[Web] Add more map types soon; Do not expose private key via API if hidden in vars (fixes #3231)

This commit is contained in:
andryyy 2019-12-22 21:26:10 +01:00
parent 26a267d3b6
commit e47e54f3de
7 changed files with 87 additions and 55 deletions

View File

@ -14,7 +14,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
<ul class="nav nav-tabs" role="tablist">
<li role="presentation" class="active"><a href="#tab-access" aria-controls="tab-access" role="tab" data-toggle="tab"><?=$lang['admin']['access'];?></a></li>
<li role="presentation"><a href="#tab-config" aria-controls="tab-config" role="tab" data-toggle="tab"><?=$lang['admin']['configuration'];?></a></li>
<li role="presentation"><a href="#tab-routing" aria-controls="tab-config" role="tab" data-toggle="tab"><?=$lang['admin']['routing'];?></a></li>
<li role="presentation"><a href="#tab-routing" aria-controls="tab-routing" role="tab" data-toggle="tab"><?=$lang['admin']['routing'];?></a></li>
<li role="presentation"><a href="#tab-sys-mails" aria-controls="tab-sys-mails" role="tab" data-toggle="tab"><?=$lang['admin']['sys_mails'];?></a></li>
<li role="presentation"><a href="#tab-mailq" aria-controls="tab-mailq" role="tab" data-toggle="tab"><?=$lang['admin']['queue_manager'];?></a></li>
<li role="presentation"><a href="#tab-rspamdmaps" aria-controls="tab-rspamdmaps" role="tab" data-toggle="tab"><?=$lang['admin']['rspamd_global_filters'];?></a></li>
@ -350,8 +350,8 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
<div role="tabpanel" class="tab-pane" id="tab-config">
<div class="row">
<div id="sidebar-admin" class="col-sm-2 hidden-xs">
<div id="scrollbox" class="list-group">
<div id="sidebar-admin-config" class="col-sm-2 hidden-xs">
<div id="scrollbox-config" class="list-group">
<a href="#dkim" class="list-group-item"><?=$lang['admin']['dkim_keys'];?></a>
<a href="#fwdhosts" class="list-group-item"><?=$lang['admin']['forwarding_hosts'];?></a>
<a href="#f2bparams" class="list-group-item"><?=$lang['admin']['f2b_parameters'];?></a>
@ -1139,6 +1139,15 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
</div>
<div role="tabpanel" class="tab-pane" id="tab-rspamdmaps">
<div class="row">
<div id="sidebar-admin-maps" class="col-sm-2 hidden-xs">
<div id="scrollbox-maps" class="list-group">
<a href="#regexmaps" class="list-group-item">Regex maps</a>
<!-- <a href="#standardmaps" class="list-group-item">Standard maps</a> -->
<a href="#top" class="list-group-item" style="border-top:1px dashed #dadada"> <?=$lang['admin']['to_top'];?></a>
</div>
</div>
<div class="col-sm-10">
<div class="panel panel-default">
<div class="panel-heading">
<?=$lang['admin']['rspamd_global_filters'];?>
@ -1155,21 +1164,25 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
</div>
</div>
<div id="rspamd_global_filters" class="<?=($_SESSION['show_rspamd_global_filters'] !== true) ? 'hidden' : '';?>">
<hr>
<span class="anchor" id="regexmaps"></span>
<h4>Regex Maps</h4>
<p><?=$lang['admin']['rspamd_global_filters_regex'];?></p>
<?php
foreach ($RSPAMD_MAPS as $rspamd_desc => $rspamd_map):
foreach ($RSPAMD_MAPS['regex'] as $rspamd_regex_desc => $rspamd_regex_map):
?>
<hr>
<form class="form-horizontal" data-id="<?=$rspamd_map;?>" role="form" method="post">
<form class="form-horizontal" data-id="<?=$rspamd_regex_map;?>" role="form" method="post">
<div class="form-group">
<label class="control-label col-sm-3" for="<?=$rspamd_map;?>"><?=$rspamd_desc;?><br><small><?=$rspamd_map;?></small></label>
<label class="control-label col-sm-3" for="<?=$rspamd_regex_map;?>"><?=$rspamd_regex_desc;?><br><small><?=$rspamd_regex_map;?></small></label>
<div class="col-sm-9">
<textarea id="<?=$rspamd_map;?>" spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control textarea-code" rows="10" name="rspamd_map_data" required><?=file_get_contents('/rspamd_custom_maps/' . $rspamd_map);?></textarea>
<textarea id="<?=$rspamd_regex_map;?>" spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control textarea-code" rows="10" name="rspamd_regex_map_data" required><?=file_get_contents('/rspamd_custom_maps/' . $rspamd_regex_map);?></textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-3 col-sm-9">
<button class="btn btn-xs btn-default validate_rspamd_regex" data-regex-map="<?=$rspamd_map;?>" href="#"><?=$lang['add']['validate'];?></button>
<button class="btn btn-xs btn-success submit_rspamd_regex" data-action="edit_selected" data-id="<?=$rspamd_map;?>" data-item="<?=htmlspecialchars($rspamd_map);?>" data-api-url='edit/rspamd-map' data-api-attr='{}' href="#" disabled><?=$lang['edit']['save'];?></button>
<button class="btn btn-xs btn-default validate_rspamd_regex" data-regex-map="<?=$rspamd_regex_map;?>" href="#"><?=$lang['add']['validate'];?></button>
<button class="btn btn-xs btn-success submit_rspamd_regex" data-action="edit_selected" data-id="<?=$rspamd_regex_map;?>" data-item="<?=htmlspecialchars($rspamd_regex_map);?>" data-api-url='edit/rspamd-map' data-api-attr='{}' href="#" disabled><?=$lang['edit']['save'];?></button>
</div>
</div>
</form>
@ -1180,6 +1193,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
</div>
</div>
</div>
</div>
</div> <!-- /tab-content -->
</div> <!-- /col-md-12 -->

View File

@ -247,8 +247,13 @@ function dkim($_action, $_data = null) {
}
$dkimdata['dkim_txt'] = 'v=DKIM1;k=rsa;t=s;s=email;p=' . $redis_dkim_key_data;
$dkimdata['dkim_selector'] = $redis->hGet('DKIM_SELECTORS', $_data);
if ($GLOBALS['SHOW_DKIM_PRIV_KEYS']) {
$dkimdata['privkey'] = base64_encode($redis->hGet('DKIM_PRIV_KEYS', $dkimdata['dkim_selector'] . '.' . $_data));
}
else {
$dkimdata['privkey'] = '';
}
}
return $dkimdata;
break;
case 'blind':

View File

@ -157,6 +157,7 @@ $MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format'] = 'maildir:';
// Set visible Rspamd maps in mailcow UI, do not change unless you know what you are doing
$RSPAMD_MAPS = array(
'regex' => array(
'Header-From: Blacklist' => 'global_mime_from_blacklist.map',
'Header-From: Whitelist' => 'global_mime_from_whitelist.map',
'Envelope Sender Blacklist' => 'global_smtp_from_blacklist.map',
@ -166,4 +167,5 @@ $RSPAMD_MAPS = array(
'Fishy TLDS (only fired in combination with bad words)' => 'fishy_tlds.map',
'Bad Words (only fired in combination with fishy TLDs)' => 'bad_words.map',
'Bad Languages' => 'bad_languages.map',
)
);

View File

@ -442,23 +442,31 @@ jQuery(function($){
});
});
$(window).load(function(){
initial_width = $("#sidebar-admin").width();
$("#scrollbox").css("width", initial_width);
initial_width_config = $("#sidebar-admin-config").width();
initial_width_maps = $("#sidebar-admin-maps").width();
$("#scrollbox-config").css("width", initial_width_config);
$("#scrollbox-maps").css("width", initial_width_maps);
if (sessionStorage.scrollTop > 70) {
$('#scrollbox').addClass('scrollboxFixed');
$('#scrollbox-config').addClass('scrollboxFixed');
$('#scrollbox-maps').addClass('scrollboxFixed');
}
$(window).bind('scroll', function() {
if ($(window).scrollTop() > 70) {
$('#scrollbox').addClass('scrollboxFixed');
$('#scrollbox-config').addClass('scrollboxFixed');
$('#scrollbox-maps').addClass('scrollboxFixed');
} else {
$('#scrollbox').removeClass('scrollboxFixed');
$('#scrollbox-config').removeClass('scrollboxFixed');
$('#scrollbox-maps').removeClass('scrollboxFixed');
}
});
});
function resizeScrollbox() {
on_resize_width = $("#sidebar-admin").width();
$("#scrollbox").removeAttr("style");
$("#scrollbox").css("width", on_resize_width);
on_resize_width_config = $("#sidebar-admin-config").width();
on_resize_width_maps = $("#sidebar-admin-maps").width();
$("#scrollbox-config").removeAttr("style");
$("#scrollbox-config").css("width", on_resize_width_config);
$("#scrollbox-maps").removeAttr("style");
$("#scrollbox-maps").css("width", on_resize_width_maps);
}
$(window).on('resize', resizeScrollbox);
$('a[data-toggle="tab"]').on('shown.bs.tab', resizeScrollbox);

View File

@ -497,7 +497,8 @@
"transport_dest_format": "Syntax: example.org, .example.org, *, box@example.org (mehrere Werte getrennt durch Komma einzugeben)",
"rspamd_global_filters_agree": "Ich werde vorsichtig sein!",
"rspamd_global_filters": "Globale Filter-Maps",
"rspamd_global_filters_info": "Globale Filter-Maps steuern globales White- und Blacklisting dieses Servers. Die akzeptierte Form für Einträge sind <b>ausschließlich</b> Regular Expressions.\r\n Trotz rudimentärer Überprüfung der Map, kann es zu fehlerhaften Einträgen kommen, die Rspamd im schlechtesten Fall mit unvorhersehbarer Funktionalität bestraft.<br>\r\n Das korrekte Format lautet \"/pattern/options\" (Beispiel: <code>/.+@domain\\.tld/i</code>).<br>\r\n Der Name der Map beschreibt die jeweilige Funktion.<br>\r\n Rspamd versucht die Maps umgehend aufzulösen. Bei Problemen sollte <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd manuell neugestartet werden</a>.",
"rspamd_global_filters_info": "Globale Filter-Maps steuern globales White- und Blacklisting dieses Servers.",
"rspamd_global_filters_regex": "Die akzeptierte Form für Einträge sind <b>ausschließlich</b> Regular Expressions.\r\n Trotz rudimentärer Überprüfung der Map, kann es zu fehlerhaften Einträgen kommen, die Rspamd im schlechtesten Fall mit unvorhersehbarer Funktionalität bestraft.<br>\r\n Das korrekte Format lautet \"/pattern/options\" (Beispiel: <code>/.+@domain\\.tld/i</code>).<br>\r\n Der Name der Map beschreibt die jeweilige Funktion.<br>\r\n Rspamd versucht die Maps umgehend aufzulösen. Bei Problemen sollte <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd manuell neugestartet werden</a>.",
"add_admin": "Administrator hinzufügen",
"dkim_domains_selector": "Selektor",
"search_domain_da": "Suche Domains",

View File

@ -509,7 +509,8 @@
"transport_dest_format": "Syntax: example.org, .example.org, *, box@example.org (multiple values can be comma-separated)",
"rspamd_global_filters_agree": "I will be careful!",
"rspamd_global_filters": "Global filter maps",
"rspamd_global_filters_info": "Global filter maps contain different kind of global black and whitelists. Their names explain their purpose. All content must contain valid regular expression in the format of \"/pattern/options\" (e.g. <code>/.+@domain\\.tld/i</code>).<br>\r\n Although rudimentary checks are being executed on each line of regex, Rspamds functionality can be broken, if it fails to read the syntax correctly.<br>\r\n Rspamd will try to read the map content when changed. If you experience problems, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restart Rspamd</a> to enforce a map reload."
"rspamd_global_filters_info": "Global filter maps contain different kind of global black and whitelists.",
"rspamd_global_filters_regex": "Their names explain their purpose. All content must contain valid regular expression in the format of \"/pattern/options\" (e.g. <code>/.+@domain\\.tld/i</code>).<br>\r\n Although rudimentary checks are being executed on each line of regex, Rspamds functionality can be broken, if it fails to read the syntax correctly.<br>\r\n Rspamd will try to read the map content when changed. If you experience problems, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restart Rspamd</a> to enforce a map reload."
},
"start": {
"mailcow_apps_detail": "Use a mailcow app to access your mails, calendar, contacts and more.",

View File

@ -499,7 +499,8 @@
"transport_dest_format": "Voorbeeld: example.org, .example.org, *, postvak@example.org (meerdere waarden zijn kommagescheiden)",
"rspamd_global_filters_agree": "Ik ben me ervan bewust dat aanpassingen desastreuze gevolgen kunnen hebben",
"rspamd_global_filters": "Globale filters",
"rspamd_global_filters_info": "Ieder globaal filter heeft zijn eigen functie, zie de namen. De velden kunnen enkel regular expressions bevatten met het formaat \"/pattern/options\", bijvoorbeeld <code>/.+@domain\\.tld/i</code>.<br>Ondanks dat alle invoer wordt gecontroleerd op fouten, is het toch mogelijk dat Rspamd onbruikbaar wordt als deze de invoer niet kan lezen.<br>Als je problemen ervaart, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">herstart Rspamd</a> dan om de filters opnieuw te laten lezen."
"rspamd_global_filters_info": "Ieder globaal filter heeft zijn eigen functie, zie de namen.",
"rspamd_global_filters_regex": "De velden kunnen enkel regular expressions bevatten met het formaat \"/pattern/options\", bijvoorbeeld <code>/.+@domain\\.tld/i</code>.<br>Ondanks dat alle invoer wordt gecontroleerd op fouten, is het toch mogelijk dat Rspamd onbruikbaar wordt als deze de invoer niet kan lezen.<br>Als je problemen ervaart, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">herstart Rspamd</a> dan om de filters opnieuw te laten lezen."
},
"start": {
"mailcow_apps_detail": "Gebruik een Mailcow-app om je mails, agenda, contacten en meer te bekijken.",