envelope :detail :matches "to" "*",
header :contains "X-Moo-Tag" "YES",
mailboxexists "INBOX/${s}"
) {
fileinto "INBOX/${s}";
}
elsif allof (
envelope :detail :matches "to" "*",
header :contains "X-Moo-Tag" "YES"
) {
set :lower "s" "${1}";
fileinto :create "INBOX/${s}";
}

View File

@ -0,0 +1,15 @@
connect = "host=mysql dbname=mailcow user=mailcow password=mysafepasswd"
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}

View File

@ -0,0 +1,6 @@
driver = mysql
connect = "host=mysql dbname=mailcow user=mailcow password=mysafepasswd"
default_pass_scheme = SSHA256
password_query = SELECT password FROM mailbox WHERE username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1')
user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
iterate_query = SELECT username FROM mailbox WHERE active='1';

14
data/conf/mysql/my.cnf Normal file
View File

@ -0,0 +1,14 @@
[mysqld]
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
innodb_file_per_table = TRUE
innodb_file_format = barracuda
innodb_large_prefix = TRUE
#sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4

View File

@ -0,0 +1,18 @@
server {
listen 8081;
index index.php index.html;
server_name _;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /dynmaps;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}

View File

@ -0,0 +1 @@
listen ${HTTPS_PORT};

136
data/conf/nginx/site.conf Normal file
View File

@ -0,0 +1,136 @@
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g;
server {
include /etc/nginx/conf.d/listen.active;
include /etc/nginx/mime.types;
charset utf-8;
override_charset on;
ssl on;
ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_ecdh_curve secp384r1;
index index.php index.html;
server_name _ autodiscover.* autoconfig.*;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /web;
location = /principals/ {
rewrite ^ https://$host/SOGo/dav;
allow all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PHP_VALUE "max_execution_time = 1200
max_input_time = 1200
memory_limit = 64M";
fastcgi_read_timeout 1200;
}
rewrite ^(/save.+)$ /rspamd$1 last;
location /rspamd/ {
proxy_pass http://172.22.1.253:11334/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
}
location ^~ /inc/init.sql {
deny all;
}
if ($host ~* autodiscover\.(.*)) {
rewrite ^(.*) /autodiscover.php last;
}
if ($host ~* autoconfig\.(.*)) {
rewrite ^(.*) /autoconfig.php last;
}
location ^~ /Microsoft-Server-ActiveSync {
proxy_pass http://172.22.1.252:20000/SOGo/Microsoft-Server-ActiveSync;
proxy_connect_timeout 1000;
proxy_next_upstream timeout error;
proxy_send_timeout 1000;
proxy_read_timeout 1000;
proxy_buffer_size 8k;
proxy_buffers 4 32k;
proxy_temp_file_write_size 64k;
proxy_busy_buffers_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
proxy_set_header x-webobjects-server-port $server_port;
client_body_buffer_size 128k;
client_max_body_size 100m;
}
location ^~ /SOGo {
proxy_pass http://172.22.1.252:20000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host $remote_addr;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host:$server_port;
proxy_set_header x-webobjects-server-port $server_port;
#proxy_connect_timeout 90;
#proxy_send_timeout 90;
#proxy_read_timeout 90;
#proxy_buffer_size 4k;
#proxy_buffers 4 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
client_body_buffer_size 128k;
client_max_body_size 100m;
break;
}
location /SOGo.woa/WebServerResources/ {
proxy_pass http://172.22.1.252:9192/WebServerResources/;
proxy_set_header Host $host;
proxy_cache sogo;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
}
location /SOGo/WebServerResources/ {
proxy_pass http://172.22.1.252:9192/WebServerResources/;
proxy_set_header Host $host;
proxy_cache sogo;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
}
location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$ {
proxy_pass http://172.22.1.252:9192/$1.SOGo/Resources/$2;
proxy_set_header Host $host;
proxy_cache sogo;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
#alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
}
}

View File

@ -0,0 +1 @@
addNTA("mailcow-network", "nta for local")

View File

@ -0,0 +1,41 @@
allow-from=127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8
config-dir=/etc/powerdns
daemon=no
disable-syslog=yes
dnssec=process
dnssec-log-bogus=yes
dont-query=10.0.0.0/8, 100.64.0.0/10, 169.254.0.0/16, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fc00::/7, fe80::/10, 0.0.0.0/8, 192.0.0.0/24, 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, 240.0.0.0/4, ::/96, ::ffff:0:0/96, 100::/64, 2001:db8::/32
export-etc-hosts=off
# forward-zones=
forward-zones-recurse=mailcow-network.=127.0.0.11
local-address=0.0.0.0
local-port=53
loglevel=6
# lowercase-outgoing=no
lua-config-file=/etc/powerdns/pdns_custom.lua
# max-cache-entries=1000000
# max-cache-ttl=86400
# max-mthreads=2048
# max-negative-ttl=3600
# max-packetcache-entries=500000
# max-qperq=50
# max-tcp-clients=128
# max-tcp-per-client=0
# max-total-msec=7000
# minimum-ttl-override=0
# network-timeout=1500
# packetcache-servfail-ttl=60
# packetcache-ttl=3600
quiet=yes
# security-poll-suffix=secpoll.powerdns.com.
# serve-rfc1918=yes
# server-down-max-fails=64
# server-down-throttle-time=60
setgid=pdns
setuid=pdns
# spoof-nearmiss-max=20
# stack-size=200000
# threads=2
# trace=off
version-string=PowerDNS Recursor
webserver=no

93
data/conf/postfix/main.cf Normal file
View File

@ -0,0 +1,93 @@
biff = no
append_dot_mydomain = no
smtpd_tls_cert_file = /etc/ssl/mail/cert.pem
smtpd_tls_key_file = /etc/ssl/mail/key.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
disable_vrfy_command = yes
maximal_backoff_time = 1800s
maximal_queue_lifetime = 1d
message_size_limit = 26214400
milter_default_action = accept
milter_protocol = 6
minimal_backoff_time = 300s
plaintext_reject_code = 550
postscreen_access_list = permit_mynetworks, cidr:/opt/postfix/conf/postscreen_access.cidr
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 24h
postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.4*1 hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_read_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_out_policy.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
queue_run_delay = 300s
relay_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf
relay_recipient_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf
sender_dependent_default_transport_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_out_policy.cf
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_cert_file = /etc/ssl/mail/cert.pem
smtp_tls_key_file = /etc/ssl/mail/key.pem
smtp_tls_loglevel = 1
smtp_dns_support_level = dnssec
smtp_tls_security_level = dane
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = ${stress?1}${stress:5}
smtpd_helo_required = yes
smtpd_proxy_timeout = 600s
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = inet:dovecot:10001
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_sender_acl.cf
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = yes
smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL
smtpd_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_security_level = may
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
virtual_alias_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail/
virtual_mailbox_domains = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_minimum_uid = 104
virtual_transport = lmtp:inet:dovecot:24
virtual_uid_maps = static:5000
smtpd_milters = inet:rmilter:9900
non_smtpd_milters = inet:rmilter:9900
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = localhost.localdomain, localhost

View File

@ -0,0 +1,45 @@
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
-o smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_helo_hostname
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
submission inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_enforce_tls=yes
-o smtpd_tls_security_level=encrypt
-o tls_preempt_cipherlist=yes
588 inet n - n - - smtpd
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_tls_auth_only=no
smtp_enforced_tls unix - - n - - smtp
-o smtp_tls_security_level=encrypt
-o syslog_name=enforced-tls-smtp
-o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
tlsproxy unix - - n - 0 tlsproxy
dnsblog unix - - n - 0 dnsblog
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe flags=DRhu
user=vmail argv=/usr/bin/maildrop -d ${recipient}

View File

@ -0,0 +1,654 @@
# Generated by Postwhite v1.30 on Thu Dec 8 21:11:27 CET 2016
# https://github.com/stevejenkins/postwhite/
# 651 total rules
2a00:1450:4000::/36 permit
2a01:111:f400::/48 permit
2a04:35c0::/29 permit
2c0f:fb50:4000::/36 permit
5.135.24.0/24 permit
8.20.114.31 permit
8.25.194.0/23 permit
8.25.196.0/23 permit
12.130.86.238 permit
13.111.0.0/19 permit
17.36.0.0/16 permit
17.41.0.0/16 permit
17.110.0.0/15 permit
17.120.0.0/16 permit
17.133.0.0/16 permit
17.139.0.0/16 permit
17.142.0.0/15 permit
17.151.1.0/24 permit
17.158.0.0/15 permit
17.162.0.0/15 permit
17.164.0.0/16 permit
17.171.37.0/24 permit
17.172.0.0/16 permit
23.21.83.90 permit
23.23.237.213 permit
23.96.52.53 permit
23.100.122.175 permit
23.103.128.0/19 permit
23.103.131.7 permit
23.103.191.0/24 permit
23.103.198.0/23 permit
23.103.200.0/21 permit
23.103.208.0/21 permit
23.103.224.0/19 permit
23.253.182.0/24 permit
23.253.182.103 permit
23.253.183.0/24 permit
23.253.183.145 permit
23.253.183.146 permit
23.253.183.147 permit
23.253.183.148 permit
23.253.183.150 permit
27.126.146.0/24 permit
37.59.69.128/25 permit
37.59.249.0/24 permit
37.188.97.188/32 permit
40.92.0.0/14 permit
40.96.32.50 permit
40.97.113.34 permit
40.97.113.210 permit
40.97.153.146 permit
40.97.155.26 permit
40.97.156.114 permit
40.97.160.2 permit
40.97.164.146 permit
40.97.166.138 permit
40.97.170.154 permit
40.107.0.0/17 permit
40.107.128.0/18 permit
41.74.192.0/22 permit
41.74.196.0/22 permit
41.74.200.0/22 permit
41.74.201.0/24 permit
41.74.204.0/22 permit
41.74.205.0/24 permit
46.19.168.0/23 permit
50.18.45.249 permit
50.18.121.236 permit
50.18.121.248 permit
50.18.123.221 permit
50.18.124.70 permit
50.18.125.97 permit
50.18.125.237 permit
50.18.126.162 permit
50.22.164.201 permit
50.23.218.192/27 permit
50.31.32.0/19 permit
50.31.36.197 permit
50.31.36.199 permit
50.31.36.205 permit
50.31.36.208 permit
50.31.36.213 permit
50.31.60.1 permit
50.31.156.96/27 permit
50.207.218.237 permit
51.4.71.62 permit
52.0.20.102 permit
52.95.48.152/29 permit
52.95.49.88/29 permit
52.205.61.79 permit
54.172.97.247 permit
54.173.229.38 permit
54.214.39.184 permit
54.240.0.0/18 permit
54.241.16.209 permit
54.243.205.80 permit
54.244.242.0/24 permit
62.17.146.128/26 permit
63.80.14.0/23 permit
63.111.28.137 permit
63.128.21.0/24 permit
64.4.22.64/26 permit
64.18.0.0/20 permit
64.20.241.45 permit
64.34.47.128/27 permit
64.34.57.192/26 permit
64.79.155.0/24 permit
64.79.155.192 permit
64.127.115.252 permit
64.132.88.0/23 permit
64.132.92.0/24 permit
64.135.77.0/24 permit
64.135.83.0/24 permit
64.233.160.0/19 permit
65.39.215.0/24 permit
65.54.51.64/26 permit
65.54.61.64/26 permit
65.54.121.120/29 permit
65.54.121.124/31 permit
65.54.190.0/24 permit
65.54.241.0/24 permit
65.55.33.64/28 permit
65.55.34.0/24 permit
65.55.42.224/28 permit
65.55.52.224/27 permit
65.55.77.28 permit
65.55.78.128/25 permit
65.55.81.48/28 permit
65.55.81.54/31 permit
65.55.85.12 permit
65.55.88.0/24 permit
65.55.90.0/24 permit
65.55.94.0/25 permit
65.55.111.0/24 permit
65.55.113.64/26 permit
65.55.116.0/25 permit
65.55.126.0/25 permit
65.55.169.0/24 permit
65.55.174.0/25 permit
65.55.178.128/27 permit
65.55.234.192/26 permit
65.110.161.77 permit
65.212.180.36 permit
65.242.92.0/24 permit
65.242.92.15 permit
66.77.16.201/32 permit
66.102.0.0/20 permit
66.135.215.0/24 permit
66.135.222.1 permit
66.211.168.230/31 permit
66.211.184.0/23 permit
66.220.144.128/25 permit
66.220.155.0/24 permit
66.220.155.128/25 permit
66.220.157.0/25 permit
66.231.80.0/20 permit
66.249.80.0/20 permit
67.23.31.6 permit
67.72.99.26 permit
67.221.168.65 permit
67.228.2.24/30 permit
67.228.21.184/29 permit
67.228.37.4/30 permit
67.228.50.32/27 permit
67.228.50.54/31 permit
67.231.145.42 permit
67.231.153.30 permit
68.232.192.0/20 permit
69.63.178.128/25 permit
69.63.179.25 permit
69.63.184.0/25 permit
69.65.42.195 permit
69.65.49.192/29 permit
69.162.98.0/24 permit
69.171.232.0/24 permit
69.171.232.128/25 permit
69.171.244.0/24 permit
70.37.151.128/25 permit
70.42.149.35 permit
72.3.185.0/24 permit
72.3.237.64/28 permit
72.5.230.111/32 permit
72.14.192.0/18 permit
72.21.192.0/19 permit
72.21.212.0/25 permit
72.21.217.142/32 permit
72.32.154.0/24 permit
72.32.217.0/24 permit
72.32.243.0/24 permit
72.249.147.250/32 permit
74.63.63.115 permit
74.63.63.121 permit
74.63.194.126 permit
74.63.234.75 permit
74.63.236.0/24 permit
74.86.113.28/30 permit
74.86.129.240/30 permit
74.86.131.208/30 permit
74.86.132.208/30 permit
74.86.160.160/30 permit
74.86.164.188/30 permit
74.86.171.192/30 permit
74.86.195.28/30 permit
74.86.207.36/30 permit
74.86.226.216/30 permit
74.86.236.240/30 permit
74.86.241.250/31 permit
74.112.64.26 permit
74.112.67.243 permit
74.112.170.21/32 permit
74.125.0.0/16 permit
74.201.84.0/24 permit
74.201.152.59/32 permit
74.201.154.0/24 permit
74.201.155.25/32 permit
74.201.155.26/32 permit
74.201.155.27/32 permit
74.201.155.28/32 permit
74.201.155.79/32 permit
74.202.227.52/32 permit
74.208.4.192/26 permit
74.208.5.64/26 permit
74.208.122.0/26 permit
74.209.250.0/24 permit
74.209.250.84 permit
75.126.200.128/27 permit
75.126.253.0/24 permit
75.126.253.48 permit
80.231.25.0/24 permit
80.231.219.0/24 permit
81.223.46.0/27 permit
82.165.159.0/24 permit
85.222.130.192/26 permit
85.222.138.192/26 permit
86.61.88.25 permit
87.238.80.0/21 permit
87.253.232.0/21 permit
91.194.248.0/23 permit
91.198.22.0/24 permit
91.211.240.0/24 permit
91.211.242.0/24 permit
91.211.243.0/24 permit
91.220.42.0/24 permit
94.236.119.0/26 permit
94.245.112.0/27 permit
94.245.112.10/31 permit
94.245.120.64/26 permit
96.43.144.0/20 permit
96.43.144.64/28 permit
96.43.144.64/31 permit
96.43.147.64/28 permit
96.43.148.64/28 permit
96.43.148.64/31 permit
96.43.151.64/28 permit
96.43.152.64/27 permit
96.43.153.64/27 permit
96.46.150.192/27 permit
101.53.164.192/26 permit
103.11.200.0/22 permit
103.13.69.0/24 permit
103.28.42.0/24 permit
103.237.104.0/22 permit
104.40.211.35 permit
104.43.195.251 permit
104.47.0.0/17 permit
104.130.96.0/28 permit
104.130.122.0/23 permit
104.245.209.192/26 permit
106.50.16.0/28 permit
107.0.11.224/27 permit
108.174.0.0/24 permit
108.174.0.215 permit
108.174.3.0/24 permit
108.174.6.0/24 permit
108.175.18.45 permit
108.175.30.45 permit
108.177.8.0/21 permit
108.177.96.0/19 permit
111.221.23.128/25 permit
111.221.26.0/27 permit
111.221.66.0/25 permit
111.221.69.128/25 permit
111.221.112.0/21 permit
124.47.150.0/24 permit
124.47.189.0/24 permit
129.41.77.70 permit
129.41.169.249 permit
131.107.0.0/16 permit
131.107.1.18 permit
131.107.1.19 permit
131.107.1.20 permit
131.107.1.37 permit
131.107.1.44 permit
131.107.1.48 permit
131.107.1.56 permit
131.253.30.0/24 permit
131.253.121.20 permit
134.170.113.0/26 permit
134.170.140.0/24 permit
134.170.141.64/26 permit
134.170.143.0/24 permit
134.170.174.0/24 permit
136.146.128.64/27 permit
136.146.208.16/28 permit
136.146.210.16/28 permit
136.147.46.192/26 permit
136.147.62.192/26 permit
136.147.128.0/20 permit
136.147.176.0/20 permit
146.88.28.0/24 permit
146.101.78.0/24 permit
147.243.1.47 permit
147.243.1.48 permit
147.243.1.153 permit
147.243.128.24 permit
147.243.128.26 permit
151.101.37.140 permit
157.55.0.192/26 permit
157.55.1.128/26 permit
157.55.2.0/25 permit
157.55.9.128/25 permit
157.55.11.0/25 permit
157.55.49.0/25 permit
157.55.61.0/24 permit
157.55.157.128/25 permit
157.55.158.0/23 permit
157.55.225.0/25 permit
157.55.234.0/24 permit
157.56.24.0/25 permit
157.56.110.0/23 permit
157.56.112.0/24 permit
157.56.120.128/26 permit
157.56.172.28 permit
157.56.232.0/21 permit
157.56.240.0/20 permit
157.56.248.0/21 permit
157.151.208.65 permit
162.88.4.0/24 permit
162.88.36.0/24 permit
162.248.185.121 permit
163.47.180.0/22 permit
165.254.167.152/30 permit
165.254.167.156/31 permit
165.254.167.162/31 permit
165.254.168.66/31 permit
165.254.168.68/31 permit
165.254.168.70/31 permit
165.254.168.72/31 permit
166.78.68.0/22 permit
166.78.68.221 permit
166.78.69.146 permit
166.78.69.169 permit
166.78.69.170 permit
166.78.71.131 permit
167.89.0.0/17 permit
167.89.16.30 permit
167.89.16.183 permit
167.89.16.245 permit
167.89.25.84 permit
167.89.32.5 permit
167.89.32.50 permit
167.89.46.159 permit
167.89.46.185 permit
167.89.60.95 permit
167.89.62.118 permit
167.89.64.9 permit
167.89.65.0 permit
167.89.65.53 permit
167.89.65.100 permit
167.89.74.233 permit
167.89.75.33 permit
167.89.75.126 permit
167.89.75.136 permit
167.89.75.164 permit
167.89.101.2 permit
167.89.101.192/28 permit
167.220.67.238 permit
172.217.0.0/19 permit
173.0.84.224/28 permit
173.0.94.244/30 permit
173.193.132.0/23 permit
173.193.132.134/31 permit
173.193.210.32/27 permit
173.194.0.0/16 permit
173.203.79.182 permit
173.203.81.39 permit
173.224.160.128/25 permit
173.224.161.128/25 permit
173.228.155.0/24 permit
174.36.80.208/28 permit
174.36.84.8/29 permit
174.36.84.16/29 permit
174.36.84.32/29 permit
174.36.84.144/29 permit
174.36.84.240/29 permit
174.36.85.248/30 permit
174.36.92.96/27 permit
174.36.114.128/30 permit
174.36.114.140/30 permit
174.36.114.148/30 permit
174.36.114.152/29 permit
174.37.67.28/30 permit
174.37.226.64/27 permit
174.129.194.241 permit
174.129.203.189 permit
174.137.46.0/24 permit
176.32.105.0/24 permit
176.32.127.0/24 permit
178.32.48.128 permit
178.33.111.144 permit
178.33.137.208/28 permit
178.33.221.0/24 permit
178.236.10.128/26 permit
178.249.98.16/29 permit
178.249.202.16/29 permit
180.189.28.0/24 permit
182.50.76.0/22 permit
182.50.78.64/28 permit
184.173.105.0/24 permit
184.173.153.0/24 permit
185.4.120.0/24 permit
185.4.122.0/24 permit
185.12.80.0/22 permit
185.28.196.0/22 permit
185.90.20.0/22 permit
188.172.128.0/20 permit
191.239.213.197 permit
192.28.128.0/18 permit
192.30.252.0/22 permit
192.64.236.0/24 permit
192.64.237.0/24 permit
192.64.238.0/24 permit
192.161.144.0/20 permit
192.230.81.86 permit
192.237.158.0/23 permit
192.237.159.42 permit
192.237.159.43 permit
192.254.112.0/20 permit
192.254.112.60 permit
192.254.112.98/31 permit
192.254.113.10 permit
192.254.113.101 permit
192.254.114.176 permit
192.254.115.72 permit
192.254.118.63 permit
193.28.178.0/25 permit
194.64.234.128/27 permit
194.64.234.129 permit
194.154.193.192/27 permit
195.54.172.0/23 permit
195.130.217.0/24 permit
198.2.128.0/18 permit
198.2.128.0/24 permit
198.2.132.0/22 permit
198.2.136.0/23 permit
198.2.177.0/24 permit
198.2.178.0/24 permit
198.2.179.0/24 permit
198.2.180.0/24 permit
198.2.186.0/23 permit
198.21.0.0/21 permit
198.21.3.166 permit
198.21.4.224 permit
198.37.144.0/20 permit
198.37.145.250 permit
198.37.149.128 permit
198.37.151.26 permit
198.61.254.0/23 permit
198.61.254.231 permit
198.178.234.57 permit
198.245.80.0/20 permit
199.15.176.173 permit
199.15.212.0/22 permit
199.15.214.169/32 permit
199.16.156.0/22 permit
199.19.0.0/21 permit
199.59.148.0/22 permit
199.83.132.86 permit
199.101.161.130 permit
199.101.162.0/25 permit
199.122.120.0/21 permit
199.127.232.0/22 permit
199.187.117.209 permit
199.187.117.233 permit
199.187.117.234/31 permit
199.187.117.236/31 permit
199.187.118.201 permit
199.187.118.202/31 permit
199.187.118.204 permit
199.187.118.209 permit
199.201.64.23 permit
199.201.65.23 permit
199.255.192.0/22 permit
202.129.242.0/23 permit
202.177.148.100 permit
202.177.148.110 permit
203.32.4.25 permit
203.55.21.0/24 permit
203.62.195.0/24 permit
203.81.17.0/24 permit
203.122.32.250 permit
203.145.57.160/27 permit
204.13.11.48/29 permit
204.13.11.48/30 permit
204.13.248.0/22 permit
204.14.232.0/21 permit
204.14.232.64/28 permit
204.14.234.64/28 permit
204.14.238.0/27 permit
204.29.186.0/23 permit
204.75.142.0/24 permit
204.92.114.187 permit
204.92.114.203 permit
204.92.114.204/31 permit
204.153.121.0/24 permit
205.139.110.0/23 permit
205.201.128.0/20 permit
205.201.131.128/25 permit
205.201.132.14 permit
205.201.134.128/25 permit
205.201.136.0/23 permit
205.201.137.229 permit
205.201.139.0/24 permit
205.201.140.14 permit
205.207.104.0/22 permit
205.217.25.132 permit
205.217.25.135 permit
205.251.233.32/32 permit
205.251.233.36/32 permit
206.25.247.143 permit
206.25.247.155 permit
206.165.246.80/29 permit
206.191.224.0/19 permit
206.246.157.1 permit
207.46.4.128/25 permit
207.46.22.35 permit
207.46.22.98 permit
207.46.22.101 permit
207.46.50.72 permit
207.46.50.82 permit
207.46.50.192/26 permit
207.46.50.224 permit
207.46.51.64/26 permit
207.46.52.71 permit
207.46.52.79 permit
207.46.58.128/25 permit
207.46.100.0/24 permit
207.46.101.128/26 permit
207.46.116.128/29 permit
207.46.117.0/24 permit
207.46.132.128/27 permit
207.46.163.0/24 permit
207.46.198.0/25 permit
207.46.200.0/27 permit
207.67.38.0/24 permit
207.67.98.192/27 permit
207.68.176.0/26 permit
207.68.176.96/27 permit
207.82.80.0/24 permit
207.126.144.0/20 permit
207.171.160.0/19 permit
207.211.30.0/24 permit
207.211.31.0/25 permit
207.211.41.113 permit
207.218.90.0/24 permit
207.250.68.0/24 permit
208.40.232.70 permit
208.43.21.28/30 permit
208.43.21.64/29 permit
208.43.21.72/30 permit
208.43.239.136/30 permit
208.64.132.0/22 permit
208.66.139.0/25 permit
208.74.204.0/22 permit
208.74.204.9 permit
208.75.120.0/22 permit
208.75.122.246 permit
208.76.56.0/21 permit
208.78.68.0/22 permit
208.82.236.96/28 permit
208.82.237.96/28 permit
208.82.238.96/28 permit
208.85.50.137 permit
208.89.13.233 permit
208.89.13.234/31 permit
208.89.13.236/31 permit
208.89.14.201 permit
208.89.14.202/31 permit
208.89.14.204 permit
208.89.14.209 permit
208.117.48.0/20 permit
208.185.229.45 permit
208.201.241.163 permit
209.43.22.0/28 permit
209.46.117.168 permit
209.46.117.179 permit
209.61.151.0/24 permit
209.67.98.46 permit
209.67.98.59 permit
209.85.128.0/17 permit
212.4.136.0/26 permit
212.123.28.40/32 permit
212.227.15.0/24 permit
212.227.17.0/27 permit
212.227.126.128/25 permit
213.165.64.0/23 permit
213.167.75.0/24 permit
213.167.81.0/24 permit
213.199.128.139 permit
213.199.128.145 permit
213.199.138.181 permit
213.199.138.191 permit
213.199.154.0/24 permit
213.199.161.128/27 permit
213.199.177.0/26 permit
213.199.180.0/24 permit
216.17.150.242 permit
216.17.150.251 permit
216.32.180.0/23 permit
216.46.168.197 permit
216.46.168.222 permit
216.58.192.0/19 permit
216.99.5.67 permit
216.99.5.68 permit
216.113.160.0/24 permit
216.113.172.0/25 permit
216.113.175.0/24 permit
216.136.162.65 permit
216.136.162.120/29 permit
216.136.168.80/28 permit
216.146.32.0/20 permit
216.198.0.0/18 permit
216.203.30.55 permit
216.203.33.178/31 permit
216.205.24.0/24 permit
216.229.156.0/25 permit
216.239.32.0/19 permit
217.72.207.0/27 permit
217.77.141.52 permit
217.77.141.59 permit
217.175.193.0/24 permit
217.175.194.0/23 permit
217.175.196.0/24 permit
2001:4860:4000::/36 permit
2404:6800:4000::/36 permit
2607:f8b0:4000::/36 permit
2620:109:c003:104::/64 permit
2620:109:c006:104::/64 permit
2620:109:c00d:104::/64 permit
2620:119:50c0:207::/64 permit
2800:3f0:4000::/36 permit

View File

@ -0,0 +1,6 @@
/^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
5$1
/^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
5$1
/^4.7.5(.*)/
5.7.5$1

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT DISTINCT CASE WHEN '%d' IN (SELECT domain FROM domain WHERE relay_all_recipients=1 AND domain='%d' AND backupmx=1) THEN '%s' ELSE (SELECT goto FROM alias WHERE address='%s' AND active='1') END AS result;

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT IF( EXISTS( SELECT 'TLS_ACTIVE' FROM alias LEFT OUTER JOIN mailbox ON mailbox.username = alias.address WHERE (address='%s' OR address IN (SELECT CONCAT('%u', '@', target_domain) FROM alias_domain WHERE alias_domain='%d')) AND mailbox.tls_enforce_in = '1' AND mailbox.active = '1'), 'reject_plaintext_session', 'DUNNO') AS 'tls_enforce_in';

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT IF( EXISTS( SELECT 'TLS_ACTIVE' FROM alias LEFT OUTER JOIN mailbox ON mailbox.username = alias.address WHERE (address='%s' OR address IN (SELECT CONCAT('%u', '@', target_domain) FROM alias_domain WHERE alias_domain='%d')) AND mailbox.tls_enforce_out = '1' AND mailbox.active = '1'), 'smtp_enforced_tls:', 'DUNNO') AS 'tls_enforce_out';

View File

@ -0,0 +1,6 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias WHERE address='%s' AND active='1';

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT alias_domain from alias_domain WHERE alias_domain='%s' AND active='1' UNION SELECT domain FROM domain WHERE domain='%s' AND active = '1' AND backupmx = '0'

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '1' AND active = '1'

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM alias WHERE address='%s' AND active='1' AND domain IN(SELECT domain FROM domain WHERE domain='%d' AND active='1') UNION SELECT logged_in_as FROM sender_acl WHERE send_as='@%d' OR send_as='%s' OR send_as IN ( SELECT CONCAT ('@',target_domain) FROM alias_domain WHERE alias_domain = '%d') OR send_as IN ( SELECT CONCAT ('%u','@',target_domain) FROM alias_domain WHERE alias_domain = '%d' ) AND logged_in_as NOT IN (SELECT goto FROM alias WHERE address='%s') UNION SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' AND alias.address = CONCAT('%u','@',alias_domain.target_domain) AND alias.active ='1' AND alias_domain.active='1'

View File

@ -0,0 +1,5 @@
user = mailcow
password = mysafepasswd
hosts = mysql
dbname = mailcow
query = SELECT goto FROM spamalias WHERE address='%s' AND validity >= UNIX_TIMESTAMP()

View File

@ -0,0 +1,42 @@
bind_socket = inet:9900;
spamd {
servers = r:rspamd:11333;
connect_timeout = 1s;
results_timeout = 20s;
error_time = 10;
dead_time = 300;
maxerrors = 10;
reject_message = "Spam or virus message rejected due to high detection score";
whitelist = 127.0.0.1/32, [::1]/128;
spamd_soft_fail = yes;
rspamd_metric = "default";
extended_spam_headers = yes;
spam_header = "X-Spam-Flag";
spam_header_value = "YES";
};
redis {
servers_grey = redis:6379;
servers_limits = redis:6379;
servers_id = redis:6379;
id_prefix = "message_id.";
grey_prefix = "grey.";
white_prefix = "white.";
connect_timeout = 1s;
error_time = 10;
dead_time = 300;
maxerrors = 10;
};
tempdir = /tmp;
tempfiles_mode = 00600;
max_size = 20M;
strict_auth = yes;
use_dcc = no;
limits {
enable = false;
};
greylisting {
enable = false;
}
dkim {
enable = false;
};

View File

@ -0,0 +1,22 @@
<?php
ini_set('error_reporting', 0);
header('Content-Type: text/plain');
require_once "vars.inc.php";
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
$stmt = $pdo->query("SELECT `domain` FROM `domain`");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['domain'])) . PHP_EOL;
}
$stmt = $pdo->query("SELECT `alias_domain` FROM `alias_domain`");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['alias_domain'])) . PHP_EOL;
}
?>

View File

@ -0,0 +1,224 @@
<?php
/*
The match section performs AND operation on different matches: for example, if you have from and rcpt in the same rule,
then the rule matches only when from AND rcpt match. For similar matches, the OR rule applies: if you have multiple rcpt matches,
then any of these will trigger the rule. If a rule is triggered then no more rules are matched.
*/
ini_set('error_reporting', '0');
header('Content-Type: text/plain');
require_once "vars.inc.php";
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
?>
settings {
<?php
$stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'highspamlevel' OR `option` = 'lowspamlevel'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
$username_sane = preg_replace("/[^a-zA-Z0-9]+/", "", $row['object']);
?>
score_<?=$username_sane;?> {
priority = low;
<?php
$stmt = $pdo->prepare("SELECT `option`, `value` FROM `filterconf`
WHERE (`option` = 'highspamlevel' OR `option` = 'lowspamlevel')
AND `object`= :object");
$stmt->execute(array(':object' => $row['object']));
$spamscore = $stmt->fetchAll(PDO::FETCH_COLUMN|PDO::FETCH_GROUP);
$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
WHERE (`object`= :object OR `object`= :object_domain)
AND (`option` = 'blacklist_from' OR `option` = 'whitelist_from')");
$stmt->execute(array(':object' => $row['object'], ':object_domain' => substr(strrchr($row['object'], "@"), 1)));
$grouped_lists = $stmt->fetchAll(PDO::FETCH_COLUMN);
$value_sane = preg_replace("/\.\./", ".", (preg_replace("/\*/", ".*", $grouped_lists[0])));
?>
from = "/^((?!<?=$value_sane;?>).)*$/";
rcpt = "<?=$row['object'];?>";
<?php
$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :object_goto AND `address` NOT LIKE '@%' AND `address` != :object_address");
$stmt->execute(array(':object_goto' => $row['object'], ':object_address' => $row['object']));
$rows_aliases_1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row_aliases_1 = array_shift($rows_aliases_1)) {
?>
rcpt = "<?=$row_aliases_1['address'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `aliases` FROM `mailbox`
LEFT OUTER JOIN `alias_domain` on `mailbox`.`domain` = `alias_domain`.`target_domain`
WHERE `mailbox`.`username` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_aliases_2 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_2);
while ($row_aliases_2 = array_shift($rows_aliases_2)) {
if (!empty($row_aliases_2['aliases'])) {
?>
rcpt = "<?=$row_aliases_2['aliases'];?>";
<?php
}
}
?>
apply "default" {
actions {
reject = <?=$spamscore['highspamlevel'][0];?>;
greylist = <?=$spamscore['lowspamlevel'][0] - 1;?>;
"add header" = <?=$spamscore['lowspamlevel'][0];?>;
}
}
}
<?php
}
/*
// Start whitelist
*/
$stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'whitelist_from'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
$username_sane = preg_replace("/[^a-zA-Z0-9]+/", "", $row['object']);
?>
whitelist_<?=$username_sane;?> {
<?php
$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
WHERE `object`= :object
AND `option` = 'whitelist_from'");
$stmt->execute(array(':object' => $row['object']));
$grouped_lists = $stmt->fetchAll(PDO::FETCH_COLUMN);
$value_sane = preg_replace("/\.\./", ".", (preg_replace("/\*/", ".*", $grouped_lists[0])));
?>
from = "/(<?=$value_sane;?>)/";
<?php
if (!filter_var(trim($row['object']), FILTER_VALIDATE_EMAIL)) {
?>
priority = medium;
rcpt = "/.*@<?=$row['object'];?>/";
<?php
$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain`
WHERE `target_domain` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_domain_aliases = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_domain_aliases);
while ($row_domain_aliases = array_shift($rows_domain_aliases)) {
?>
rcpt = "/.*@<?=$row_domain_aliases['alias_domain'];?>/";
<?php
}
}
else {
?>
priority = high;
rcpt = "<?=$row['object'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :object_goto AND `address` NOT LIKE '@%' AND `address` != :object_address");
$stmt->execute(array(':object_goto' => $row['object'], ':object_address' => $row['object']));
$rows_aliases_wl_1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_wl_1);
while ($row_aliases_wl_1 = array_shift($rows_aliases_wl_1)) {
?>
rcpt = "<?=$row_aliases_wl_1['address'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `aliases` FROM `mailbox`
LEFT OUTER JOIN `alias_domain` on `mailbox`.`domain` = `alias_domain`.`target_domain`
WHERE `mailbox`.`username` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_aliases_wl_2 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_wl_2);
while ($row_aliases_wl_2 = array_shift($rows_aliases_wl_2)) {
if (!empty($row_aliases_wl_2['aliases'])) {
?>
rcpt = "<?=$row_aliases_wl_2['aliases'];?>";
<?php
}
}
?>
apply "default" {
MAILCOW_MOO = -999.0;
}
}
<?php
}
/*
// Start blacklist
*/
$stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'blacklist_from'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
$username_sane = preg_replace("/[^a-zA-Z0-9]+/", "", $row['object']);
?>
blacklist_<?=$username_sane;?> {
<?php
$stmt = $pdo->prepare("SELECT GROUP_CONCAT(REPLACE(`value`, '*', '.*') SEPARATOR '|') AS `value` FROM `filterconf`
WHERE `object`= :object
AND `option` = 'blacklist_from'");
$stmt->execute(array(':object' => $row['object']));
$grouped_lists = $stmt->fetchAll(PDO::FETCH_COLUMN);
$value_sane = preg_replace("/\.\./", ".", (preg_replace("/\*/", ".*", $grouped_lists[0])));
?>
from = "/(<?=$value_sane;?>)/";
<?php
if (!filter_var(trim($row['object']), FILTER_VALIDATE_EMAIL)) {
?>
priority = medium;
rcpt = "/.*@<?=$row['object'];?>/";
<?php
$stmt = $pdo->prepare("SELECT `alias_domain` FROM `alias_domain`
WHERE `target_domain` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_domain_aliases = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_domain_aliases);
while ($row_domain_aliases = array_shift($rows_domain_aliases)) {
?>
rcpt = "/.*@<?=$row_domain_aliases['alias_domain'];?>/";
<?php
}
}
else {
?>
priority = high;
rcpt = "<?=$row['object'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` = :object_goto AND `address` NOT LIKE '@%' AND `address` != :object_address");
$stmt->execute(array(':object_goto' => $row['object'], ':object_address' => $row['object']));
$rows_aliases_bl_1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_bl_1);
while ($row_aliases_bl_1 = array_shift($rows_aliases_bl_1)) {
?>
rcpt = "<?=$row_aliases_bl_1['address'];?>";
<?php
}
$stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `aliases` FROM `mailbox`
LEFT OUTER JOIN `alias_domain` on `mailbox`.`domain` = `alias_domain`.`target_domain`
WHERE `mailbox`.`username` = :object");
$stmt->execute(array(':object' => $row['object']));
$rows_aliases_bl_2 = $stmt->fetchAll(PDO::FETCH_ASSOC);
array_filter($rows_aliases_bl_2);
while ($row_aliases_bl_2 = array_shift($rows_aliases_bl_2)) {
if (!empty($row_aliases_bl_2['aliases'])) {
?>
rcpt = "<?=$row_aliases_bl_2['aliases'];?>";
<?php
}
}
?>
apply "default" {
MAILCOW_MOO = 999.0;
}
}
<?php
}
?>
}

View File

@ -0,0 +1,22 @@
<?php
ini_set('error_reporting', 0);
header('Content-Type: text/plain');
require_once "vars.inc.php";
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
$stmt = $pdo->query("SELECT `username` FROM `mailbox` WHERE `wants_tagged_subject` = '1'");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['username'])) . PHP_EOL;
}
$stmt = $pdo->query("SELECT CONCAT(mailbox.local_part, '@', alias_domain.alias_domain) as `tag_ad` FROM `mailbox` INNER JOIN `alias_domain` ON mailbox.domain = alias_domain.target_domain WHERE mailbox.wants_tagged_subject='1';");
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
while ($row = array_shift($rows)) {
echo strtolower(trim($row['tag_ad'])) . PHP_EOL;
}
?>

View File

@ -0,0 +1 @@
../../../web/inc/vars.inc.php

View File

@ -0,0 +1,34 @@
sign_condition =<<EOD
return function(task)
local smtp_from = task:get_from('smtp')
local mime_from = task:get_from('mime')
local rspamd_logger = require "rspamd_logger"
if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
domain = smtp_from[1]['domain']
rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
if not task:get_user() then
rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
return false
end
elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
domain = mime_from[1]['domain']
rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
else
rspamd_logger.infox(task, "cannot determine domain for dkim signing")
return false
end
local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
if keyfile then
rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
keyfile:close()
return {
key = "/data/dkim/keys/" .. domain .. ".dkim",
domain = domain,
selector = "dkim"
}
else
rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
end
return false
end
EOD;

View File

@ -0,0 +1,19 @@
actions {
reject = 15;
add_header = 5;
greylist = 4;
}
symbol "MAILCOW_AUTH" {
description = "mailcow authenticated";
score = -20.0;
}
group "bayes" {
symbol "BAYES_SPAM" {
weight = 7.5;
description = "Message probably spam, probability: ";
}
symbol "BAYES_HAM" {
weight = -2.5;
description = "Message probably ham, probability: ";
}
}

View File

@ -0,0 +1,3 @@
dns {
enable_dnssec = true;
}

View File

@ -0,0 +1 @@
servers = "redis:6379";

View File

@ -0,0 +1 @@
# rspamd.conf.local

View File

@ -0,0 +1,59 @@
classifier "bayes" {
tokenizer {
name = "osb";
}
backend = "redis";
servers = "redis:6379";
min_tokens = 11;
min_learns = 20;
autolearn = true;
per_user = <<EOD
return function(task)
local rcpt = task:get_recipients(1)
if rcpt then
one_rcpt = rcpt[1]
if one_rcpt['domain'] then
return one_rcpt['domain']
end
end
return nil
end
EOD
statfile {
symbol = "BAYES_HAM";
spam = false;
}
statfile {
symbol = "BAYES_SPAM";
spam = true;
}
learn_condition =<<EOD
return function(task, is_spam, is_unlearn)
local prob = task:get_mempool():get_variable('bayes_prob', 'double')
if prob then
local in_class = false
local cl
if is_spam then
cl = 'spam'
in_class = prob >= 0.95
else
cl = 'ham'
in_class = prob <= 0.05
end
if in_class then
return false,string.format('already in class %s; probability %.2f%%',
cl, math.abs((prob - 0.5) * 200.0))
end
end
return true
end
EOD
}

View File

@ -0,0 +1,75 @@
rspamd_config.MAILCOW_AUTH = {
callback = function(task)
local uname = task:get_user()
if uname then
return 1
end
end
}
rspamd_config.MAILCOW_MOO = function (task)
return true
end
local modify_subject_map = rspamd_config:add_map({
url = 'http://nginx:8081/tags.php',
type = 'map',
description = 'Map of users to use subject tags for'
})
local auth_domain_map = rspamd_config:add_map({
url = 'http://nginx:8081/authoritative.php',
type = 'map',
description = 'Map of domains we are authoritative for'
})
rspamd_config.ADD_DELIMITER_TAG = {
callback = function(task)
local util = require("rspamd_util")
local rspamd_logger = require "rspamd_logger"
local user_env_tagged = task:get_recipients(1)[1]['user']
local user_to_tagged = task:get_recipients(2)[1]['user']
local domain = task:get_recipients(1)[1]['domain']
local user_env, tag_env = user_env_tagged:match("([^+]+)+(.*)")
local user_to, tag_to = user_to_tagged:match("([^+]+)+(.*)")
local authdomain = auth_domain_map:get_key(domain)
if tag_env then
tag = tag_env
user = user_env
elseif tag_to then
tag = tag_to
user = user_env
end
if tag and authdomain then
rspamd_logger.infox("Domain %s is part of mailcow, start reading tag settings", domain)
local user_untagged = user .. '@' .. domain
rspamd_logger.infox("Querying tag settings for user %1", user_untagged)
if modify_subject_map:get_key(user_untagged) then
rspamd_logger.infox("User wants subject modified for tagged mail")
local sbj = task:get_header('Subject')
if tag then
rspamd_logger.infox("Found tag %1, will modify subject header", tag)
new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
task:set_rmilter_reply({
remove_headers = {['Subject'] = 1},
add_headers = {['Subject'] = new_sbj}
})
end
else
rspamd_logger.infox("Add X-Moo-Tag header")
task:set_rmilter_reply({
add_headers = {['X-Moo-Tag'] = 'YES'}
})
end
else
rspamd_logger.infox("Skip delimiter handling for untagged message or authenticated user")
end
return false
end
}

View File

@ -0,0 +1,3 @@
type = "console";
systemd = false;
.include "$CONFDIR/logging.inc"

View File

@ -0,0 +1,7 @@
bind_socket = "*:11334";
enable_password = "$2$pppq86q9uns51zd5ekfxecj7bxwaefo3$p7f9xdhamydjhtypcr639it3kqeiknx3dk9on7skjypyi8uwwcmy";
secure_ip = "192.168.0.0/16";
secure_ip = "172.16.0.0/12";
secure_ip = "10.0.0.0/8";
secure_ip = "127.0.0.1";
secure_ip = "::1";

View File

@ -0,0 +1 @@
bind_socket = "*:11333";

76
data/conf/sogo/sogo.conf Normal file
View File

@ -0,0 +1,76 @@
{
SOGoCalendarDefaultRoles = (
PublicViewer,
ConfidentialDAndTViewer,
PrivateDAndTViewer
);
WOWorkersCount = "20";
SOGoACLsSendEMailNotifications = YES;
SOGoAppointmentSendEMailNotifications = YES;
SOGoDraftsFolderName = "Drafts";
SOGoJunkFolderName= "Junk";
SOGoMailDomain = "sogo.local";
SOGoEnableEMailAlarms = NO;
SOGoFoldersSendEMailNotifications = YES;
SOGoForwardEnabled = YES;
// Multi-domain setup
// Domains are isolated, you can define visibility options here.
// Example:
// SOGoDomainsVisibility = (
// (domain1.tld, domain5.tld),
// (domain3.tld, domain2.tld)
// );
SOGoIMAPServer = "imap://dovecot:143/?tls=YES";
SOGoSieveServer = "sieve://dovecot:4190/?tls=YES";
SOGoSMTPServer = "postfix:588";
WOPort = "0.0.0.0:20000";
SOGoMemcachedHost = "memcached";
SOGoLanguage = English;
SOGoMailAuxiliaryUserAccountsEnabled = YES;
SOGoMailCustomFromEnabled = YES;
SOGoMailingMechanism = smtp;
SOGoSMTPAuthenticationType = plain;
SxVMemLimit = 512;
SOGoMaximumPingInterval = 354;
SOGoInternalSyncInterval = 30;
SOGoMaximumSyncInterval = 354;
SOGoMaximumSyncWindowSize = 0;
SOGoMaximumSyncResponseSize = 1024;
WOWatchDogRequestTimeout = 10;
WOListenQueueSize = 300;
WONoDetach = YES;
SOGoIMAPAclConformsToIMAPExt = Yes;
SOGoPageTitle = "SOGo Groupware";
SOGoFirstDayOfWeek = "1";
SOGoSieveFolderEncoding = "UTF-8";
SOGoPasswordChangeEnabled = NO;
SOGoSentFolderName = "Sent";
SOGoMailShowSubscribedFoldersOnly = NO;
NGImap4ConnectionStringSeparator = "/";
SOGoSieveScriptsEnabled = YES;
SOGoTrashFolderName = "Trash";
SOGoVacationEnabled = YES;
MySQL4Encoding = "utf8mb4";
//SOGoDebugRequests = YES;
//SoDebugBaseURL = YES;
//ImapDebugEnabled = YES;
//SOGoEASDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//PGDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//SOGoUIxDebugEnabled = YES;
//WODontZipResponse = YES;
}

385
data/web/add.php Normal file
View File

@ -0,0 +1,385 @@
<?php
require_once("inc/prerequisites.inc.php");
$AuthUsers = array("admin", "domainadmin", "user");
if (!isset($_SESSION['mailcow_cc_role']) OR !in_array($_SESSION['mailcow_cc_role'], $AuthUsers)) {
header('Location: /');
exit();
}
require_once("inc/header.inc.php");
?>
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><?=$lang['add']['title'];?></h3>
</div>
<div class="panel-body">
<?php
if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
if (isset($_GET['domain']) && $_SESSION['mailcow_cc_role'] == "admin") {
?>
<h4><?=$lang['add']['domain'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<div class="form-group">
<label class="control-label col-sm-2" for="domain"><?=$lang['add']['domain'];?>:</label>
<div class="col-sm-10">
<input type="text" autocorrect="off" autocapitalize="none" class="form-control" name="domain" id="domain">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="description"><?=$lang['add']['description'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="description" id="description">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="aliases"><?=$lang['add']['max_aliases'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="aliases" id="aliases" value="400">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="mailboxes"><?=$lang['add']['max_mailboxes'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="mailboxes" id="mailboxes" value="10">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="maxquota"><?=$lang['add']['mailbox_quota_m'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="maxquota" id="maxquota" value="3072">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="quota"><?=$lang['add']['domain_quota_m'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="quota" id="quota" value="10240">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2"><?=$lang['add']['backup_mx_options'];?></label>
<div class="col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="backupmx"> <?=$lang['add']['relay_domain'];?></label>
<br />
<label><input type="checkbox" name="relay_all_recipients"> <?=$lang['add']['relay_all'];?></label>
<p><?=$lang['add']['relay_all_info'];?></p>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_add_domain" class="btn btn-success"><?=$lang['add']['save'];?></button>
</div>
</div>
<p><span class="glyphicon glyphicon-exclamation-sign text-danger"></span> <?=$lang['add']['restart_sogo_hint'];?></p>
</form>
<?php
}
elseif (isset($_GET['alias'])) {
?>
<h4><?=$lang['add']['alias'];?></h4>
<p><?=$lang['add']['alias_spf_fail'];?></p>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<div class="form-group">
<label class="control-label col-sm-2" for="address"><?=$lang['add']['alias_address'];?></label>
<div class="col-sm-10">
<textarea autocorrect="off" autocapitalize="none" class="form-control" rows="5" name="address" id="address"></textarea>
<p><?=$lang['add']['alias_address_info'];?></p>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="goto"><?=$lang['add']['target_address'];?></label>
<div class="col-sm-10">
<textarea autocorrect="off" autocapitalize="none" class="form-control" rows="5" id="goto" name="goto"></textarea>
<p><?=$lang['add']['target_address_info'];?></p>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_add_alias" class="btn btn-success "><?=$lang['add']['save'];?></button>
</div>
</div>
</form>
<?php
}
elseif (isset($_GET['aliasdomain'])) {
?>
<h4><?=$lang['add']['alias_domain'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<div class="form-group">
<label class="control-label col-sm-2" for="alias_domain"><?=$lang['add']['alias_domain'];?></label>
<div class="col-sm-10">
<textarea autocorrect="off" autocapitalize="none" class="form-control" rows="5" name="alias_domain" id="alias_domain"></textarea>
<p><?=$lang['add']['alias_domain_info'];?></p>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="target_domain"><?=$lang['add']['target_domain'];?></label>
<div class="col-sm-10">
<select name="target_domain" id="target_domain" title="<?=$lang['add']['select'];?>" required>
<?php
foreach (mailbox_get_domains() as $domain) {
echo "<option>".htmlspecialchars($domain)."</option>";
}
?>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_add_alias_domain" class="btn btn-success "><?=$lang['add']['save'];?></button>
</div>
</div>
</form>
<?php
}
elseif (isset($_GET['mailbox'])) {
?>
<h4><?=$lang['add']['mailbox'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<div class="form-group">
<label class="control-label col-sm-2" for="local_part"><?=$lang['add']['mailbox_username'];?></label>
<div class="col-sm-10">
<input type="text" pattern="[A-Za-z0-9\.!#$%&'*+/=?^_`{|}~-]+" autocorrect="off" autocapitalize="none" class="form-control" name="local_part" id="local_part" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="domain"><?=$lang['add']['domain'];?>:</label>
<div class="col-sm-10">
<select id="addSelectDomain" name="domain" id="domain" title="<?=$lang['add']['select'];?>" required>
<?php
foreach (mailbox_get_domains() as $domain) {
echo "<option>".htmlspecialchars($domain)."</option>";
}
?>
</select>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="name"><?=$lang['add']['full_name'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="name" id="name">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="addInputQuota"><?=$lang['add']['quota_mb'];?>
<br /><span id="quotaBadge" class="badge">max. - MiB</span>
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="quota" min="1" max="" id="addInputQuota" disabled value="<?=$lang['add']['select_domain'];?>" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password"><?=$lang['add']['password'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" id="password" placeholder="">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password2"><?=$lang['add']['password_repeat'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password2" id="password2" placeholder="">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_add_mailbox" class="btn btn-success "><?=$lang['add']['save'];?></button>
</div>
</div>
</form>
<?php
}
elseif (isset($_GET['resource'])) {
?>
<h4><?=$lang['add']['resource'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<div class="form-group">
<label class="control-label col-sm-2" for="description"><?=$lang['add']['description'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="description" id="description" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="domain"><?=$lang['add']['domain'];?>:</label>
<div class="col-sm-10">
<select name="domain" id="domain" title="<?=$lang['add']['select'];?>" required>
<?php
foreach (mailbox_get_domains() as $domain) {
echo "<option>".htmlspecialchars($domain)."</option>";
}
?>
</select>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="domain"><?=$lang['add']['kind'];?>:</label>
<div class="col-sm-10">
<select name="kind" id="kind" title="<?=$lang['add']['select'];?>" required>
<option value="location">Location</option>
<option value="group">Group</option>
<option value="thing">Thing</option>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="multiple_bookings" checked> <?=$lang['add']['multiple_bookings'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_add_resource" class="btn btn-success "><?=$lang['add']['save'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "user")) {
if (isset($_GET['syncjob'])) {
?>
<h4><?=$lang['add']['syncjob'];?></h4>
<p><?=$lang['add']['syncjob_hint'];?></p>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<div class="form-group">
<label class="control-label col-sm-2" for="host1"><?=$lang['add']['hostname'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="host1" id="host1" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="port1">Port</label>
<div class="col-sm-10">
<input type="number" class="form-control" name="port1" id="port1" min="1" max="65535" value="143" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="user1"><?=$lang['add']['username'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="user1" id="user1" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password1"><?=$lang['add']['password'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="password1" id="password1" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="enc1"><?=$lang['add']['enc_method'];?></label>
<div class="col-sm-10">
<select name="enc1" id="enc1" title="<?=$lang['add']['select'];?>" required>
<option selected>TLS</option>
<option>SSL</option>
<option>PLAIN</option>
</select>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="mins_interval"><?=$lang['add']['mins_interval'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="mins_interval" min="10" max="3600" value="20" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="subfolder2" id="subfolder2" value="External">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="maxage"><?=$lang['edit']['maxage'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="maxage" id="maxage" min="0" max="32000" value="0">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="exclude"><?=$lang['add']['exclude'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="exclude" id="exclude" value="(?i)spam|(?i)junk">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="delete2duplicates" checked> <?=$lang['add']['delete2duplicates'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="add_syncjob" value="1" class="btn btn-success "><?=$lang['add']['save'];?></button>
</div>
</div>
</form>
<?php
}
}
else {
?>
<div class="alert alert-danger" role="alert"><?=$lang['danger']['access_denied'];?></div>
<?php
}
?>
</div>
</div>
</div>
</div>
<a href="<?=$_SESSION['return_to'];?>">&#8592; <?=$lang['add']['previous'];?></a>
</div> <!-- /container -->
<script src="js/add.js"></script>
<?php
require_once("inc/footer.inc.php");
?>

311
data/web/admin.php Normal file
View File

@ -0,0 +1,311 @@
<?php
require_once("inc/prerequisites.inc.php");
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
require_once("inc/header.inc.php");
$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
$tfa_data = get_tfa();
?>
<div class="container">
<h4><span class="glyphicon glyphicon-user" aria-hidden="true"></span> <?=$lang['admin']['access'];?></h4>
<div class="panel-group" id="accordion_access">
<div class="panel panel-danger">
<div class="panel-heading"><?=$lang['admin']['admin_details'];?></div>
<div class="panel-body">
<form class="form-horizontal" autocapitalize="none" autocorrect="off" role="form" method="post">
<?php $admindetails = get_admin_details(); ?>
<div class="form-group">
<label class="control-label col-sm-3" for="admin_user"><?=$lang['admin']['admin'];?>:</label>
<div class="col-sm-9">
<input type="text" class="form-control" name="admin_user" id="admin_user" value="<?=htmlspecialchars($admindetails['username']);?>" required>
&rdsh; <kbd>a-z A-Z - _ .</kbd>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3" for="admin_pass"><?=$lang['admin']['password'];?>:</label>
<div class="col-sm-9">
<input type="password" class="form-control" name="admin_pass" id="admin_pass" placeholder="<?=$lang['admin']['unchanged_if_empty'];?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-3" for="admin_pass2"><?=$lang['admin']['password_repeat'];?>:</label>
<div class="col-sm-9">
<input type="password" class="form-control" name="admin_pass2" id="admin_pass2">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9">
<button type="submit" name="edit_admin_account" class="btn btn-default"><?=$lang['admin']['save'];?></button>
</div>
</div>
</form>
<hr>
<div class="row">
<div class="col-sm-3 col-xs-5 text-right"><?=$lang['tfa']['tfa'];?>:</div>
<div class="col-sm-9 col-xs-7">
<p id="tfa_pretty"><?=$tfa_data['pretty'];?></p>
<div id="tfa_additional">
<?php if($tfa_data['additional']):
foreach ($tfa_data['additional'] as $key_info): ?>
<form style="display:inline;" method="post">
<input type="hidden" name="unset_tfa_key" value="<?=$key_info['id'];?>" />
<div style="padding:4px;margin:4px" class="label label-<?=($_SESSION['tfa_id'] == $key_info['id']) ? 'success' : 'default'; ?>">
<?=$key_info['key_id'];?>
<a href="#" style="font-weight:bold;color:white" onClick="$(this).closest('form').submit()">[<?=strtolower($lang['admin']['remove']);?>]</a>
</div>
</form>
<?php endforeach;
endif;?>
</div>
<br />
</div>
</div>
<div class="row">
<div class="col-sm-3 col-xs-5 text-right"><?=$lang['tfa']['set_tfa'];?>:</div>
<div class="col-sm-9 col-xs-7">
<select data-width="auto" id="selectTFA" class="selectpicker" title="<?=$lang['tfa']['select'];?>">
<option value="yubi_otp"><?=$lang['tfa']['yubi_otp'];?></option>
<option value="u2f"><?=$lang['tfa']['u2f'];?></option>
<option value="none"><?=$lang['tfa']['none'];?></option>
</select>
</div>
</div>
</div>
</div>
<div class="panel panel-default">
<div style="cursor:pointer;" class="panel-heading" data-toggle="collapse" data-parent="#accordion_access" data-target="#collapseDomAdmins">
<span class="accordion-toggle"><?=$lang['admin']['domain_admins'];?></span>
</div>
<div id="collapseDomAdmins" class="panel-collapse collapse">
<div class="panel-body">
<form method="post">
<div class="table-responsive">
<table class="table table-striped sortable-theme-bootstrap" data-sortable id="domainadminstable">
<thead>
<tr>
<th class="sort-table" style="min-width: 100px;"><?=$lang['admin']['username'];?></th>
<th class="sort-table" style="min-width: 166px;"><?=$lang['admin']['admin_domains'];?></th>
<th class="sort-table" style="min-width: 76px;"><?=$lang['admin']['active'];?></th>
<th class="sort-table" style="min-width: 76px;"><?=$lang['tfa']['tfa'];?></th>
<th style="text-align: right; min-width: 200px;" data-sortable="false"><?=$lang['admin']['action'];?></th>
</tr>
</thead>
<tbody>
<?php
foreach (get_domain_admins() as $domain_admin) {
$da_data = get_domain_admin_details($domain_admin);
if (!empty($da_data)):
?>
<tr id="data">
<td><?=htmlspecialchars(strtolower($domain_admin));?></td>
<td>
<?php
foreach ($da_data['selected_domains'] as $domain) {
echo htmlspecialchars($domain).'<br />';
}
?>
</td>
<td><?=$da_data['active'];?></td>
<td><?=empty($da_data['tfa_active_int']) ? "" : "";?></td>
<td style="text-align: right;">
<div class="btn-group">
<a href="edit.php?domainadmin=<?=$domain_admin;?>" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> <?=$lang['admin']['edit'];?></a>
<a href="delete.php?domainadmin=<?=$domain_admin;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
</div>
</td>
</td>
</tr>
<?php
else:
?>
<tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
<?php
endif;
}
?>
</tbody>
</table>
</div>
</form>
<small>
<legend><?=$lang['admin']['add_domain_admin'];?></legend>
<form class="form-horizontal" role="form" method="post">
<div class="form-group">
<label class="control-label col-sm-2" for="username"><?=$lang['admin']['username'];?>:</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="username" id="username" required>
&rdsh; <kbd>a-z A-Z - _ .</kbd>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="name"><?=$lang['admin']['admin_domains'];?>:</label>
<div class="col-sm-10">
<select title="<?=$lang['admin']['search_domain_da'];?>" style="width:100%" name="domain[]" size="5" multiple>
<?php
foreach (mailbox_get_domains() as $domain) {
echo "<option>".htmlspecialchars($domain)."</option>";
}
?>
</select>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password"><?=$lang['admin']['password'];?>:</label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" id="password" placeholder="">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password2"><?=$lang['admin']['password_repeat'];?>:</label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password2" id="password2" placeholder="">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" checked> <?=$lang['admin']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="add_domain_admin" class="btn btn-default"><?=$lang['admin']['add'];?></button>
</div>
</div>
</form>
</small>
</div>
</div>
</div>
</div>
<h4><span class="glyphicon glyphicon-wrench" aria-hidden="true"></span> <?=$lang['admin']['configuration'];?></h4>
<div class="panel panel-default">
<div class="panel-heading"><?=$lang['admin']['dkim_keys'];?></div>
<div id="collapseDKIM" class="panel-collapse">
<div class="panel-body">
<p style="margin-bottom:40px"><?=$lang['admin']['dkim_key_hint'];?></p>
<?php
foreach(mailbox_get_domains() as $domain) {
if (!empty($dkim = dkim_get_key_details($domain))) {
?>
<div class="row">
<div class="col-xs-3">
<p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br />
<span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
<span class="label label-info"><?=$dkim['length'];?> bit</span>
</p>
</div>
<div class="col-xs-8">
<pre><?=$dkim['dkim_txt'];?></pre>
</div>
<div class="col-xs-1">
<form class="form-inline" method="post">
<input type="hidden" name="domain" value="<?=$domain;?>">
<input type="hidden" name="dkim_delete_key" value="1">
<a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
</form>
</div>
</div>
<?php
}
else {
?>
<div class="row">
<div class="col-xs-3">
<p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br /><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
</div>
<div class="col-xs-8"><pre>-</pre></div>
<div class="col-xs-1">&nbsp;</div>
</div>
<?php
}
foreach(mailbox_get_alias_domains($domain) as $alias_domain) {
if (!empty($dkim = dkim_get_key_details($alias_domain))) {
?>
<div class="row">
<div class="col-xs-offset-1 col-xs-2">
<p><small> Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small>
<span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
<span class="label label-info"><?=$dkim['length'];?> bit</span>
</p>
</div>
<div class="col-xs-8">
<pre><?=$dkim['dkim_txt'];?></pre>
</div>
<div class="col-xs-1">
<form class="form-inline" method="post">
<input type="hidden" name="domain" value="<?=$alias_domain;?>">
<input type="hidden" name="dkim_delete_key" value="1">
<a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
</form>
</div>
</div>
<?php
}
else {
?>
<div class="row">
<div class="col-xs-2 col-xs-offset-1">
<p><small> Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
</div>
<div class="col-xs-8"><pre>-</pre></div>
<div class="col-xs-1">&nbsp;</div>
</div>
<?php
}
}
}
foreach(dkim_get_blind_keys() as $blind) {
if (!empty($dkim = dkim_get_key_details($blind))) {
?>
<div class="row">
<div class="col-xs-3">
<p>Domain: <strong><?=htmlspecialchars($blind);?></strong><br /><span class="label label-warning"><?=$lang['admin']['dkim_key_unused'];?></span></p>
</div>
<div class="col-xs-8">
<pre><?=$dkim['dkim_txt'];?></pre>
</div>
<div class="col-xs-1">
<form class="form-inline" method="post">
<input type="hidden" name="domain" value="<?=$blind;?>">
<input type="hidden" name="dkim_delete_key" value="1">
<a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
</form>
</div>
</div>
<?php
}
}
?>
<legend style="margin-top:40px"><?=$lang['admin']['dkim_add_key'];?></legend>
<form class="form-inline" role="form" method="post">
<div class="form-group">
<label for="domain">Domain</label>
<input class="form-control" id="domain" name="domain" placeholder="example.org" required>
</div>
<div class="form-group">
<select data-width="200px" class="form-control" id="key_size" name="key_size" title="<?=$lang['admin']['dkim_key_length'];?>" required>
<option data-subtext="bits">1024</option>
<option data-subtext="bits">2048</option>
</select>
</div>
<button type="submit" name="dkim_add_key" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
</form>
</div>
</div>
</div>
</div> <!-- /container -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js" integrity="sha384-YWP9O4NjmcGo4oEJFXvvYSEzuHIvey+LbXkBNJ1Kd0yfugEZN9NCQNpRYBVC1RvA" crossorigin="anonymous"></script>
<script src="js/sorttable.js"></script>
<script src="js/admin.js"></script>
<?php
require_once("inc/footer.inc.php");
} else {
header('Location: /');
exit();
}
?>

69
data/web/autoconfig.php Normal file
View File

@ -0,0 +1,69 @@
<?php
require_once "inc/vars.inc.php";
if (empty($mailcow_hostname)) { exit(); }
header("Content-Type: application/xml");
?>
<?='<?xml version="1.0"?>';?>
<clientConfig version="1.1">
<emailProvider id="<?=$mailcow_hostname;?>">
<displayName>A mailcow mail server</displayName>
<displayShortName>mail server</displayShortName>
<incomingServer type="imap">
<hostname><?=$mailcow_hostname;?></hostname>
<port>993</port>
<socketType>SSL</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
</incomingServer>
<incomingServer type="imap">
<hostname><?=$mailcow_hostname;?></hostname>
<port>143</port>
<socketType>STARTTLS</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
</incomingServer>
<incomingServer type="pop3">
<hostname><?=$mailcow_hostname;?></hostname>
<port>995</port>
<socketType>SSL</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
</incomingServer>
<incomingServer type="pop3">
<hostname><?=$mailcow_hostname;?></hostname>
<port>110</port>
<socketType>STARTTLS</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
</incomingServer>
<outgoingServer type="smtp">
<hostname><?=$mailcow_hostname;?></hostname>
<port>465</port>
<socketType>SSL</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
</outgoingServer>
<outgoingServer type="smtp">
<hostname><?=$mailcow_hostname;?></hostname>
<port>587</port>
<socketType>STARTTLS</socketType>
<username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication>
</outgoingServer>
<enable visiturl="https://<?=$mailcow_hostname;?>/admin.php">
<instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction>
<instruction lang="de">Sollten Sie das Ihnen durch den Administrator vergebene Passwort noch nicht geändert haben, empfehlen wir dies nun zu tun. Auch ein altes Passwort sollte aus Sicherheitsgründen geändert werden.</instruction>
</enable>
</emailProvider>
<webMail>
<loginPage url="https://<?=$mailcow_hostname;?>/SOGo/" />
</webMail>
</clientConfig>

142
data/web/autodiscover.php Normal file
View File

@ -0,0 +1,142 @@
<?php
require_once 'inc/vars.inc.php';
require_once 'inc/functions.inc.php';
ini_set('error_reporting', '0');
$config = array(
'useEASforOutlook' => 'yes',
'autodiscoverType' => 'activesync',
'imap' => array(
'server' => $mailcow_hostname,
'port' => '993',
'ssl' => 'on',
),
'smtp' => array(
'server' => $mailcow_hostname,
'port' => '465',
'ssl' => 'on'
),
'activesync' => array(
'url' => 'https://'.$mailcow_hostname.'/Microsoft-Server-ActiveSync'
)
);
if(file_exists('inc/vars.local.inc.php')) {
include_once 'inc/vars.local.inc.php';
}
/* ---------- DO NOT MODIFY ANYTHING BEYOND THIS LINE. IGNORE AT YOUR OWN RISK. ---------- */
if ($config['useEASforOutlook'] == 'no') {
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Outlook')) {
$config['autodiscoverType'] = 'imap';
}
}
$dsn = "$database_type:host=$database_host;dbname=$database_name";
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
$login_user = strtolower(trim($_SERVER['PHP_AUTH_USER']));
$as = check_login($login_user, $_SERVER['PHP_AUTH_PW']);
if (!isset($_SERVER['PHP_AUTH_USER']) OR $as !== "user") {
header('WWW-Authenticate: Basic realm=""');
header('HTTP/1.0 401 Unauthorized');
exit;
} else {
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
if ($as === "user") {
header("Content-Type: application/xml");
echo '<?xml version="1.0" encoding="utf-8" ?><Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">';
$data = trim(file_get_contents("php://input"));
if(!$data) {
list($usec, $sec) = explode(' ', microtime());
echo '<Response>';
echo '<Error Time="' . date('H:i:s', $sec) . substr($usec, 0, strlen($usec) - 2) . '" Id="2477272013">';
echo '<ErrorCode>600</ErrorCode><Message>Invalid Request</Message><DebugData /></Error>';
echo '</Response>';
echo '</Autodiscover>';
exit(0);
}
$discover = new SimpleXMLElement($data);
$email = $discover->Request->EMailAddress;
if ($config['autodiscoverType'] == 'imap') {
?>
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
<Account>
<AccountType>email</AccountType>
<Action>settings</Action>
<Protocol>
<Type>IMAP</Type>
<Server><?php echo $config['imap']['server']; ?></Server>
<Port><?php echo $config['imap']['port']; ?></Port>
<DomainRequired>off</DomainRequired>
<LoginName><?php echo $email; ?></LoginName>
<SPA>off</SPA>
<SSL><?php echo $config['imap']['ssl']; ?></SSL>
<AuthRequired>on</AuthRequired>
</Protocol>
<Protocol>
<Type>SMTP</Type>
<Server><?php echo $config['smtp']['server']; ?></Server>
<Port><?php echo $config['smtp']['port']; ?></Port>
<DomainRequired>off</DomainRequired>
<LoginName><?php echo $email; ?></LoginName>
<SPA>off</SPA>
<SSL><?php echo $config['smtp']['ssl']; ?></SSL>
<AuthRequired>on</AuthRequired>
<UsePOPAuth>on</UsePOPAuth>
<SMTPLast>off</SMTPLast>
</Protocol>
</Account>
</Response>
<?php
}
else if ($config['autodiscoverType'] == 'activesync') {
$username = trim($email);
try {
$stmt = $pdo->prepare("SELECT `name` FROM `mailbox` WHERE `username`= :username");
$stmt->execute(array(':username' => $username));
$MailboxData = $stmt->fetch(PDO::FETCH_ASSOC);
}
catch(PDOException $e) {
die("Failed to determine name from SQL");
}
if (!empty($MailboxData['name'])) {
$displayname = utf8_encode($MailboxData['name']);
}
else {
$displayname = $email;
}
?>
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:en</Culture>
<User>
<DisplayName><?php echo $displayname; ?></DisplayName>
<EMailAddress><?php echo $email; ?></EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url><?php echo $config['activesync']['url']; ?></Url>
<Name><?php echo $config['activesync']['url']; ?></Name>
</Server>
</Settings>
</Action>
</Response>
<?php
}
?>
</Autodiscover>
<?php
}
}
}
?>

View File

@ -0,0 +1,40 @@
<?php
session_start();
$AuthUsers = array("admin");
if (!isset($_SESSION['mailcow_cc_role']) OR !in_array($_SESSION['mailcow_cc_role'], $AuthUsers)) {
echo "Not allowed." . PHP_EOL;
exit();
}
if ($_GET['ACTION'] == "start") {
$request = xmlrpc_encode_request("supervisor.startProcessGroup", 'sogo-group', array('encoding'=>'utf-8'));
$context = stream_context_create(array('http' => array(
'method' => "POST",
'header' => "Content-Length: " . strlen($request),
'content' => $request
)));
$file = @file_get_contents("http://sogo:9191/RPC2", false, $context) or die("Cannot connect to $remote_server:$listener_port");
$response = xmlrpc_decode($file);
if (isset($response['faultString'])) {
echo '<b><span class="pull-right text-warning">' . $response['faultString'] . '</span></b>';
}
else {
echo '<b><span class="pull-right text-success">OK</span></b>';
}
}
elseif ($_GET['ACTION'] == "stop") {
$request = xmlrpc_encode_request("supervisor.stopProcessGroup", 'sogo-group', array('encoding'=>'utf-8'));
$context = stream_context_create(array('http' => array(
'method' => "POST",
'header' => "Content-Length: " . strlen($request),
'content' => $request
)));
$file = @file_get_contents("http://sogo:9191/RPC2", false, $context) or die("Cannot connect to $remote_server:$listener_port");
$response = xmlrpc_decode($file);
if (isset($response['faultString'])) {
echo '<b><span class="pull-right text-warning">' . $response['faultString'] . '</span></b>';
}
else {
echo '<b><span class="pull-right text-success">OK</span></b>';
}
}
?>

6
data/web/css/bootstrap-select.min.css vendored Normal file

File diff suppressed because one or more lines are too long

41
data/web/css/bootstrap-slider.min.css vendored Normal file

File diff suppressed because one or more lines are too long

10
data/web/css/bootstrap-switch.min.css vendored Normal file

File diff suppressed because one or more lines are too long

19
data/web/css/mailbox.css Normal file
View File

@ -0,0 +1,19 @@
.panel-heading div {
margin-top: -18px;
font-size: 15px;
}
.panel-heading div span {
margin-left:5px;
}
.panel-body {
display: none;
}
.clickable {
cursor: pointer;
}
.progress {
margin-bottom: 0px;
}
.table>thead>tr>th {
vertical-align: top !important;
}

46
data/web/css/mailcow.css Normal file
View File

@ -0,0 +1,46 @@
#maxmsgsize { min-width: 80px; }
#slider1 .slider-selection {
background: #FFD700;
}
#slider1 .slider-track-high {
background: #FF4500;
}
#slider1 .slider-track-low {
background: #66CD00;
}
.striped:nth-child(odd) {
background-color: #fff;
}
.striped:nth-child(even) {
background-color: #fafafa;
border:1px solid white;
}
.btn {
text-transform: none;
}
.glyphicon-spin {
font-size:12px;
-webkit-animation: spin 2000ms infinite linear;
animation: spin 2000ms infinite linear;
}
@-webkit-keyframes spin {
0% {
-webkit-transform: rotate(0deg);
transform: rotate(0deg);
}
100% {
-webkit-transform: rotate(359deg);
transform: rotate(359deg);
}
}
@keyframes spin {
0% {
-webkit-transform: rotate(0deg);
transform: rotate(0deg);
}
100% {
-webkit-transform: rotate(359deg);
transform: rotate(359deg);
}
}
pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;}

79
data/web/css/tables.css Normal file
View File

@ -0,0 +1,79 @@
ul[id*="sortable"] { word-wrap: break-word; list-style-type: none; float: left; padding: 0 15px 0 0; width: 48%; cursor:move}
ul[id$="sortable-active"] li {cursor:move; }
ul[id$="sortable-inactive"] li {cursor:move }
.list-heading { cursor:default !important}
.ui-state-disabled { cursor:no-drop; color:#ccc; }
.ui-state-highlight {background: #F5F5F5 !important; height: 41px !important; cursor:move }
table[data-sortable] {
border-collapse: collapse;
border-spacing: 0;
}
table[data-sortable] th {
vertical-align: bottom;
font-weight: bold;
}
table[data-sortable] th, table[data-sortable] td {
text-align: left;
padding: 10px;
}
table[data-sortable] th:not([data-sortable="false"]) {
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
-o-user-select: none;
user-select: none;
-webkit-tap-highlight-color: rgba(0, 0, 0, 0);
-webkit-touch-callout: none;
cursor: pointer;
}
table[data-sortable] th:after {
content: "";
visibility: hidden;
display: inline-block;
vertical-align: inherit;
height: 0;
width: 0;
border-width: 5px;
border-style: solid;
border-color: transparent;
margin-right: 1px;
margin-left: 10px;
float: right;
}
table[data-sortable] th[data-sortable="false"]:after {
display: none;
}
table[data-sortable] th[data-sorted="true"]:after {
visibility: visible;
}
table[data-sortable] th[data-sorted-direction="descending"]:after {
border-top-color: inherit;
margin-top: 8px;
}
table[data-sortable] th[data-sorted-direction="ascending"]:after {
border-bottom-color: inherit;
margin-top: 3px;
}
table[data-sortable].sortable-theme-bootstrap thead th {
border-bottom: 2px solid #e0e0e0;
}
table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"] {
color: #3a87ad;
background: #d9edf7;
border-bottom-color: #bce8f1;
}
table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"][data-sorted-direction="descending"]:after {
border-top-color: #3a87ad;
}
table[data-sortable].sortable-theme-bootstrap th[data-sorted="true"][data-sorted-direction="ascending"]:after {
border-bottom-color: #3a87ad;
}
table[data-sortable].sortable-theme-bootstrap.sortable-theme-bootstrap-striped tbody > tr:nth-child(odd) > td {
background-color: #f9f9f9;
}
#data td, #no-data td {
vertical-align: middle;
}
.sort-table:hover {
border-bottom-color: #00B7DC !important;
}

212
data/web/delete.php Normal file
View File

@ -0,0 +1,212 @@
<?php
require_once("inc/prerequisites.inc.php");
$AuthUsers = array("admin", "domainadmin", "user");
if (!isset($_SESSION['mailcow_cc_role']) OR !in_array($_SESSION['mailcow_cc_role'], $AuthUsers)) {
header('Location: /');
exit();
}
require_once("inc/header.inc.php");
?>
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><?=$lang['delete']['title'];?></h3>
</div>
<div class="panel-body">
<?php
if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
// DELETE DOMAIN
if (isset($_GET["domain"]) &&
is_valid_domain_name($_GET["domain"]) &&
!empty($_GET["domain"]) &&
$_SESSION['mailcow_cc_role'] == "admin") {
$domain = $_GET["domain"];
?>
<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_domain_warning'], htmlspecialchars($_GET["domain"]));?></div>
<p><?=$lang['delete']['remove_domain_details'];?></p>
<form class="form-horizontal" role="form" method="post" action="/mailbox.php">
<input type="hidden" name="domain" value="<?php echo htmlspecialchars($domain) ?>">
<div class="form-group">
<div class="col-sm-offset-1 col-sm-10">
<button type="submit" name="mailbox_delete_domain" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
</div>
</div>
</form>
<?php
}
// DELETE ALIAS
elseif (isset($_GET["alias"]) &&
(filter_var($_GET["alias"], FILTER_VALIDATE_EMAIL) || is_valid_domain_name(substr(strrchr($_GET["alias"], "@"), 1))) &&
!empty($_GET["alias"])) {
$domain = substr(strrchr($_GET["alias"], "@"), 1);
if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
?>
<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_alias_warning'], htmlspecialchars($_GET["alias"]));?></div>
<p><?=$lang['delete']['remove_alias_details'];?></p>
<form class="form-horizontal" role="form" method="post" action="/mailbox.php">
<input type="hidden" name="address" value="<?php echo htmlspecialchars($_GET["alias"]) ?>">
<div class="form-group">
<div class="col-sm-offset-1 col-sm-10">
<button type="submit" name="mailbox_delete_alias" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
// DELETE ALIAS DOMAIN
elseif (
isset($_GET["aliasdomain"]) &&
is_valid_domain_name($_GET["aliasdomain"]) &&
!empty($_GET["aliasdomain"])) {
$alias_domain = $_GET["aliasdomain"];
$result = mailbox_get_alias_domain_details($alias_domain);
if (!empty($result)) {
?>
<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_domainalias_warning'], htmlspecialchars($_GET["aliasdomain"]));?></div>
<form class="form-horizontal" role="form" method="post" action="/mailbox.php">
<input type="hidden" name="alias_domain" value="<?php echo htmlspecialchars($alias_domain) ?>">
<div class="form-group">
<div class="col-sm-offset-1 col-sm-10">
<button type="submit" name="mailbox_delete_alias_domain" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
// DELETE DOMAIN ADMIN
elseif (isset($_GET["domainadmin"]) &&
ctype_alnum(str_replace(array('_', '.', '-'), '', $_GET["domainadmin"])) &&
!empty($_GET["domainadmin"]) &&
$_SESSION['mailcow_cc_role'] == "admin") {
$domain_admin = $_GET["domainadmin"];
?>
<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_domainadmin_warning'], htmlspecialchars($_GET["domainadmin"]));?></div>
<form class="form-horizontal" role="form" method="post" action="/admin.php">
<input type="hidden" name="username" value="<?=htmlspecialchars($domain_admin);?>">
<div class="form-group">
<div class="col-sm-offset-1 col-sm-10">
<button type="submit" name="delete_domain_admin" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
</div>
</div>
</form>
<?php
}
// DELETE MAILBOX
elseif (isset($_GET["mailbox"]) &&
filter_var($_GET["mailbox"], FILTER_VALIDATE_EMAIL) &&
!empty($_GET["mailbox"])) {
$mailbox = $_GET["mailbox"];
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {
?>
<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_mailbox_warning'], htmlspecialchars($mailbox));?></div>
<p><?=$lang['delete']['remove_mailbox_details'];?></p>
<form class="form-horizontal" role="form" method="post" action="/mailbox.php">
<input type="hidden" name="username" value="<?=htmlspecialchars($mailbox);?>">
<div class="form-group">
<div class="col-sm-offset-1 col-sm-10">
<button type="submit" name="mailbox_delete_mailbox" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
// DELETE RESOURCE
elseif (isset($_GET["resource"]) &&
filter_var($_GET["resource"], FILTER_VALIDATE_EMAIL) &&
!empty($_GET["resource"])) {
$resource = $_GET["resource"];
if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $resource)) {
?>
<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_resource_warning'], htmlspecialchars($resource));?></div>
<p><?=$lang['delete']['remove_resource_details'];?></p>
<form class="form-horizontal" role="form" method="post" action="/mailbox.php">
<input type="hidden" name="name" value="<?=htmlspecialchars($resource);?>">
<div class="form-group">
<div class="col-sm-offset-1 col-sm-10">
<button type="submit" name="mailbox_delete_resource" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "user")) {
// DELETE SYNCJOB
if (isset($_GET["syncjob"]) &&
is_numeric($_GET["syncjob"]) &&
filter_var($_SESSION['mailcow_cc_username'], FILTER_VALIDATE_EMAIL)) {
$id = $_GET["syncjob"];
$result = get_syncjob_details($id);
if (!empty($result)) {
?>
<div class="alert alert-warning" role="alert"><?=sprintf($lang['delete']['remove_syncjob_warning'], htmlspecialchars($result['user2']));?></div>
<p><?=$lang['delete']['remove_syncjob_details'];?></p>
<form class="form-horizontal" role="form" method="post" action="/user.php">
<input type="hidden" name="username" value="<?=htmlspecialchars($mailbox);?>">
<div class="form-group">
<div class="col-sm-offset-1 col-sm-10">
<input type="hidden" name="id" value="<?=$_GET["syncjob"];?>">
<button type="submit" name="delete_syncjob" value="1" class="btn btn-default btn-sm"><?=$lang['delete']['remove_button'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
else {
?>
<div class="alert alert-danger" role="alert"><?=$lang['danger']['access_denied'];?></div>
<?php
}
?>
</div>
</div>
</div>
</div>
<a href="<?=$_SESSION['return_to'];?>">&#8592; <?=$lang['delete']['previous'];?></a>
</div> <!-- /container -->
<?php
require_once("inc/footer.inc.php");
?>

664
data/web/edit.php Normal file
View File

@ -0,0 +1,664 @@
<?php
require_once("inc/prerequisites.inc.php");
$AuthUsers = array("admin", "domainadmin", "user");
if (!isset($_SESSION['mailcow_cc_role']) OR !in_array($_SESSION['mailcow_cc_role'], $AuthUsers)) {
header('Location: /');
exit();
}
require_once("inc/header.inc.php");
?>
<div class="container">
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><?=$lang['edit']['title'];?></h3>
</div>
<div class="panel-body">
<?php
if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin")) {
if (isset($_GET["alias"]) &&
!empty($_GET["alias"])) {
$alias = $_GET["alias"];
$result = mailbox_get_alias_details($alias);
if (!empty($result)) {
?>
<h4><?=$lang['edit']['alias'];?></h4>
<br />
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<input type="hidden" name="address" value="<?=htmlspecialchars($alias);?>">
<div class="form-group">
<label class="control-label col-sm-2" for="goto"><?=$lang['edit']['target_address'];?></label>
<div class="col-sm-10">
<textarea class="form-control" autocapitalize="none" autocorrect="off" rows="10" id="goto" name="goto"><?=htmlspecialchars($result['goto']) ?></textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" <?php if (isset($result['active_int']) && $result['active_int']=="1") { echo "checked"; }; ?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_edit_alias" class="btn btn-success btn-sm"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
elseif (isset($_GET['domainadmin']) &&
ctype_alnum(str_replace(array('_', '.', '-'), '', $_GET["domainadmin"])) &&
!empty($_GET["domainadmin"]) &&
$_GET["domainadmin"] != 'admin' &&
$_SESSION['mailcow_cc_role'] == "admin") {
$domain_admin = $_GET["domainadmin"];
$result = get_domain_admin_details($domain_admin);
if (!empty($result)) {
?>
<h4><?=$lang['edit']['domain_admin'];?></h4>
<br />
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<input type="hidden" name="username_now" value="<?=htmlspecialchars($domain_admin);?>">
<div class="form-group">
<label class="control-label col-sm-2" for="username"><?=$lang['edit']['username'];?></label>
<div class="col-sm-10">
<input class="form-control" type="text" name="username" value="<?=htmlspecialchars($domain_admin);?>" />
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="domain"><?=$lang['edit']['domains'];?></label>
<div class="col-sm-10">
<select id="domain" name="domain[]" multiple>
<?php
foreach ($result['selected_domains'] as $domain):
?>
<option selected><?=htmlspecialchars($domain);?></option>
<?php
endforeach;
foreach ($result['unselected_domains'] as $domain):
?>
<option><?=htmlspecialchars($domain);?></option>
<?php
endforeach;
?>
</select>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password"><?=$lang['edit']['password'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" id="password" placeholder="">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password2"><?=$lang['edit']['password_repeat'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password2" id="password2">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" <?php if (isset($result['active_int']) && $result['active_int']=="1") { echo "checked"; }; ?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="disable_tfa"> <?=$lang['tfa']['disable_tfa'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="edit_domain_admin" class="btn btn-success btn-sm"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
elseif (isset($_GET['domain']) &&
is_valid_domain_name($_GET["domain"]) &&
!empty($_GET["domain"])) {
$domain = $_GET["domain"];
$result = mailbox_get_domain_details($domain);
if (!empty($result)) {
?>
<h4><?=$lang['edit']['domain'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<input type="hidden" name="domain" value="<?=htmlspecialchars($domain);?>">
<div class="form-group">
<label class="control-label col-sm-2" for="description"><?=$lang['edit']['description'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="description" id="description" value="<?=htmlspecialchars($result['description']);?>">
</div>
</div>
<?php
if ($_SESSION['mailcow_cc_role'] == "admin") {
?>
<div class="form-group">
<label class="control-label col-sm-2" for="aliases"><?=$lang['edit']['max_aliases'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="aliases" id="aliases" value="<?=intval($result['max_num_aliases_for_domain']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="mailboxes"><?=$lang['edit']['max_mailboxes'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="mailboxes" id="mailboxes" value="<?=intval($result['max_num_mboxes_for_domain']);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="maxquota"><?=$lang['edit']['max_quota'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="maxquota" id="maxquota" value="<?=intval($result['max_new_mailbox_quota'] / 1048576);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="quota"><?=$lang['edit']['domain_quota'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="quota" id="quota" value="<?=intval($result['max_quota_for_domain'] / 1048576);?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2"><?=$lang['edit']['backup_mx_options'];?></label>
<div class="col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="backupmx" <?=(isset($result['backupmx_int']) && $result['backupmx_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_domain'];?></label>
<br />
<label><input type="checkbox" name="relay_all_recipients" <?=(isset($result['relay_all_recipients_int']) && $result['relay_all_recipients_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_all'];?></label>
<p><?=$lang['edit']['relay_all_info'];?></p>
</div>
</div>
</div>
<?php
}
?>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" <?=(isset($result['active_int']) && $result['active_int']=="1") ? "checked" : null;?> <?=($_SESSION['mailcow_cc_role'] == "admin") ? null : "disabled";?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_edit_domain" class="btn btn-success btn-sm"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
if (!empty($dkim = dkim_get_key_details($domain))) {
?>
<hr>
<div class="row">
<div class="col-xs-2">
<p>Domain: <strong><?=htmlspecialchars($result['domain_name']);?></strong> (dkim._domainkey)</p>
</div>
<div class="col-xs-10">
<pre><?=$dkim['dkim_txt'];?></pre>
</div>
</div>
<?php
}
?>
<hr>
<div class="row">
<div class="col-sm-6">
<h4><span class="glyphicon glyphicon-thumbs-up" aria-hidden="true"></span> <?=$lang['user']['spamfilter_wl'];?></h4>
<p><?=$lang['user']['spamfilter_wl_desc'];?></p>
<div class="row">
<div class="col-sm-6"><b><?=$lang['user']['spamfilter_table_rule'];?></b></div>
<div class="col-sm-6"><b><?=$lang['user']['spamfilter_table_action'];?></b></div>
</div>
<?php
$get_policy_list = get_policy_list($domain);
if (empty($get_policy_list['whitelist'])):
?>
<div class="row">
<div class="col-sm-12"><i><?=$lang['user']['spamfilter_table_empty'];?></i></div>
</div>
<?php
else:
foreach($get_policy_list['whitelist'] as $wl):
?>
<div class="row striped">
<form class="form-inline" method="post">
<div class="col-xs-6"><code><?=$wl['value'];?></code></div>
<div class="col-xs-6">
<?php
if ($wl['object'] == $domain):
?>
<input type="hidden" name="delete_prefid" value="<?=$wl['prefid'];?>">
<input type="hidden" name="delete_policy_list_item">
<input type="hidden" name="domain" value="<?=$domain;?>">
<a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
<?php
else:
?>
<span style="cursor:not-allowed"><?=$lang['user']['spamfilter_table_domain_policy'];?></span>
<?php
endif;
?>
</div>
</form>
</div>
<?php
endforeach;
endif;
?>
<hr style="margin:5px 0px 7px 0px">
<div class="row">
<form class="form-inline" method="post">
<div class="col-xs-6">
<input type="text" class="form-control input-sm" name="object_from" id="object_from" placeholder="*@example.org" required>
<input type="hidden" name="object_list" value="wl">
<input type="hidden" name="domain" value="<?=$domain;?>">
</div>
<div class="col-xs-6">
<button type="submit" name="add_policy_list_item" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
</div>
</form>
</div>
</div>
<div class="col-sm-6">
<h4><span class="glyphicon glyphicon-thumbs-down" aria-hidden="true"></span> <?=$lang['user']['spamfilter_bl'];?></h4>
<p><?=$lang['user']['spamfilter_bl_desc'];?></p>
<div class="row">
<div class="col-sm-6"><b><?=$lang['user']['spamfilter_table_rule'];?></b></div>
<div class="col-sm-6"><b><?=$lang['user']['spamfilter_table_action'];?></b></div>
</div>
<?php
if (empty($get_policy_list['blacklist'])):
?>
<div class="row">
<div class="col-sm-12"><i><?=$lang['user']['spamfilter_table_empty'];?></i></div>
</div>
<?php
else:
foreach($get_policy_list['blacklist'] as $bl):
?>
<div class="row striped">
<form class="form-inline" method="post">
<div class="col-xs-6"><code><?=$bl['value'];?></code></div>
<div class="col-xs-6">
<input type="hidden" name="delete_prefid" value="<?=$bl['prefid'];?>">
<?php
if ($bl['object'] == $domain):
?>
<input type="hidden" name="delete_policy_list_item">
<input type="hidden" name="domain" value="<?=$domain;?>">
<a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
<?php
else:
?>
<span style="cursor:not-allowed"><?=$lang['user']['spamfilter_table_domain_policy'];?></span>
<?php
endif;
?>
</div>
</form>
</div>
<?php
endforeach;
endif;
?>
<hr style="margin:5px 0px 7px 0px">
<div class="row">
<form class="form-inline" method="post">
<div class="col-xs-6">
<input type="text" class="form-control input-sm" name="object_from" id="object_from" placeholder="*@example.org" required>
<input type="hidden" name="object_list" value="bl">
<input type="hidden" name="domain" value="<?=$domain;?>">
</div>
<div class="col-xs-6">
<button type="submit" name="add_policy_list_item" class="btn btn-xs btn-default"><?=$lang['user']['spamfilter_table_add'];?></button>
</div>
</form>
</div>
</div>
</div>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
elseif (isset($_GET['aliasdomain']) &&
is_valid_domain_name($_GET["aliasdomain"]) &&
!empty($_GET["aliasdomain"])) {
$alias_domain = $_GET["aliasdomain"];
$result = mailbox_get_alias_domain_details($alias_domain);
if (!empty($result)) {
?>
<h4><?=$lang['edit']['edit_alias_domain'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<input type="hidden" name="alias_domain_now" value="<?=htmlspecialchars($alias_domain);?>">
<div class="form-group">
<label class="control-label col-sm-2" for="alias_domain"><?=$lang['edit']['alias_domain'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="alias_domain" id="alias_domain" value="<?=htmlspecialchars($result['alias_domain']);?>">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" <?=(isset($result['active_int']) && $result['active_int']=="1") ? "checked" : null ?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_edit_alias_domain" class="btn btn-success btn-sm"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
if (!empty($dkim = dkim_get_key_details($alias_domain))) {
?>
<hr>
<div class="row">
<div class="col-xs-2">
<p>Domain: <strong><?=htmlspecialchars($result['alias_domain']);?></strong> (dkim._domainkey)</p>
</div>
<div class="col-xs-10">
<pre><?=$dkim['dkim_txt'];?></pre>
</div>
</div>
<?php
}
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
elseif (isset($_GET['mailbox']) && filter_var($_GET["mailbox"], FILTER_VALIDATE_EMAIL) && !empty($_GET["mailbox"])) {
$mailbox = $_GET["mailbox"];
$result = mailbox_get_mailbox_details($mailbox);
if (!empty($result)) {
?>
<h4><?=$lang['edit']['mailbox'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<input type="hidden" name="username" value="<?=htmlspecialchars($result['username']);?>">
<div class="form-group">
<label class="control-label col-sm-2" for="name"><?=$lang['edit']['full_name'];?>:</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="name" id="name" value="<?=htmlspecialchars($result['name'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="quota"><?=$lang['edit']['quota_mb'];?>:
<br /><span id="quotaBadge" class="badge">max. <?=intval($result['max_new_quota'] / 1048576)?> MiB</span>
</label>
<div class="col-sm-10">
<input type="number" name="quota" id="quota" id="destroyable" style="width:100%" min="1" max="<?=intval($result['max_new_quota'] / 1048576);?>" value="<?=intval($result['quota']) / 1048576;?>" class="form-control">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="sender_acl"><?=$lang['edit']['sender_acl'];?>:</label>
<div class="col-sm-10">
<select data-width="50%" style="width:100%" id="sender_acl" name="sender_acl[]" size="10" multiple>
<?php
$sender_acl_handles = mailbox_get_sender_acl_handles($mailbox);
foreach ($sender_acl_handles['sender_acl_domains']['ro'] as $domain):
?>
<option data-subtext="Admin" value="<?=htmlspecialchars($domain);?>" disabled selected><?=htmlspecialchars(sprintf($lang['edit']['dont_check_sender_acl'], $domain));?></option>
<?php
endforeach;
foreach ($sender_acl_handles['sender_acl_addresses']['ro'] as $domain):
?>
<option data-subtext="Admin" disabled selected><?=htmlspecialchars($alias);?></option>
<?php
endforeach;
foreach ($sender_acl_handles['fixed_sender_aliases'] as $alias):
?>
<option data-subtext="Alias" disabled selected><?=htmlspecialchars($alias);?></option>
<?php
endforeach;
foreach ($sender_acl_handles['sender_acl_domains']['rw'] as $domain):
?>
<option value="<?=htmlspecialchars($domain);?>" selected><?=htmlspecialchars(sprintf($lang['edit']['dont_check_sender_acl'], $domain));?></option>
<?php
endforeach;
foreach ($sender_acl_handles['sender_acl_domains']['selectable'] as $domain):
?>
<option value="<?=htmlspecialchars($domain);?>"><?=htmlspecialchars(sprintf($lang['edit']['dont_check_sender_acl'], $domain));?></option>
<?php
endforeach;
foreach ($sender_acl_handles['sender_acl_addresses']['rw'] as $address):
?>
<option selected><?=htmlspecialchars($address);?></option>
<?php
endforeach;
foreach ($sender_acl_handles['sender_acl_addresses']['selectable'] as $address):
?>
<option><?=htmlspecialchars($address);?></option>
<?php
endforeach;
?>
</select>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password"><?=$lang['edit']['password'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password" id="password" placeholder="<?=$lang['edit']['unchanged_if_empty'];?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password2"><?=$lang['edit']['password_repeat'];?></label>
<div class="col-sm-10">
<input type="password" class="form-control" name="password2" id="password2">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" <?=($result['active_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_edit_mailbox" class="btn btn-success btn-sm"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
}
}
elseif (isset($_GET['resource']) && filter_var($_GET["resource"], FILTER_VALIDATE_EMAIL) && !empty($_GET["resource"])) {
$resource = $_GET["resource"];
$result = mailbox_get_resource_details($resource);
if (!empty($result)) {
?>
<h4><?=$lang['edit']['resource'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<input type="hidden" name="name" value="<?=htmlspecialchars($result['name']);?>">
<div class="form-group">
<label class="control-label col-sm-2" for="description"><?=$lang['add']['description'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="description" id="description" value="<?=htmlspecialchars($result['description'], ENT_QUOTES, 'UTF-8');?>" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="domain"><?=$lang['edit']['kind'];?>:</label>
<div class="col-sm-10">
<select name="kind" id="kind" title="<?=$lang['edit']['select'];?>" required>
<option value="location" <?=($result['kind'] == "location") ? "selected" : null;?>>Location</option>
<option value="group" <?=($result['kind'] == "group") ? "selected" : null;?>>Group</option>
<option value="thing" <?=($result['kind'] == "thing") ? "selected" : null;?>>Thing</option>
</select>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" <?=($result['active_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="multiple_bookings" <?=($result['multiple_bookings_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['multiple_bookings'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="mailbox_edit_resource" class="btn btn-success btn-sm"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "user")) {
if (isset($_GET['syncjob']) &&
is_numeric($_GET['syncjob'])) {
$id = $_GET["syncjob"];
$result = get_syncjob_details($id);
if (!empty($result)) {
?>
<h4><?=$lang['edit']['syncjob'];?></h4>
<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
<input type="hidden" name="id" value="<?=htmlspecialchars($result['id']);?>">
<div class="form-group">
<label class="control-label col-sm-2" for="host1"><?=$lang['edit']['hostname'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="host1" id="host1" value="<?=htmlspecialchars($result['host1'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="port1">Port</label>
<div class="col-sm-10">
<input type="number" class="form-control" name="port1" id="port1" min="1" max="65535" value="<?=htmlspecialchars($result['port1'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="user1"><?=$lang['edit']['username'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="user1" id="user1" value="<?=htmlspecialchars($result['user1'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="password1"><?=$lang['edit']['password'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="password1" id="password1" value="<?=htmlspecialchars($result['password1'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="enc1"><?=$lang['edit']['encryption'];?>:</label>
<div class="col-sm-10">
<select id="enc1" name="enc1">
<option <?=($result['enc1'] == "TLS") ? "selected" : null;?>>TLS</option>
<option <?=($result['enc1'] == "SSL") ? "selected" : null;?>>SSL</option>
<option <?=($result['enc1'] == "PLAIN") ? "selected" : null;?>>PLAIN</option>
</select>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="mins_interval"><?=$lang['edit']['mins_interval'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="mins_interval" min="10" max="3600" value="<?=htmlspecialchars($result['mins_interval'], ENT_QUOTES, 'UTF-8');?>" required>
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="subfolder2"><?=$lang['edit']['subfolder2'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="subfolder2" id="subfolder2" value="<?=htmlspecialchars($result['subfolder2'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="maxage"><?=$lang['edit']['maxage'];?></label>
<div class="col-sm-10">
<input type="number" class="form-control" name="maxage" id="maxage" value="<?=htmlspecialchars($result['maxage'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<label class="control-label col-sm-2" for="exclude"><?=$lang['edit']['exclude'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="exclude" id="exclude" value="<?=htmlspecialchars($result['exclude'], ENT_QUOTES, 'UTF-8');?>">
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<label><input type="checkbox" name="active" <?=($result['active']=="1") ? "checked" : "";?>> <?=$lang['edit']['active'];?></label>
</div>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" name="edit_syncjob" value="1" class="btn btn-success btn-sm"><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
<?php
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
else {
?>
<div class="alert alert-info" role="alert"><?=$lang['info']['no_action'];?></div>
<?php
}
}
else {
?>
<div class="alert alert-danger" role="alert"><?=$lang['danger']['access_denied'];?></div>
<?php
}
?>
</div>
</div>
</div>
</div>
<a href="<?=$_SESSION['return_to'];?>">&#8592; <?=$lang['edit']['previous'];?></a>
</div> <!-- /container -->
<?php
require_once("inc/footer.inc.php");
?>

BIN
data/web/favicon.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.7 KiB

View File

@ -0,0 +1,197 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.1"
id="Layer_1"
x="0px"
y="0px"
width="446.22601"
height="396.02499"
viewBox="0 0 446.226 396.02499"
enable-background="new 0 0 1600 1200"
xml:space="preserve"
inkscape:version="0.91 r13725"
sodipodi:docname="cow_mailcow.svg"><metadata
id="metadata144"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title /></cc:Work></rdf:RDF></metadata><defs
id="defs142" /><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1097"
inkscape:window-height="1138"
id="namedview140"
showgrid="false"
inkscape:zoom="1.1125147"
inkscape:cx="261.00704"
inkscape:cy="233.97883"
inkscape:window-x="814"
inkscape:window-y="0"
inkscape:window-maximized="0"
inkscape:current-layer="Layer_1"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0" /><g
id="g3"
transform="translate(-576.88698,-401.988)"><g
id="g5"><g
id="g7"><g
id="email"><path
d="m 890.306,557.81 29.26,11.373 0,172.027 c 0,9.753 -7.895,17.649 -17.638,17.649 l -235.998,0 c -9.743,0 -17.638,-7.896 -17.638,-17.649 l 0,-172.026 29.259,-8.937"
id="path10"
inkscape:connector-curvature="0"
style="fill:#5a3620" /><path
d="M 758.871,656.221 649.49,747.45 c 2.507,6.648 8.901,11.409 16.44,11.409 l 235.998,0 c 7.536,0 13.933,-4.761 16.444,-11.409 l -107.402,-91.229 -52.099,0 z"
id="path12"
inkscape:connector-curvature="0"
style="fill:#fee70f;fill-opacity:0.89499998" /><g
id="g14"><path
d="m 810.391,656.686 107.981,90.764 c -0.331,0.881 -0.744,1.726 -1.205,2.536 l 0.028,0.035 c 1.501,-2.596 2.371,-5.594 2.371,-8.81 l 0,-172.004 -109.175,87.479 z"
id="path16"
inkscape:connector-curvature="0"
style="fill:#f9e82d;fill-opacity:1" /><path
d="m 649.49,747.45 108.864,-90.764 -110.061,-87.479 0,172.003 c 0,3.216 0.876,6.214 2.367,8.81 l 0.039,-0.035 c -0.466,-0.809 -0.877,-1.654 -1.209,-2.535 z"
id="path18"
inkscape:connector-curvature="0"
style="fill:#f9e82d;fill-opacity:1" /></g></g><path
d="m 961.81,681.214 c 0,0 -15.232,16.783 -42.244,14.73 l 0,28.14 c 13.328,-5.185 47.061,-20.036 56.854,-40.809 l -14.61,-2.061 z"
id="path20"
inkscape:connector-curvature="0"
style="fill:#b58765" /><path
d="m 984.594,658.413 c 3.59,-9.156 7.701,-11 9.346,-11.346 -49.276,4.542 -32.99,38.693 -32.99,38.693 0,0 6.229,14.728 26.532,13.892 27.063,0.461 35.631,-50.166 35.631,-50.166 -6.654,11.655 -26.404,9.876 -38.519,8.927 z"
id="path22"
inkscape:connector-curvature="0"
style="fill:#fef3df" /><ellipse
cx="787.75098"
cy="788.54498"
rx="210.864"
ry="9.4680004"
id="ellipse24"
style="fill:#f1f2f2" /><path
d="m 783.931,446.247 c -66.396,0 -120.223,53.827 -120.223,120.223 0,66.396 53.827,120.221 120.223,120.221 66.397,0 120.222,-53.825 120.222,-120.221 0,-66.395 -53.825,-120.223 -120.222,-120.223 z m -11.96,215.702 c -53.009,0 -95.982,-43.855 -95.982,-97.953 0,-54.098 42.973,-97.952 95.982,-97.952 53.007,0 95.98,43.855 95.98,97.952 -10e-4,54.098 -42.973,97.953 -95.98,97.953 z"
id="path26"
inkscape:connector-curvature="0"
style="opacity:0.1;fill:#3d5263" /><g
id="g28"><g
id="g30"><polyline
points="691.144,492.5 673.257,540.276 686.55,605.582 712.496,631.852 "
id="polyline32"
style="fill:#3d5263" /><g
id="g34"><g
id="g36"><polyline
points="658.248,450.81 673.501,487.076 693.836,496.903 724.04,458.731 "
id="polyline38"
style="fill:#fef3df" /><g
id="g40"><path
d="m 710.634,473.205 c 0,0 -22.482,-25.556 -49.793,-18.975 0,0 4.667,34.118 46.349,44.019 l 2.61,8.533 c 0,0 -65.612,-9.689 -59.339,-67.593 0,0 49.008,-19.884 72.598,15.106"
id="path42"
inkscape:connector-curvature="0"
style="fill:#b58765" /><polyline
points="909.697,450.81 894.447,487.076 874.114,496.903 843.907,458.731 "
id="polyline44"
style="fill:#fef3df" /><path
d="m 857.314,473.205 c 0,0 22.48,-25.556 49.79,-18.975 0,0 -4.664,34.118 -46.347,44.019 l -2.613,8.533 c 0,0 65.611,-9.689 59.339,-67.593 0,0 -49.006,-19.884 -72.6,15.106"
id="path46"
inkscape:connector-curvature="0"
style="fill:#b58765" /></g></g><path
d="m 726.619,647.067 55.945,0 16.40428,-204.81407 c -55.814,0 -112.41728,30.01707 -112.41728,77.85207 0,1.454 0.085,2.787 0.121,4.175 0.127,3.934 0.448,7.585 0.856,11.135 1.689,14.816 5.451,27.177 8.461,43.383 1.452,7.831 5.002,23.374 5.002,23.374 0.056,0.408 0.165,0.804 0.224,1.211 2.535,16.546 11.832,32.027 25.404,43.684 z"
id="path48"
inkscape:connector-curvature="0"
style="fill:#b58765"
sodipodi:nodetypes="cccscccccc" /><path
d="m 781.992,433.489 0,213.577 55.944,0 c 13.572,-11.657 22.867,-27.138 25.406,-43.684 0.058,-0.407 0.163,-0.803 0.221,-1.211 0,0 3.549,-15.543 5.002,-23.374 3.011,-16.206 6.774,-28.567 8.464,-43.381 0.405,-3.552 0.724,-7.203 0.846,-11.137 0.042,-1.388 0.126,-2.721 0.126,-4.175 0,-47.834 -40.191,-86.615 -96.009,-86.615 z"
id="path50"
inkscape:connector-curvature="0"
style="fill:#b58765" /><g
id="g52"><g
id="g54"><path
d="m 860.944,613.502 c 0,28.321 -35.091,51.289 -78.383,51.289 -43.299,0 -78.388,-22.968 -78.388,-51.289 0,-28.325 35.089,-51.289 78.388,-51.289 43.292,0 78.383,22.964 78.383,51.289 z"
id="path56"
inkscape:connector-curvature="0"
style="fill:#fef3df" /></g></g><g
id="g58"><g
id="g60"><g
id="g62"><path
d="m 747.044,605.582 c 0,6.215 -5.04,11.256 -11.261,11.256 -6.21,0 -11.253,-5.041 -11.253,-11.256 0,-6.223 5.043,-11.257 11.253,-11.257 6.22,0 11.261,5.034 11.261,11.257 z"
id="path64"
inkscape:connector-curvature="0"
style="fill:#5a3620" /></g></g><g
id="g66"><g
id="g68"><path
d="m 840.856,605.582 c 0,6.215 -5.037,11.256 -11.257,11.256 -6.218,0 -11.259,-5.041 -11.259,-11.256 0,-6.223 5.041,-11.257 11.259,-11.257 6.22,0 11.257,5.034 11.257,11.257 z"
id="path70"
inkscape:connector-curvature="0"
style="fill:#5a3620" /></g></g></g><g
id="g72"><path
d="m 875.228,525.835 c 0.354,-3.113 0.634,-6.311 0.743,-9.754 0.035,-1.218 0.109,-2.384 0.109,-3.661 0,-40.785 -33.369,-74.043 -80.237,-75.775 l -7.335,0.005 c -0.003,0 -0.003,0 -0.006,0 -0.007,0.018 -28.632,88.422 76.583,140.268 0.946,-4.317 2.078,-9.585 2.73,-13.088 2.64,-14.196 5.934,-25.021 7.413,-37.995 z"
id="path74"
inkscape:connector-curvature="0"
style="fill:#87654a" /></g><g
id="g76"><g
id="g78"><g
id="g80"><g
id="g82"><path
d="m 843.907,519.681 c 0,6.964 -5.65,12.611 -12.618,12.611 -6.963,0 -12.614,-5.646 -12.614,-12.611 0,-6.97 5.651,-12.614 12.614,-12.614 6.968,0 12.618,5.644 12.618,12.614 z"
id="path84"
inkscape:connector-curvature="0"
style="fill:#5a3620" /></g></g></g><g
id="g86"><g
id="g88"><g
id="g90"><path
d="m 752.028,519.681 c 0,6.964 -5.649,12.611 -12.612,12.611 -6.969,0 -12.612,-5.646 -12.612,-12.611 0,-6.97 5.642,-12.614 12.612,-12.614 6.964,0 12.612,5.644 12.612,12.614 z"
id="path92"
inkscape:connector-curvature="0"
style="fill:#5a3620" /></g></g></g><g
id="g94"><g
id="g96"><path
d="m 748.75,515.894 c 0,2.558 -2.071,4.629 -4.63,4.629 -2.558,0 -4.633,-2.072 -4.633,-4.629 0,-2.552 2.076,-4.626 4.633,-4.626 2.559,0 4.63,2.073 4.63,4.626 z"
id="path98"
inkscape:connector-curvature="0"
style="fill:#ffffff" /></g></g><g
id="g100"><g
id="g102"><path
d="m 839.771,515.894 c 0,2.558 -2.073,4.629 -4.629,4.629 -2.558,0 -4.631,-2.072 -4.631,-4.629 0,-2.552 2.072,-4.626 4.631,-4.626 2.555,0 4.629,2.073 4.629,4.626 z"
id="path104"
inkscape:connector-curvature="0"
style="fill:#ffffff" /></g></g></g></g><path
d="m 734.557,443.625 c 0,0 -18.236,-25.199 0,-41.637 0,0 13.125,32.012 40.242,31.502"
id="path106"
inkscape:connector-curvature="0"
style="fill:#fef3df" /><path
d="m 834.496,443.625 c 0,0 18.236,-25.199 0,-41.637 0,0 -13.126,32.012 -40.242,31.502"
id="path108"
inkscape:connector-curvature="0"
style="fill:#fef3df" /><path
d="m 786.264,431.965 c -66.396,0 -120.223,53.827 -120.223,120.223 0,66.396 53.827,120.221 120.223,120.221 66.397,0 120.222,-53.825 120.222,-120.221 10e-4,-66.395 -53.825,-120.223 -120.222,-120.223 z m -11.96,215.702 c -53.009,0 -95.982,-43.855 -95.982,-97.953 0,-54.098 42.973,-97.952 95.982,-97.952 53.007,0 95.979,43.855 95.979,97.952 0,54.098 -42.972,97.953 -95.979,97.953 z"
id="path110"
inkscape:connector-curvature="0"
style="fill:#f1f2f2" /></g><g
id="g112"><path
d="m 781.737,436.751 c 66.396,0 120.221,53.827 120.221,120.223 0,30.718 -11.526,58.74 -30.482,79.991 21.636,-21.74 35.01,-51.708 35.01,-84.803 0,-66.395 -53.825,-120.222 -120.222,-120.222 -35.678,0 -67.721,15.549 -89.739,40.233 21.772,-21.879 51.91,-35.422 85.212,-35.422 z"
id="path114"
inkscape:connector-curvature="0"
style="fill:#ffffff" /></g></g><path
d="m 919.566,695.944 c 0,0 7.562,0.712 13.317,-0.502 l 13.013,16.12 c 0,0 -17.639,9.525 -26.33,12.523 l 0,-28.141 z"
id="path116"
inkscape:connector-curvature="0"
style="opacity:0.1;fill:#3d5263" /></g><path
d="m 648.292,659.614 0,81.645 c 0,9.72 7.88,17.6 17.6,17.6 l 236.073,0 c 9.72,0 17.6,-7.88 17.6,-17.6 l 0,-24.902 c 10e-4,0 -175.814,35.524 -271.273,-56.743 z"
id="path124"
inkscape:connector-curvature="0"
style="opacity:0.1;fill:#3d5263" /></g><g
id="g126" /></g></svg>

After

Width:  |  Height:  |  Size: 12 KiB

BIN
data/web/img/yubi.ico Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.1 KiB

225
data/web/inc/footer.inc.php Normal file
View File

@ -0,0 +1,225 @@
<?php
include("inc/tfa_modals.php");
if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin"):
?>
<div id="RestartSOGo" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title"><?=$lang['footer']['restart_sogo'];?></h4>
</div>
<div class="modal-body">
<p><?=$lang['footer']['restart_sogo_info'];?></p>
<hr />
<button class="btn btn-md btn-primary" id="triggerRestartSogo"><?=$lang['footer']['restart_now'];?></button>
<br /><br />
<div id="statusTriggerRestartSogo"></div>
</div>
</div>
</div>
</div>
<?php
endif;
?>
<div style="margin-bottom:100px"></div>
<script src="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js"></script>
<script src="/js/bootstrap-switch.min.js"></script>
<script src="/js/bootstrap-slider.min.js"></script>
<script src="/js/bootstrap-select.min.js"></script>
<script src="/js/u2f-api.js"></script>
<script>
// Select language and reopen active URL without POST
function setLang(sel) {
$.post( "<?=$_SERVER['REQUEST_URI'];?>", {lang: sel} );
window.location.href = window.location.pathname + window.location.search;
}
$(document).ready(function() {
// Confirm TFA modal
<?php if (isset($_SESSION['pending_tfa_method'])):?>
$('#ConfirmTFAModal').modal({
backdrop: 'static',
keyboard: false
});
$('#ConfirmTFAModal').on('shown.bs.modal', function(){
$(this).find('#token').focus();
// If U2F
if(document.getElementById("u2f_auth_data") !== null) {
$.ajax({
type: "GET",
cache: false,
dataType: 'script',
url: "json_api.php",
data: {
'action':'get_u2f_auth_challenge',
'object':'<?=(isset($_SESSION['pending_mailcow_cc_username'])) ? $_SESSION['pending_mailcow_cc_username'] : null;?>',
},
success: function(data){
data;
}
});
setTimeout(function() {
console.log("sign: ", req);
u2f.sign(req, function(data) {
var form = document.getElementById('u2f_auth_form');
var auth = document.getElementById('u2f_auth_data');
console.log("Authenticate callback", data);
auth.value = JSON.stringify(data);
form.submit();
});
}, 1000);
}
});
<?php endif; ?>
// Set TFA modals
$('#selectTFA').change(function () {
if ($(this).val() == "yubi_otp") {
$('#YubiOTPModal').modal('show');
$("option:selected").prop("selected", false);
}
if ($(this).val() == "u2f") {
$('#U2FModal').modal('show');
$("option:selected").prop("selected", false);
$.ajax({
type: "GET",
cache: false,
dataType: 'script',
url: "json_api.php",
data: {
'action':'get_u2f_reg_challenge',
'object':'<?=(isset($_SESSION['mailcow_cc_username'])) ? $_SESSION['mailcow_cc_username'] : null;?>',
},
success: function(data){
data;
}
});
setTimeout(function() {
console.log("Register: ", req);
u2f.register([req], sigs, function(data) {
var form = document.getElementById('u2f_reg_form');
var reg = document.getElementById('u2f_register_data');
console.log("Register callback", data);
if (data.errorCode && data.errorCode != 0) {
var u2f_return_code = document.getElementById('u2f_return_code');
u2f_return_code.style.display = u2f_return_code.style.display === 'none' ? '' : null;
if (data.errorCode == "4") { data.errorCode = "4 - The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle"; }
u2f_return_code.innerHTML = 'Error code: ' + data.errorCode;
return;
}
reg.value = JSON.stringify(data);
form.submit();
});
}, 1000);
}
if ($(this).val() == "none") {
$('#DisableTFAModal').modal('show');
$("option:selected").prop("selected", false);
}
});
// Activate tooltips
$(function () {
$('[data-toggle="tooltip"]').tooltip()
})
// Hide alerts after n seconds
$("#alert-fade").fadeTo(7000, 500).slideUp(500, function(){
$("#alert-fade").alert('close');
});
// Remember last navigation pill
(function () {
'use strict';
$('a[data-toggle="tab"]').on('shown.bs.tab', function (e) {
var id = $(this).parents('[role="tablist"]').attr('id');
var key = 'lastTag';
if (id) {
key += ':' + id;
}
localStorage.setItem(key, $(e.target).attr('href'));
});
$('[role="tablist"]').each(function (idx, elem) {
var id = $(elem).attr('id');
var key = 'lastTag';
if (id) {
key += ':' + id;
}
var lastTab = localStorage.getItem(key);
if (lastTab) {
$('[href="' + lastTab + '"]').tab('show');
}
});
})();
// Disable submit after submitting form
$('form').submit(function() {
if ($('form button[type="submit"]').data('submitted') == '1') {
return false;
} else {
$(this).find('button[type="submit"]').first().text('<?=$lang['footer']['loading'];?>');
$('form button[type="submit"]').attr('data-submitted', '1');
function disableF5(e) { if ((e.which || e.keyCode) == 116 || (e.which || e.keyCode) == 82) e.preventDefault(); };
$(document).on("keydown", disableF5);
}
});
// IE fix to hide scrollbars when table body is empty
$('tbody').filter(function (index) {
return $(this).children().length < 1;
}).remove();
// Init Bootstrap Selectpicker
$('select').selectpicker();
// Trigger SOGo restart
$('#triggerRestartSogo').click(function(){
$(this).prop("disabled",true);
$(this).html('<span class="glyphicon glyphicon-refresh glyphicon-spin"></span> ');
$('#statusTriggerRestartSogo').text('Stopping SOGo workers, this may take a while... ');
$.ajax({
method: 'get',
url: 'call_sogo_ctrl.php',
data: {
'ajax': true,
'ACTION': 'stop'
},
success: function(data) {
$('#statusTriggerRestartSogo').append(data);
$('#statusTriggerRestartSogo').append('<br />Starting SOGo... ');
$.ajax({
method: 'get',
url: 'call_sogo_ctrl.php',
data: {
'ajax': true,
'ACTION': 'start'
},
success: function(data) {
$('#statusTriggerRestartSogo').append(data);
$('#triggerRestartSogo').html('<span class="glyphicon glyphicon-ok"></span> ');
}
});
}
});
});
});
</script>
<?php
if (isset($_SESSION['return'])):
?>
<div class="container">
<div style="position:fixed;bottom:8px;right:25px;min-width:300px;max-width:350px;z-index:2000">
<div <?=($_SESSION['return']['type'] == 'danger') ? null : 'id="alert-fade"'?> class="alert alert-<?=$_SESSION['return']['type'];?>" role="alert">
<a href="#" class="close" data-dismiss="alert"> &times;</a>
<?=htmlspecialchars($_SESSION['return']['msg']);?>
</div>
</div>
</div>
<?php
unset($_SESSION['return']);
endif;
?>
</body>
</html>
<?php $stmt = null; $pdo = null; ?>

File diff suppressed because it is too large Load Diff

104
data/web/inc/header.inc.php Normal file
View File

@ -0,0 +1,104 @@
<!DOCTYPE html>
<html lang="<?= $_SESSION['mailcow_locale'] ?>">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>mailcow UI</title>
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.0/jquery.min.js" integrity="sha384-XxcvoeNF5V0ZfksTnV+bejnCsJjOOIzN6UVwF85WBsAnU3zeYh5bloN+L4WLgeNE" crossorigin="anonymous"></script>
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/bootswatch/3.3.6/<?=strtolower(trim($DEFAULT_THEME));?>/bootstrap.min.css">
<link rel="stylesheet" href="/css/bootstrap-select.min.css">
<link rel="stylesheet" href="/css/bootstrap-slider.min.css">
<link rel="stylesheet" href="/css/bootstrap-switch.min.css">
<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700&subset=latin,latin-ext">
<link rel="stylesheet" href="/inc/languages.min.css">
<link rel="stylesheet" href="/css/mailcow.css">
<link rel="stylesheet" href="/css/tables.css">
<?=(preg_match("/mailbox.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/mailbox.css">' : null;?>
<link rel="shortcut icon" href="/favicon.png" type="image/png">
<link rel="icon" href="/favicon.png" type="image/png">
</head>
<body style="padding-top:70px">
<nav class="navbar navbar-default navbar-fixed-top" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/"><img height="32" alt="mailcow-logo" style="margin-top:-5px;" src="/img/cow_mailcow.svg" /></a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<?php
if (isset($_SESSION['mailcow_locale'])) {
?>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><span class="lang-sm lang-lbl" lang="<?=$_SESSION['mailcow_locale'];?>"></span><span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li <?=($_SESSION['mailcow_locale'] == 'de') ? 'class="active"' : ''?>> <a href="?<?= http_build_query(array_merge($_GET, array("lang" => "de"))) ?>"><span class="lang-xs lang-lbl-full" lang="de"></span></a></li>
<li <?=($_SESSION['mailcow_locale'] == 'en') ? 'class="active"' : ''?>> <a href="?<?= http_build_query(array_merge($_GET, array("lang" => "en"))) ?>"><span class="lang-xs lang-lbl-full" lang="en"></span></a></li>
<li <?=($_SESSION['mailcow_locale'] == 'es') ? 'class="active"' : ''?>> <a href="?<?= http_build_query(array_merge($_GET, array("lang" => "es"))) ?>"><span class="lang-xs lang-lbl-full" lang="es"></span></a></li>
<li <?=($_SESSION['mailcow_locale'] == 'nl') ? 'class="active"' : ''?>> <a href="?<?= http_build_query(array_merge($_GET, array("lang" => "nl"))) ?>"><span class="lang-xs lang-lbl-full" lang="nl"></span></a></li>
<li <?=($_SESSION['mailcow_locale'] == 'pt') ? 'class="active"' : ''?>> <a href="?<?= http_build_query(array_merge($_GET, array("lang" => "pt"))) ?>"><span class="lang-xs lang-lbl-full" lang="pt"></span></a></li>
</ul>
</li>
<?php
}
if (isset($_SESSION['mailcow_cc_role'])) {
?>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><?=$lang['header']['mailcow_settings'];?><span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<?php
if (isset($_SESSION['mailcow_cc_role'])) {
if ($_SESSION['mailcow_cc_role'] == "admin") {
?>
<li <?=(preg_match("/admin/i", $_SERVER['REQUEST_URI'])) ? 'class="active"' : ''?>><a href="/admin.php"><?=$lang['header']['administration'];?></a></li>
<?php
}
if ($_SESSION['mailcow_cc_role'] == "admin" || $_SESSION['mailcow_cc_role'] == "domainadmin") {
?>
<li <?=(preg_match("/mailbox/i", $_SERVER['REQUEST_URI'])) ? 'class="active"' : ''?>><a href="/mailbox.php"><?=$lang['header']['mailboxes'];?></a></li>
<?php
}
if ($_SESSION['mailcow_cc_role'] != "admin") {
?>
<li <?=(preg_match("/user/i", $_SERVER['REQUEST_URI'])) ? 'class="active"' : ''?>><a href="/user.php"><?=$lang['header']['user_settings'];?></a></li>
<?php
}
}
?>
</ul>
</li>
<?php
if ($_SESSION['mailcow_cc_role'] == "admin"):
?>
<li><a href data-toggle="modal" data-target="#RestartSOGo"><span style="font-size:12px" class="glyphicon glyphicon-refresh" aria-hidden="true"></span> <?=$lang['header']['restart_sogo'];?></a></li>
<?php
endif;
?>
<?php
}
if (!isset($_SESSION["dual-login"]) && isset($_SESSION['mailcow_cc_username'])):
?>
<li><a style="border-left:1px solid #E7E7E7" href="#" onclick="logout.submit()"><?=sprintf($lang['header']['logged_in_as_logout'], $_SESSION['mailcow_cc_username']);?></a></li>
<?php
elseif (isset($_SESSION["dual-login"])):
?>
<li><a style="border-left:1px solid #E7E7E7" href="#" onclick="logout.submit()"><?=sprintf($lang['header']['logged_in_as_logout_dual'], $_SESSION['mailcow_cc_username'], $_SESSION["dual-login"]["username"]);?></a></li>
<?php
endif;
?>
</ul>
</div><!--/.nav-collapse -->
</div><!--/.container-fluid -->
</nav>
<form action="/" method="post" id="logout"><input type="hidden" name="logout"></form>

281
data/web/inc/init.sql Normal file
View File

@ -0,0 +1,281 @@
CREATE TABLE IF NOT EXISTS `admin` (
`username` VARCHAR(255) NOT NULL,
`password` VARCHAR(255) NOT NULL,
`superadmin` TINYINT(1) NOT NULL DEFAULT '0',
`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`active` TINYINT(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `alias` (
`address` VARCHAR(255) NOT NULL,
`goto` TEXT NOT NULL,
`domain` VARCHAR(255) NOT NULL,
`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`active` TINYINT(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`address`),
KEY `domain` (`domain`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `sender_acl` (
`logged_in_as` VARCHAR(255) NOT NULL,
`send_as` VARCHAR(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `spamalias` (
`address` VARCHAR(255) NOT NULL,
`goto` TEXT NOT NULL,
`validity` INT(11) NOT NULL,
PRIMARY KEY (`address`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `alias_domain` (
`alias_domain` VARCHAR(255) NOT NULL,
`target_domain` VARCHAR(255) NOT NULL,
`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`active` TINYINT(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`alias_domain`),
KEY `active` (`active`),
KEY `target_domain` (`target_domain`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `domain` (
`domain` VARCHAR(255) NOT NULL,
`description` VARCHAR(255),
`aliases` INT(10) NOT NULL DEFAULT '0',
`mailboxes` INT(10) NOT NULL DEFAULT '0',
`maxquota` BIGINT(20) NOT NULL DEFAULT '0',
`quota` BIGINT(20) NOT NULL DEFAULT '0',
`transport` VARCHAR(255) NOT NULL,
`backupmx` TINYINT(1) NOT NULL DEFAULT '0',
`relay_all_recipients` TINYINT(1) NOT NULL DEFAULT '0',
`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`active` TINYINT(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`domain`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `domain_admins` (
`username` VARCHAR(255) NOT NULL,
`domain` VARCHAR(255) NOT NULL,
`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`active` TINYINT(1) NOT NULL DEFAULT '1',
KEY `username` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `mailbox` (
`username` VARCHAR(255) NOT NULL,
`password` VARCHAR(255) NOT NULL,
`name` VARCHAR(255),
`maildir` VARCHAR(255) NOT NULL,
`quota` BIGINT(20) NOT NULL DEFAULT '0',
`local_part` VARCHAR(255) NOT NULL,
`domain` VARCHAR(255) NOT NULL,
`created` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`modified` DATETIME NOT NULL DEFAULT '2016-01-01 00:00:00',
`tls_enforce_in` TINYINT(1) NOT NULL DEFAULT '0',
`tls_enforce_out` TINYINT(1) NOT NULL DEFAULT '0',
`kind` VARCHAR(100) NOT NULL DEFAULT '',
`multiple_bookings` TINYINT(1) NOT NULL DEFAULT '0',
`wants_tagged_subject` TINYINT(1) NOT NULL DEFAULT '0',
`active` TINYINT(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`username`),
KEY `domain` (`domain`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `quota2` (
`username` VARCHAR(100) NOT NULL,
`bytes` BIGINT(20) NOT NULL DEFAULT '0',
`messages` INT(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `filterconf` (
`object` VARCHAR(100) NOT NULL DEFAULT '',
`option` VARCHAR(50) NOT NULL DEFAULT '',
`value` VARCHAR(100) NOT NULL DEFAULT '',
`prefid` INT(11) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`prefid`),
KEY `object` (`object`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `imapsync` (
`id` INT NOT NULL AUTO_INCREMENT,
`user2` VARCHAR(255) NOT NULL,
`host1` VARCHAR(255) NOT NULL,
`authmech1` ENUM('PLAIN','LOGIN','CRAM-MD5') DEFAULT 'PLAIN',
`regextrans2` VARCHAR(255) DEFAULT '',
`authmd51` TINYINT(1) NOT NULL DEFAULT 0,
`domain2` VARCHAR(255) NOT NULL DEFAULT '',
`subfolder2` VARCHAR(255) NOT NULL DEFAULT '',
`user1` VARCHAR(255) NOT NULL,
`password1` VARCHAR(255) NOT NULL,
`exclude` VARCHAR(500) NOT NULL DEFAULT '',
`maxage` SMALLINT NOT NULL DEFAULT '0',
`mins_interval` VARCHAR(50) NOT NULL,
`port1` SMALLINT NOT NULL,
`enc1` ENUM('TLS','SSL','PLAIN') DEFAULT 'TLS',
`delete2duplicates` TINYINT(1) NOT NULL DEFAULT '1',
`returned_text` TEXT,
`last_run` TIMESTAMP NULL DEFAULT NULL,
`created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
`active` TINYINT(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `tfa` (
`id` INT NOT NULL AUTO_INCREMENT,
`username` VARCHAR(255) NOT NULL,
`authmech` ENUM('yubi_otp', 'u2f', 'hotp', 'totp'),
`secret` VARCHAR(255) DEFAULT NULL,
`keyHandle` VARCHAR(255) DEFAULT NULL,
`publicKey` VARCHAR(255) DEFAULT NULL,
`counter` INT NOT NULL DEFAULT '0',
`certificate` TEXT,
`active` TINYINT(1) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
DROP VIEW IF EXISTS grouped_mail_aliases;
DROP VIEW IF EXISTS grouped_sender_acl;
DROP VIEW IF EXISTS grouped_domain_alias_address;
CREATE VIEW grouped_mail_aliases (username, aliases) AS
SELECT goto, IFNULL(GROUP_CONCAT(address SEPARATOR ' '), '') AS address FROM alias
WHERE address!=goto
AND active = '1'
AND address NOT LIKE '@%'
GROUP BY goto;
CREATE VIEW grouped_sender_acl (username, send_as) AS
SELECT logged_in_as, IFNULL(GROUP_CONCAT(send_as SEPARATOR ' '), '') AS send_as FROM sender_acl
WHERE send_as NOT LIKE '@%'
GROUP BY logged_in_as;
CREATE VIEW grouped_domain_alias_address (username, ad_alias) AS
SELECT username, IFNULL(GROUP_CONCAT(local_part, '@', alias_domain SEPARATOR ' '), '') AS ad_alias FROM mailbox
LEFT OUTER JOIN alias_domain on target_domain=domain GROUP BY username;
CREATE TABLE IF NOT EXISTS sogo_acl (
c_folder_id INTEGER NOT NULL,
c_object character varying(255) NOT NULL,
c_uid character varying(255) NOT NULL,
c_role character varying(80) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_alarms_folder (
c_path VARCHAR(255) NOT NULL,
c_name VARCHAR(255) NOT NULL,
c_uid VARCHAR(255) NOT NULL,
c_recurrence_id INT(11) DEFAULT NULL,
c_alarm_number INT(11) NOT NULL,
c_alarm_date INT(11) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_cache_folder (
c_uid VARCHAR(255) NOT NULL,
c_path VARCHAR(255) NOT NULL,
c_parent_path VARCHAR(255) DEFAULT NULL,
c_type TINYINT(3) unsigned NOT NULL,
c_creationdate INT(11) NOT NULL,
c_lastmodified INT(11) NOT NULL,
c_version INT(11) NOT NULL DEFAULT '0',
c_deleted TINYINT(4) NOT NULL DEFAULT '0',
c_content longTEXT,
PRIMARY KEY (c_uid,c_path)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_folder_info (
c_folder_id BIGINT(20) unsigned NOT NULL AUTO_INCREMENT,
c_path VARCHAR(255) NOT NULL,
c_path1 VARCHAR(255) NOT NULL,
c_path2 VARCHAR(255) DEFAULT NULL,
c_path3 VARCHAR(255) DEFAULT NULL,
c_path4 VARCHAR(255) DEFAULT NULL,
c_foldername VARCHAR(255) NOT NULL,
c_location INTeger NULL,
c_quick_location VARCHAR(2048) DEFAULT NULL,
c_acl_location VARCHAR(2048) DEFAULT NULL,
c_folder_type VARCHAR(255) NOT NULL,
PRIMARY KEY (c_path),
UNIQUE KEY c_folder_id (c_folder_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_quick_appointment (
c_folder_id INTeger NOT NULL,
c_name character varying(255) NOT NULL,
c_uid character varying(255) NOT NULL,
c_startdate INTeger,
c_enddate INTeger,
c_cycleenddate INTeger,
c_title character varying(1000) NOT NULL,
c_participants TEXT,
c_isallday INTeger,
c_iscycle INTeger,
c_cycleinfo TEXT,
c_classification INTeger NOT NULL,
c_isopaque INTeger NOT NULL,
c_status INTeger NOT NULL,
c_priority INTeger,
c_location character varying(255),
c_orgmail character varying(255),
c_partmails TEXT,
c_partstates TEXT,
c_category character varying(255),
c_sequence INTeger,
c_component character varying(10) NOT NULL,
c_nextalarm INTeger,
c_description TEXT,
CONSTRAINT sogo_quick_appointment_pkey PRIMARY KEY (c_folder_id, c_name)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_quick_contact (
c_folder_id INTeger NOT NULL,
c_name character varying(255) NOT NULL,
c_givenname character varying(255),
c_cn character varying(255),
c_sn character varying(255),
c_screenname character varying(255),
c_l character varying(255),
c_mail character varying(255),
c_o character varying(255),
c_ou character varying(255),
c_telephonenumber character varying(255),
c_categories character varying(255),
c_component character varying(10) NOT NULL,
CONSTRAINT sogo_quick_contact_pkey PRIMARY KEY (c_folder_id, c_name)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_sessions_folder (
c_id VARCHAR(255) NOT NULL,
c_value VARCHAR(255) NOT NULL,
c_creationdate INT(11) NOT NULL,
c_lastseen INT(11) NOT NULL,
PRIMARY KEY (c_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_store (
c_folder_id INTeger NOT NULL,
c_name character varying(255) NOT NULL,
c_content mediumTEXT NOT NULL,
c_creationdate INTeger NOT NULL,
c_lastmodified INTeger NOT NULL,
c_version INTeger NOT NULL,
c_deleted INTeger,
CONSTRAINT sogo_store_pkey PRIMARY KEY (c_folder_id, c_name)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS sogo_user_profile (
c_uid VARCHAR(255) NOT NULL,
c_defaults TEXT,
c_settings TEXT,
PRIMARY KEY (c_uid)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC;
INSERT INTO `admin` (username, password, superadmin, created, modified, active) SELECT 'admin', '{SSHA256}K8eVJ6YsZbQCfuJvSUbaQRLr0HPLz5rC9IAp0PAFl0tmNDBkMDc0NDAyOTAxN2Rk', 1, NOW(), NOW(), 1 WHERE NOT EXISTS (SELECT * FROM `admin`);
DELETE FROM `domain_admins`;
INSERT INTO `domain_admins` (username, domain, created, active) SELECT `username`, 'ALL', NOW(), 1 FROM `admin` WHERE superadmin='1' AND `username` NOT IN (SELECT `username` FROM `domain_admins`);

1
data/web/inc/languages.min.css vendored Normal file

File diff suppressed because one or more lines are too long

BIN
data/web/inc/languages.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 44 KiB

506
data/web/inc/lib/U2F.php Normal file
View File

@ -0,0 +1,506 @@
<?php
/* Copyright (c) 2014 Yubico AB
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
namespace u2flib_server;
/** Constant for the version of the u2f protocol */
const U2F_VERSION = "U2F_V2";
/** Error for the authentication message not matching any outstanding
* authentication request */
const ERR_NO_MATCHING_REQUEST = 1;
/** Error for the authentication message not matching any registration */
const ERR_NO_MATCHING_REGISTRATION = 2;
/** Error for the signature on the authentication message not verifying with
* the correct key */
const ERR_AUTHENTICATION_FAILURE = 3;
/** Error for the challenge in the registration message not matching the
* registration challenge */
const ERR_UNMATCHED_CHALLENGE = 4;
/** Error for the attestation signature on the registration message not
* verifying */
const ERR_ATTESTATION_SIGNATURE = 5;
/** Error for the attestation verification not verifying */
const ERR_ATTESTATION_VERIFICATION = 6;
/** Error for not getting good random from the system */
const ERR_BAD_RANDOM = 7;
/** Error when the counter is lower than expected */
const ERR_COUNTER_TOO_LOW = 8;
/** Error decoding public key */
const ERR_PUBKEY_DECODE = 9;
/** Error user-agent returned error */
const ERR_BAD_UA_RETURNING = 10;
/** Error old OpenSSL version */
const ERR_OLD_OPENSSL = 11;
/** @internal */
const PUBKEY_LEN = 65;
class U2F
{
/** @var string */
private $appId;
/** @var null|string */
private $attestDir;
/** @internal */
private $FIXCERTS = array(
'349bca1031f8c82c4ceca38b9cebf1a69df9fb3b94eed99eb3fb9aa3822d26e8',
'dd574527df608e47ae45fbba75a2afdd5c20fd94a02419381813cd55a2a3398f',
'1d8764f0f7cd1352df6150045c8f638e517270e8b5dda1c63ade9c2280240cae',
'd0edc9a91a1677435a953390865d208c55b3183c6759c9b5a7ff494c322558eb',
'6073c436dcd064a48127ddbf6032ac1a66fd59a0c24434f070d4e564c124c897',
'ca993121846c464d666096d35f13bf44c1b05af205f9b4a1e00cf6cc10c5e511'
);
/**
* @param string $appId Application id for the running application
* @param string|null $attestDir Directory where trusted attestation roots may be found
* @throws Error If OpenSSL older than 1.0.0 is used
*/
public function __construct($appId, $attestDir = null)
{
if(OPENSSL_VERSION_NUMBER < 0x10000000) {
throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL);
}
$this->appId = $appId;
$this->attestDir = $attestDir;
}
/**
* Called to get a registration request to send to a user.
* Returns an array of one registration request and a array of sign requests.
*
* @param array $registrations List of current registrations for this
* user, to prevent the user from registering the same authenticator several
* times.
* @return array An array of two elements, the first containing a
* RegisterRequest the second being an array of SignRequest
* @throws Error
*/
public function getRegisterData(array $registrations = array())
{
$challenge = $this->createChallenge();
$request = new RegisterRequest($challenge, $this->appId);
$signs = $this->getAuthenticateData($registrations);
return array($request, $signs);
}
/**
* Called to verify and unpack a registration message.
*
* @param RegisterRequest $request this is a reply to
* @param object $response response from a user
* @param bool $includeCert set to true if the attestation certificate should be
* included in the returned Registration object
* @return Registration
* @throws Error
*/
public function doRegister($request, $response, $includeCert = true)
{
if( !is_object( $request ) ) {
throw new \InvalidArgumentException('$request of doRegister() method only accepts object.');
}
if( !is_object( $response ) ) {
throw new \InvalidArgumentException('$response of doRegister() method only accepts object.');
}
if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
}
if( !is_bool( $includeCert ) ) {
throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.');
}
$rawReg = $this->base64u_decode($response->registrationData);
$regData = array_values(unpack('C*', $rawReg));
$clientData = $this->base64u_decode($response->clientData);
$cli = json_decode($clientData);
if($cli->challenge !== $request->challenge) {
throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE );
}
$registration = new Registration();
$offs = 1;
$pubKey = substr($rawReg, $offs, PUBKEY_LEN);
$offs += PUBKEY_LEN;
// decode the pubKey to make sure it's good
$tmpKey = $this->pubkey_to_pem($pubKey);
if($tmpKey === null) {
throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
}
$registration->publicKey = base64_encode($pubKey);
$khLen = $regData[$offs++];
$kh = substr($rawReg, $offs, $khLen);
$offs += $khLen;
$registration->keyHandle = $this->base64u_encode($kh);
// length of certificate is stored in byte 3 and 4 (excluding the first 4 bytes)
$certLen = 4;
$certLen += ($regData[$offs + 2] << 8);
$certLen += $regData[$offs + 3];
$rawCert = $this->fixSignatureUnusedBits(substr($rawReg, $offs, $certLen));
$offs += $certLen;
$pemCert = "-----BEGIN CERTIFICATE-----\r\n";
$pemCert .= chunk_split(base64_encode($rawCert), 64);
$pemCert .= "-----END CERTIFICATE-----";
if($includeCert) {
$registration->certificate = base64_encode($rawCert);
}
if($this->attestDir) {
if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) {
throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION );
}
}
if(!openssl_pkey_get_public($pemCert)) {
throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
}
$signature = substr($rawReg, $offs);
$dataToVerify = chr(0);
$dataToVerify .= hash('sha256', $request->appId, true);
$dataToVerify .= hash('sha256', $clientData, true);
$dataToVerify .= $kh;
$dataToVerify .= $pubKey;
if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) {
return $registration;
} else {
throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE );
}
}
/**
* Called to get an authentication request.
*
* @param array $registrations An array of the registrations to create authentication requests for.
* @return array An array of SignRequest
* @throws Error
*/
public function getAuthenticateData(array $registrations)
{
$sigs = array();
foreach ($registrations as $reg) {
if( !is_object( $reg ) ) {
throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.');
}
$sig = new SignRequest();
$sig->appId = $this->appId;
$sig->keyHandle = $reg->keyHandle;
$sig->challenge = $this->createChallenge();
$sigs[] = $sig;
}
return $sigs;
}
/**
* Called to verify an authentication response
*
* @param array $requests An array of outstanding authentication requests
* @param array $registrations An array of current registrations
* @param object $response A response from the authenticator
* @return Registration
* @throws Error
*
* The Registration object returned on success contains an updated counter
* that should be saved for future authentications.
* If the Error returned is ERR_COUNTER_TOO_LOW this is an indication of
* token cloning or similar and appropriate action should be taken.
*/
public function doAuthenticate(array $requests, array $registrations, $response)
{
if( !is_object( $response ) ) {
throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.');
}
if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
}
/** @var object|null $req */
$req = null;
/** @var object|null $reg */
$reg = null;
$clientData = $this->base64u_decode($response->clientData);
$decodedClient = json_decode($clientData);
foreach ($requests as $req) {
if( !is_object( $req ) ) {
throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.');
}
if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) {
break;
}
$req = null;
}
if($req === null) {
throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST );
}
foreach ($registrations as $reg) {
if( !is_object( $reg ) ) {
throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.');
}
if($reg->keyHandle === $response->keyHandle) {
break;
}
$reg = null;
}
if($reg === null) {
throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION );
}
$pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey));
if($pemKey === null) {
throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
}
$signData = $this->base64u_decode($response->signatureData);
$dataToVerify = hash('sha256', $req->appId, true);
$dataToVerify .= substr($signData, 0, 5);
$dataToVerify .= hash('sha256', $clientData, true);
$signature = substr($signData, 5);
if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) {
$ctr = unpack("Nctr", substr($signData, 1, 4));
$counter = $ctr['ctr'];
/* TODO: wrap-around should be handled somehow.. */
if($counter > $reg->counter) {
$reg->counter = $counter;
return $reg;
} else {
throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW );
}
} else {
throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE );
}
}
/**
* @return array
*/
private function get_certs()
{
$files = array();
$dir = $this->attestDir;
if($dir && $handle = opendir($dir)) {
while(false !== ($entry = readdir($handle))) {
if(is_file("$dir/$entry")) {
$files[] = "$dir/$entry";
}
}
closedir($handle);
}
return $files;
}
/**
* @param string $data
* @return string
*/
private function base64u_encode($data)
{
return trim(strtr(base64_encode($data), '+/', '-_'), '=');
}
/**
* @param string $data
* @return string
*/
private function base64u_decode($data)
{
return base64_decode(strtr($data, '-_', '+/'));
}
/**
* @param string $key
* @return null|string
*/
private function pubkey_to_pem($key)
{
if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") {
return null;
}
/*
* Convert the public key to binary DER format first
* Using the ECC SubjectPublicKeyInfo OIDs from RFC 5480
*
* SEQUENCE(2 elem) 30 59
* SEQUENCE(2 elem) 30 13
* OID1.2.840.10045.2.1 (id-ecPublicKey) 06 07 2a 86 48 ce 3d 02 01
* OID1.2.840.10045.3.1.7 (secp256r1) 06 08 2a 86 48 ce 3d 03 01 07
* BIT STRING(520 bit) 03 42 ..key..
*/
$der = "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01";
$der .= "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42";
$der .= "\0".$key;
$pem = "-----BEGIN PUBLIC KEY-----\r\n";
$pem .= chunk_split(base64_encode($der), 64);
$pem .= "-----END PUBLIC KEY-----";
return $pem;
}
/**
* @return string
* @throws Error
*/
private function createChallenge()
{
$challenge = openssl_random_pseudo_bytes(32, $crypto_strong );
if( $crypto_strong !== true ) {
throw new Error('Unable to obtain a good source of randomness', ERR_BAD_RANDOM);
}
$challenge = $this->base64u_encode( $challenge );
return $challenge;
}
/**
* Fixes a certificate where the signature contains unused bits.
*
* @param string $cert
* @return mixed
*/
private function fixSignatureUnusedBits($cert)
{
if(in_array(hash('sha256', $cert), $this->FIXCERTS)) {
$cert[strlen($cert) - 257] = "\0";
}
return $cert;
}
}
/**
* Class for building a registration request
*
* @package u2flib_server
*/
class RegisterRequest
{
/** Protocol version */
public $version = U2F_VERSION;
/** Registration challenge */
public $challenge;
/** Application id */
public $appId;
/**
* @param string $challenge
* @param string $appId
* @internal
*/
public function __construct($challenge, $appId)
{
$this->challenge = $challenge;
$this->appId = $appId;
}
}
/**
* Class for building up an authentication request
*
* @package u2flib_server
*/
class SignRequest
{
/** Protocol version */
public $version = U2F_VERSION;
/** Authentication challenge */
public $challenge;
/** Key handle of a registered authenticator */
public $keyHandle;
/** Application id */
public $appId;
}
/**
* Class returned for successful registrations
*
* @package u2flib_server
*/
class Registration
{
/** The key handle of the registered authenticator */
public $keyHandle;
/** The public key of the registered authenticator */
public $publicKey;
/** The attestation certificate of the registered authenticator */
public $certificate;
/** The counter associated with this registration */
public $counter = -1;
}
/**
* Error class, returned on errors
*
* @package u2flib_server
*/
class Error extends \Exception
{
/**
* Override constructor and make message and code mandatory
* @param string $message
* @param int $code
* @param \Exception|null $previous
*/
public function __construct($message, $code, \Exception $previous = null) {
parent::__construct($message, $code, $previous);
}
}

Some files were not shown because too many files have changed in this diff Show More