<?php header("Content-Type: application/json"); require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php'; function rrmdir($src) { $dir = opendir($src); while(false !== ( $file = readdir($dir)) ) { if (( $file != '.' ) && ( $file != '..' )) { $full = $src . '/' . $file; if ( is_dir($full) ) { rrmdir($full); } else { unlink($full); } } } closedir($dir); rmdir($src); } function addAddresses(&$list, $mail, $headerName) { $addresses = $mail->getAddresses($headerName); foreach ($addresses as $address) { if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) { $list[] = array('address' => $address['address'], 'type' => $headerName); } } } if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) { $mailc = quarantine('hash_details', $_GET['hash']); if ($mailc === false) { echo json_encode(array('error' => 'Message invalid')); exit; } if (strlen($mailc['msg']) > 10485760) { echo json_encode(array('error' => 'Message size exceeds 10 MiB.')); exit; } if (!empty($mailc['msg'])) { // Init message array $data = array(); // Init parser $mail_parser = new PhpMimeMailParser\Parser(); $html2text = new Html2Text\Html2Text(); // Load msg to parser $mail_parser->setText($mailc['msg']); // Get mail recipients { $recipientsList = array(); addAddresses($recipientsList, $mail_parser, 'to'); addAddresses($recipientsList, $mail_parser, 'cc'); addAddresses($recipientsList, $mail_parser, 'bcc'); $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp'); $data['recipients'] = $recipientsList; } // Get from $data['header_from'] = $mail_parser->getHeader('from'); $data['env_from'] = $mailc['sender']; // Get rspamd score $data['score'] = $mailc['score']; // Get rspamd action $data['action'] = $mailc['action']; // Get rspamd symbols $data['symbols'] = json_decode($mailc['symbols']); // Get fuzzy hashes $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']); $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto"); (empty($data['subject'])) ? $data['subject'] = '-' : null; echo json_encode($data); } } elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) { if (!isset($_SESSION['mailcow_cc_role'])) { echo json_encode(array('error' => 'Access denied')); exit(); } $tmpdir = '/tmp/' . $_GET['id'] . '/'; $mailc = quarantine('details', $_GET['id']); if ($mailc === false) { echo json_encode(array('error' => 'Access denied')); exit; } if (strlen($mailc['msg']) > 10485760) { echo json_encode(array('error' => 'Message size exceeds 10 MiB.')); exit; } if (!empty($mailc['msg'])) { if (isset($_GET['quick_release'])) { $hash = hash('sha256', $mailc['id'] . $mailc['qid']); header('Location: /qhandler/release/' . $hash); exit; } if (isset($_GET['quick_delete'])) { $hash = hash('sha256', $mailc['id'] . $mailc['qid']); header('Location: /qhandler/delete/' . $hash); exit; } // Init message array $data = array(); // Init parser $mail_parser = new PhpMimeMailParser\Parser(); $html2text = new Html2Text\Html2Text(); // Load msg to parser $mail_parser->setText($mailc['msg']); // Get mail recipients { $recipientsList = array(); addAddresses($recipientsList, $mail_parser, 'to'); addAddresses($recipientsList, $mail_parser, 'cc'); addAddresses($recipientsList, $mail_parser, 'bcc'); $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp'); $data['recipients'] = $recipientsList; } // Get from $data['header_from'] = $mail_parser->getHeader('from'); $data['env_from'] = $mailc['sender']; // Get rspamd score $data['score'] = $mailc['score']; // Get rspamd action $data['action'] = $mailc['action']; // Get rspamd symbols $data['symbols'] = json_decode($mailc['symbols']); // Get fuzzy hashes $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']); // Get text/plain content $data['text_plain'] = $mail_parser->getMessageBody('text'); // Get html content and convert to text $data['text_html'] = $html2text->convert($mail_parser->getMessageBody('html')); if (empty($data['text_plain']) && empty($data['text_html'])) { // Failed to parse content, try raw $text = trim(substr($mailc['msg'], strpos($mailc['msg'], "\r\n\r\n") + 1)); // Only return html->text $data['text_plain'] = 'Parser failed, assuming HTML'; $data['text_html'] = $html2text->convert($text); } (empty($data['text_plain'])) ? $data['text_plain'] = '-' : null; // Get subject $data['subject'] = $mail_parser->getHeader('subject'); $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto"); (empty($data['subject'])) ? $data['subject'] = '-' : null; // Get attachments if (is_dir($tmpdir)) { rrmdir($tmpdir); } mkdir('/tmp/' . $_GET['id']); $mail_parser->saveAttachments($tmpdir, true); $atts = $mail_parser->getAttachments(true); if (count($atts) > 0) { foreach ($atts as $key => $val) { $data['attachments'][$key] = array( // Index // 0 => file name // 1 => mime type // 2 => file size // 3 => vt link by sha256 $val->getFilename(), $val->getContentType(), filesize($tmpdir . $val->getFilename()), 'https://www.virustotal.com/file/' . hash_file('SHA256', $tmpdir . $val->getFilename()) . '/analysis/' ); } } if (isset($_GET['eml'])) { $dl_filename = filter_var($data['subject'], FILTER_SANITIZE_STRING); $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename; header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Cache-Control: private', false); header('Content-Type: message/rfc822'); header('Content-Disposition: attachment; filename="'. $dl_filename . '.eml";'); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . strlen($mailc['msg'])); echo $mailc['msg']; exit; } if (isset($_GET['att'])) { if ($_SESSION['acl']['quarantine_attachments'] == 0) { exit(json_encode('Forbidden')); } $dl_id = intval($_GET['att']); $dl_filename = filter_var($data['attachments'][$dl_id][0], FILTER_SANITIZE_STRING); $dl_filename_short = strlen($dl_filename) > 20 ? substr($dl_filename, 0, 20) : $dl_filename; $dl_filename_extension = pathinfo($tmpdir . $dl_filename)['extension']; $dl_filename_short = preg_replace('/\.' . $dl_filename_extension . '$/', '', $dl_filename_short); if (!is_dir($tmpdir . $dl_filename) && file_exists($tmpdir . $dl_filename)) { header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Cache-Control: private', false); header('Content-Type: ' . $data['attachments'][$dl_id][1]); header('Content-Disposition: attachment; filename="'. $dl_filename_short . '.' . $dl_filename_extension . '";'); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . $data['attachments'][$dl_id][2]); readfile($tmpdir . $dl_filename); exit; } } echo json_encode($data); } } ?>