2017-12-09 20:17:15 +08:00
< ? php
2018-02-09 03:13:36 +08:00
function quarantine ( $_action , $_data = null ) {
2017-12-09 20:17:15 +08:00
global $pdo ;
global $redis ;
global $lang ;
2018-08-04 02:31:33 +08:00
$_data_log = $_data ;
2017-12-09 20:17:15 +08:00
switch ( $_action ) {
2019-02-06 16:28:22 +08:00
case 'quick_delete' :
// Dont return results, just log
$hash = trim ( $_data );
if ( preg_match ( " /^([a-f0-9] { 64}) $ / " , $hash ) === false ) {
logger ( array ( 'return' => array (
array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
)
)));
return ;
}
$stmt = $pdo -> prepare ( ' SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl` . `username` = `rcpt`
WHERE SHA2 ( CONCAT ( `id` , `qid` ), 256 ) = : hash
AND user_acl . quarantine = 1
AND rcpt IN ( SELECT username FROM mailbox ) ' );
$stmt -> execute ( array ( ':hash' => $hash ));
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
if ( empty ( $row [ 'id' ]) || ! is_numeric ( $row [ 'id' ])) {
logger ( array ( 'return' => array (
array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
)
)));
return ;
}
else {
$stmt = $pdo -> prepare ( " DELETE FROM `quarantine` WHERE id = :id " );
$stmt -> execute ( array (
':id' => $row [ 'id' ]
));
}
logger ( array ( 'return' => array (
array (
'type' => 'success' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'item_deleted' , $row [ 'id' ])
)
)));
break ;
case 'quick_release' :
// Dont return results, just log
$hash = trim ( $_data );
if ( preg_match ( " /^([a-f0-9] { 64}) $ / " , $hash ) === false ) {
logger ( array ( 'return' => array (
array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
)
)));
return ;
}
$stmt = $pdo -> prepare ( ' SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl` . `username` = `rcpt`
WHERE SHA2 ( CONCAT ( `id` , `qid` ), 256 ) = : hash
AND `user_acl` . `quarantine` = 1
AND `username` IN ( SELECT `username` FROM `mailbox` ) ' );
$stmt -> execute ( array ( ':hash' => $hash ));
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
if ( empty ( $row [ 'id' ]) || ! is_numeric ( $row [ 'id' ])) {
logger ( array ( 'return' => array (
array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
)
)));
return ;
}
else {
$stmt = $pdo -> prepare ( 'SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id' );
$stmt -> execute ( array ( ':id' => $row [ 'id' ]));
$detail_row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
$sender = ( isset ( $detail_row [ 'sender' ])) ? $detail_row [ 'sender' ] : 'sender-unknown@rspamd' ;
if ( ! empty ( gethostbynamel ( 'postfix-mailcow' ))) {
$postfix = 'postfix-mailcow' ;
}
if ( ! empty ( gethostbynamel ( 'postfix' ))) {
$postfix = 'postfix' ;
}
else {
logger ( array ( 'return' => array (
array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'release_send_failed' , 'Cannot determine Postfix host' )
)
)));
return ;
}
try {
$release_format = $redis -> Get ( 'Q_RELEASE_FORMAT' );
}
catch ( RedisException $e ) {
logger ( array ( 'return' => array (
array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'redis_error' , $e )
)
)));
return ;
}
if ( $release_format == 'attachment' ) {
try {
$mail = new PHPMailer ( true );
$mail -> isSMTP ();
$mail -> SMTPDebug = 0 ;
$mail -> SMTPOptions = array (
'ssl' => array (
'verify_peer' => false ,
'verify_peer_name' => false ,
'allow_self_signed' => true
)
);
if ( ! empty ( gethostbynamel ( 'postfix-mailcow' ))) {
$postfix = 'postfix-mailcow' ;
}
if ( ! empty ( gethostbynamel ( 'postfix' ))) {
$postfix = 'postfix' ;
}
else {
logger ( array ( 'return' => array (
array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'release_send_failed' , 'Cannot determine Postfix host' )
)
)));
return ;
}
$mail -> Host = $postfix ;
$mail -> Port = 590 ;
$mail -> setFrom ( $sender );
$mail -> CharSet = 'UTF-8' ;
$mail -> Subject = sprintf ( $lang [ 'quarantine' ][ 'release_subject' ], $detail_row [ 'qid' ]);
$mail -> addAddress ( $detail_row [ 'rcpt' ]);
$mail -> IsHTML ( false );
$msg_tmpf = tempnam ( " /tmp " , $detail_row [ 'qid' ]);
file_put_contents ( $msg_tmpf , $detail_row [ 'msg' ]);
$mail -> addAttachment ( $msg_tmpf , $detail_row [ 'qid' ] . '.eml' );
$mail -> Body = sprintf ( $lang [ 'quarantine' ][ 'release_body' ]);
$mail -> send ();
unlink ( $msg_tmpf );
}
catch ( phpmailerException $e ) {
unlink ( $msg_tmpf );
logger ( array ( 'return' => array (
array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'release_send_failed' , $e -> errorMessage ())
)
)));
return ;
}
}
elseif ( $release_format == 'raw' ) {
$postfix_talk = array (
array ( '220' , 'HELO quarantine' . chr ( 10 )),
array ( '250' , 'MAIL FROM: ' . $sender . chr ( 10 )),
array ( '250' , 'RCPT TO: ' . $detail_row [ 'rcpt' ] . chr ( 10 )),
array ( '250' , 'DATA' . chr ( 10 )),
array ( '354' , $detail_row [ 'msg' ] . chr ( 10 ) . '.' . chr ( 10 )),
array ( '250' , 'QUIT' . chr ( 10 )),
array ( '221' , '' )
);
// Thanks to https://stackoverflow.com/questions/6632399/given-an-email-as-raw-text-how-can-i-send-it-using-php
$smtp_connection = fsockopen ( $postfix , 590 , $errno , $errstr , 1 );
if ( ! $smtp_connection ) {
logger ( array ( 'return' => array (
array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'Cannot connect to Postfix'
)
)));
return false ;
}
for ( $i = 0 ; $i < count ( $postfix_talk ); $i ++ ) {
$smtp_resource = fgets ( $smtp_connection , 256 );
if ( substr ( $smtp_resource , 0 , 3 ) !== $postfix_talk [ $i ][ 0 ]) {
$ret = substr ( $smtp_resource , 0 , 3 );
$ret = ( empty ( $ret )) ? '-' : $ret ;
logger ( array ( 'return' => array (
array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'Postfix returned SMTP code ' . $smtp_resource . ', expected ' . $postfix_talk [ $i ][ 0 ]
)
)));
return ;
}
if ( $postfix_talk [ $i ][ 1 ] !== '' ) {
fputs ( $smtp_connection , $postfix_talk [ $i ][ 1 ]);
}
}
fclose ( $smtp_connection );
}
$stmt = $pdo -> prepare ( " DELETE FROM `quarantine` WHERE id = :id " );
$stmt -> execute ( array (
':id' => $row [ 'id' ]
));
}
logger ( array ( 'return' => array (
array (
'type' => 'success' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'item_released' , $hash )
)
)));
break ;
2017-12-09 20:17:15 +08:00
case 'delete' :
if ( ! is_array ( $_data [ 'id' ])) {
$ids = array ();
$ids [] = $_data [ 'id' ];
}
else {
$ids = $_data [ 'id' ];
}
2018-02-09 03:13:36 +08:00
if ( ! isset ( $_SESSION [ 'acl' ][ 'quarantine' ]) || $_SESSION [ 'acl' ][ 'quarantine' ] != " 1 " ) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
2017-12-09 20:17:15 +08:00
);
return false ;
}
foreach ( $ids as $id ) {
if ( ! is_numeric ( $id )) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
2017-12-09 20:17:15 +08:00
);
2018-08-14 05:20:40 +08:00
continue ;
2017-12-09 20:17:15 +08:00
}
2018-08-14 05:20:40 +08:00
$stmt = $pdo -> prepare ( 'SELECT `rcpt` FROM `quarantine` WHERE `id` = :id' );
$stmt -> execute ( array ( ':id' => $id ));
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
if ( ! hasMailboxObjectAccess ( $_SESSION [ 'mailcow_cc_username' ], $_SESSION [ 'mailcow_cc_role' ], $row [ 'rcpt' ]) && $_SESSION [ 'mailcow_cc_role' ] != 'admin' ) {
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
2018-08-14 05:20:40 +08:00
'msg' => 'access_denied'
2017-12-09 20:17:15 +08:00
);
2018-08-14 05:20:40 +08:00
continue ;
2017-12-09 20:17:15 +08:00
}
2018-08-14 05:20:40 +08:00
else {
$stmt = $pdo -> prepare ( " DELETE FROM `quarantine` WHERE `id` = :id " );
$stmt -> execute ( array (
':id' => $id
));
}
$_SESSION [ 'return' ][] = array (
'type' => 'success' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'item_deleted' , $id )
);
2017-12-09 20:17:15 +08:00
}
break ;
case 'edit' :
2018-02-09 03:13:36 +08:00
if ( ! isset ( $_SESSION [ 'acl' ][ 'quarantine' ]) || $_SESSION [ 'acl' ][ 'quarantine' ] != " 1 " ) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
2017-12-09 20:17:15 +08:00
);
return false ;
}
// Edit settings
if ( $_data [ 'action' ] == 'settings' ) {
if ( $_SESSION [ 'mailcow_cc_role' ] != " admin " ) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
2017-12-09 20:17:15 +08:00
);
return false ;
}
$retention_size = $_data [ 'retention_size' ];
2018-12-06 23:51:11 +08:00
if ( $_data [ 'release_format' ] == 'attachment' || $_data [ 'release_format' ] == 'raw' ) {
$release_format = $_data [ 'release_format' ];
}
else {
$release_format = 'raw' ;
}
2017-12-09 20:17:15 +08:00
$max_size = $_data [ 'max_size' ];
2019-06-02 03:22:14 +08:00
$max_age = intval ( $_data [ 'max_age' ]);
2019-01-29 07:20:39 +08:00
$subject = $_data [ 'subject' ];
$sender = $_data [ 'sender' ];
2019-02-05 07:10:21 +08:00
$html = $_data [ 'html_tmpl' ];
2019-06-02 03:22:14 +08:00
if ( $max_age <= 0 ) {
$max_age = 365 ;
}
2017-12-09 20:17:15 +08:00
$exclude_domains = ( array ) $_data [ 'exclude_domains' ];
try {
$redis -> Set ( 'Q_RETENTION_SIZE' , intval ( $retention_size ));
$redis -> Set ( 'Q_MAX_SIZE' , intval ( $max_size ));
2019-06-02 03:22:14 +08:00
$redis -> Set ( 'Q_MAX_AGE' , $max_age );
2017-12-09 20:17:15 +08:00
$redis -> Set ( 'Q_EXCLUDE_DOMAINS' , json_encode ( $exclude_domains ));
2018-12-06 23:51:11 +08:00
$redis -> Set ( 'Q_RELEASE_FORMAT' , $release_format );
2019-01-29 07:20:39 +08:00
$redis -> Set ( 'Q_SENDER' , $sender );
2019-02-01 05:25:14 +08:00
$redis -> Set ( 'Q_SUBJ' , $subject );
2019-01-29 07:20:39 +08:00
$redis -> Set ( 'Q_HTML' , $html );
2017-12-09 20:17:15 +08:00
}
catch ( RedisException $e ) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'redis_error' , $e )
2017-12-09 20:17:15 +08:00
);
return false ;
}
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'success' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'saved_settings'
2017-12-09 20:17:15 +08:00
);
}
// Release item
elseif ( $_data [ 'action' ] == 'release' ) {
if ( ! is_array ( $_data [ 'id' ])) {
$ids = array ();
$ids [] = $_data [ 'id' ];
}
else {
$ids = $_data [ 'id' ];
}
foreach ( $ids as $id ) {
if ( ! is_numeric ( $id )) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
2017-12-09 20:17:15 +08:00
);
2018-08-14 05:20:40 +08:00
continue ;
2017-12-09 20:17:15 +08:00
}
2018-08-14 05:20:40 +08:00
$stmt = $pdo -> prepare ( 'SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id' );
$stmt -> execute ( array ( ':id' => $id ));
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
if ( ! hasMailboxObjectAccess ( $_SESSION [ 'mailcow_cc_username' ], $_SESSION [ 'mailcow_cc_role' ], $row [ 'rcpt' ])) {
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-14 05:20:40 +08:00
'msg' => 'access_denied'
2017-12-09 20:17:15 +08:00
);
2018-08-14 05:20:40 +08:00
continue ;
2017-12-09 20:17:15 +08:00
}
$sender = ( isset ( $row [ 'sender' ])) ? $row [ 'sender' ] : 'sender-unknown@rspamd' ;
2018-12-06 23:51:11 +08:00
if ( ! empty ( gethostbynamel ( 'postfix-mailcow' ))) {
$postfix = 'postfix-mailcow' ;
}
if ( ! empty ( gethostbynamel ( 'postfix' ))) {
$postfix = 'postfix' ;
}
else {
$_SESSION [ 'return' ][] = array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'release_send_failed' , 'Cannot determine Postfix host' )
);
continue ;
}
2017-12-09 20:17:15 +08:00
try {
2018-12-06 23:51:11 +08:00
$release_format = $redis -> Get ( 'Q_RELEASE_FORMAT' );
}
catch ( RedisException $e ) {
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'redis_error' , $e )
2017-12-09 20:17:15 +08:00
);
2018-12-06 23:51:11 +08:00
return false ;
}
if ( $release_format == 'attachment' ) {
try {
$mail = new PHPMailer ( true );
$mail -> isSMTP ();
$mail -> SMTPDebug = 0 ;
$mail -> SMTPOptions = array (
'ssl' => array (
'verify_peer' => false ,
'verify_peer_name' => false ,
'allow_self_signed' => true
)
);
if ( ! empty ( gethostbynamel ( 'postfix-mailcow' ))) {
$postfix = 'postfix-mailcow' ;
}
if ( ! empty ( gethostbynamel ( 'postfix' ))) {
$postfix = 'postfix' ;
}
else {
$_SESSION [ 'return' ][] = array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'release_send_failed' , 'Cannot determine Postfix host' )
);
continue ;
}
$mail -> Host = $postfix ;
$mail -> Port = 590 ;
$mail -> setFrom ( $sender );
$mail -> CharSet = 'UTF-8' ;
$mail -> Subject = sprintf ( $lang [ 'quarantine' ][ 'release_subject' ], $row [ 'qid' ]);
$mail -> addAddress ( $row [ 'rcpt' ]);
$mail -> IsHTML ( false );
$msg_tmpf = tempnam ( " /tmp " , $row [ 'qid' ]);
file_put_contents ( $msg_tmpf , $row [ 'msg' ]);
$mail -> addAttachment ( $msg_tmpf , $row [ 'qid' ] . '.eml' );
$mail -> Body = sprintf ( $lang [ 'quarantine' ][ 'release_body' ]);
$mail -> send ();
unlink ( $msg_tmpf );
2017-12-09 20:17:15 +08:00
}
2018-12-06 23:51:11 +08:00
catch ( phpmailerException $e ) {
unlink ( $msg_tmpf );
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'warning' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
2018-12-06 23:51:11 +08:00
'msg' => array ( 'release_send_failed' , $e -> errorMessage ())
2017-12-09 20:17:15 +08:00
);
2018-08-14 05:20:40 +08:00
continue ;
2017-12-09 20:17:15 +08:00
}
}
2018-12-06 23:51:11 +08:00
elseif ( $release_format == 'raw' ) {
$postfix_talk = array (
array ( '220' , 'HELO quarantine' . chr ( 10 )),
array ( '250' , 'MAIL FROM: ' . $sender . chr ( 10 )),
array ( '250' , 'RCPT TO: ' . $row [ 'rcpt' ] . chr ( 10 )),
array ( '250' , 'DATA' . chr ( 10 )),
array ( '354' , $row [ 'msg' ] . chr ( 10 ) . '.' . chr ( 10 )),
array ( '250' , 'QUIT' . chr ( 10 )),
array ( '221' , '' )
2017-12-09 20:17:15 +08:00
);
2018-12-06 23:51:11 +08:00
// Thanks to https://stackoverflow.com/questions/6632399/given-an-email-as-raw-text-how-can-i-send-it-using-php
$smtp_connection = fsockopen ( $postfix , 590 , $errno , $errstr , 1 );
if ( ! $smtp_connection ) {
$_SESSION [ 'return' ][] = array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'Cannot connect to Postfix'
);
return false ;
}
for ( $i = 0 ; $i < count ( $postfix_talk ); $i ++ ) {
$smtp_resource = fgets ( $smtp_connection , 256 );
if ( substr ( $smtp_resource , 0 , 3 ) !== $postfix_talk [ $i ][ 0 ]) {
$ret = substr ( $smtp_resource , 0 , 3 );
$ret = ( empty ( $ret )) ? '-' : $ret ;
$_SESSION [ 'return' ][] = array (
'type' => 'warning' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'Postfix returned SMTP code ' . $smtp_resource . ', expected ' . $postfix_talk [ $i ][ 0 ]
);
return false ;
}
if ( $postfix_talk [ $i ][ 1 ] !== '' ) {
fputs ( $smtp_connection , $postfix_talk [ $i ][ 1 ]);
}
}
fclose ( $smtp_connection );
2017-12-09 20:17:15 +08:00
}
try {
2018-02-09 03:13:36 +08:00
$stmt = $pdo -> prepare ( " DELETE FROM `quarantine` WHERE `id` = :id " );
2017-12-09 20:17:15 +08:00
$stmt -> execute ( array (
':id' => $id
));
}
catch ( PDOException $e ) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'mysql_error' , $e )
2017-12-09 20:17:15 +08:00
);
2018-08-14 05:20:40 +08:00
continue ;
2017-12-09 20:17:15 +08:00
}
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
'type' => 'success' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'item_released' , $id )
);
}
}
elseif ( $_data [ 'action' ] == 'learnspam' ) {
if ( ! is_array ( $_data [ 'id' ])) {
$ids = array ();
$ids [] = $_data [ 'id' ];
}
else {
$ids = $_data [ 'id' ];
}
foreach ( $ids as $id ) {
if ( ! is_numeric ( $id )) {
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => 'access_denied'
);
continue ;
}
$stmt = $pdo -> prepare ( 'SELECT `msg`, `rcpt` FROM `quarantine` WHERE `id` = :id' );
$stmt -> execute ( array ( ':id' => $id ));
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
if ( ! hasMailboxObjectAccess ( $_SESSION [ 'mailcow_cc_username' ], $_SESSION [ 'mailcow_cc_role' ], $row [ 'rcpt' ]) && $_SESSION [ 'mailcow_cc_role' ] != 'admin' ) {
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'msg' => 'access_denied'
);
continue ;
}
$curl = curl_init ();
2018-09-30 15:53:25 +08:00
curl_setopt ( $curl , CURLOPT_UNIX_SOCKET_PATH , '/var/lib/rspamd/rspamd.sock' );
2018-08-14 05:20:40 +08:00
curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_POST , 1 );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 30 );
2018-09-30 15:53:25 +08:00
curl_setopt ( $curl , CURLOPT_HTTPHEADER , array ( 'Content-Type: text/plain' ));
2018-08-14 05:20:40 +08:00
curl_setopt ( $curl , CURLOPT_URL , " http://rspamd/learnspam " );
2018-09-30 15:53:25 +08:00
curl_setopt ( $curl , CURLOPT_POSTFIELDS , $row [ 'msg' ]);
2018-08-14 05:20:40 +08:00
$response = curl_exec ( $curl );
if ( ! curl_errno ( $curl )) {
$response = json_decode ( $response , true );
if ( isset ( $response [ 'error' ])) {
if ( stripos ( $response [ 'error' ], 'already learned' ) === false ) {
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ ),
'msg' => array ( 'spam_learn_error' , $response [ 'error' ])
);
continue ;
}
}
curl_close ( $curl );
$curl = curl_init ();
2018-09-30 15:53:25 +08:00
curl_setopt ( $curl , CURLOPT_UNIX_SOCKET_PATH , '/var/lib/rspamd/rspamd.sock' );
2018-08-14 05:20:40 +08:00
curl_setopt ( $curl , CURLOPT_RETURNTRANSFER , 1 );
curl_setopt ( $curl , CURLOPT_POST , 1 );
curl_setopt ( $curl , CURLOPT_TIMEOUT , 30 );
2018-09-30 15:53:25 +08:00
curl_setopt ( $curl , CURLOPT_HTTPHEADER , array ( 'Content-Type: text/plain' , 'Flag: 11' ));
2018-08-14 05:20:40 +08:00
curl_setopt ( $curl , CURLOPT_URL , " http://rspamd/fuzzyadd " );
2018-09-30 15:53:25 +08:00
curl_setopt ( $curl , CURLOPT_POSTFIELDS , $row [ 'msg' ]);
2018-08-14 05:20:40 +08:00
$response = curl_exec ( $curl );
if ( ! curl_errno ( $curl )) {
$response = json_decode ( $response , true );
if ( isset ( $response [ 'error' ])) {
$_SESSION [ 'return' ][] = array (
2018-09-30 15:53:25 +08:00
'type' => 'warning' ,
2018-08-14 05:20:40 +08:00
'log' => array ( __FUNCTION__ ),
'msg' => array ( 'fuzzy_learn_error' , $response [ 'error' ])
);
}
curl_close ( $curl );
try {
$stmt = $pdo -> prepare ( " DELETE FROM `quarantine` WHERE `id` = :id " );
$stmt -> execute ( array (
':id' => $id
));
}
catch ( PDOException $e ) {
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'mysql_error' , $e )
);
continue ;
}
$_SESSION [ 'return' ][] = array (
'type' => 'success' ,
'log' => array ( __FUNCTION__ ),
2018-09-30 15:53:25 +08:00
'msg' => array ( 'qlearn_spam' , $id )
2018-08-14 05:20:40 +08:00
);
continue ;
}
else {
curl_close ( $curl );
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ ),
2018-09-30 15:53:25 +08:00
'msg' => array ( 'spam_learn_error' , 'Curl: ' . curl_strerror ( curl_errno ( $curl )))
2018-08-14 05:20:40 +08:00
);
continue ;
}
curl_close ( $curl );
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ ),
'msg' => array ( 'learn_spam_error' , 'unknown' )
);
continue ;
}
else {
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ ),
2018-09-30 15:53:25 +08:00
'msg' => array ( 'spam_learn_error' , 'Curl: ' . curl_strerror ( curl_errno ( $curl )))
2018-08-14 05:20:40 +08:00
);
2018-09-30 15:53:25 +08:00
curl_close ( $curl );
2018-08-14 05:20:40 +08:00
continue ;
}
curl_close ( $curl );
$_SESSION [ 'return' ][] = array (
'type' => 'danger' ,
'log' => array ( __FUNCTION__ ),
'msg' => array ( 'learn_spam_error' , 'unknown' )
);
continue ;
2017-12-09 20:17:15 +08:00
}
}
return true ;
break ;
case 'get' :
2018-08-14 05:20:40 +08:00
if ( $_SESSION [ 'mailcow_cc_role' ] == " user " ) {
2019-07-23 10:22:28 +08:00
$stmt = $pdo -> prepare ( 'SELECT `id`, `qid`, `subject`, LOCATE("VIRUS_FOUND", `symbols`) AS `virus_flag`, `score`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` = :mbox' );
2018-08-14 05:20:40 +08:00
$stmt -> execute ( array ( ':mbox' => $_SESSION [ 'mailcow_cc_username' ]));
$rows = $stmt -> fetchAll ( PDO :: FETCH_ASSOC );
while ( $row = array_shift ( $rows )) {
$q_meta [] = $row ;
}
}
elseif ( $_SESSION [ 'mailcow_cc_role' ] == " admin " ) {
2019-07-23 10:22:28 +08:00
$stmt = $pdo -> query ( 'SELECT `id`, `qid`, `subject`, LOCATE("VIRUS_FOUND", `symbols`) AS `virus_flag`, `score`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine`' );
2018-08-14 05:20:40 +08:00
$rows = $stmt -> fetchAll ( PDO :: FETCH_ASSOC );
while ( $row = array_shift ( $rows )) {
$q_meta [] = $row ;
2017-12-09 20:17:15 +08:00
}
2018-08-14 05:20:40 +08:00
}
else {
$domains = array_merge ( mailbox ( 'get' , 'domains' ), mailbox ( 'get' , 'alias_domains' ));
foreach ( $domains as $domain ) {
2019-07-23 10:22:28 +08:00
$stmt = $pdo -> prepare ( 'SELECT `id`, `qid`, `subject`, LOCATE("VIRUS_FOUND", `symbols`) AS `virus_flag`, `score`, `rcpt`, `sender`, UNIX_TIMESTAMP(`created`) AS `created` FROM `quarantine` WHERE `rcpt` REGEXP :domain' );
2018-08-14 05:20:40 +08:00
$stmt -> execute ( array ( ':domain' => '@' . $domain . '$' ));
2018-01-17 22:23:33 +08:00
$rows = $stmt -> fetchAll ( PDO :: FETCH_ASSOC );
while ( $row = array_shift ( $rows )) {
$q_meta [] = $row ;
}
}
2017-12-09 20:17:15 +08:00
}
return $q_meta ;
break ;
case 'settings' :
try {
2018-12-01 02:04:18 +08:00
if ( $_SESSION [ 'mailcow_cc_role' ] == " admin " ) {
$settings [ 'exclude_domains' ] = json_decode ( $redis -> Get ( 'Q_EXCLUDE_DOMAINS' ), true );
}
2017-12-09 20:17:15 +08:00
$settings [ 'max_size' ] = $redis -> Get ( 'Q_MAX_SIZE' );
2019-06-02 03:22:14 +08:00
$settings [ 'max_age' ] = $redis -> Get ( 'Q_MAX_AGE' );
2017-12-09 20:17:15 +08:00
$settings [ 'retention_size' ] = $redis -> Get ( 'Q_RETENTION_SIZE' );
2018-12-06 23:51:11 +08:00
$settings [ 'release_format' ] = $redis -> Get ( 'Q_RELEASE_FORMAT' );
2019-02-01 05:25:14 +08:00
$settings [ 'subject' ] = $redis -> Get ( 'Q_SUBJ' );
2019-01-29 07:20:39 +08:00
$settings [ 'sender' ] = $redis -> Get ( 'Q_SENDER' );
2019-02-05 07:10:21 +08:00
$settings [ 'html_tmpl' ] = htmlspecialchars ( $redis -> Get ( 'Q_HTML' ));
if ( empty ( $settings [ 'html_tmpl' ])) {
$settings [ 'html_tmpl' ] = htmlspecialchars ( file_get_contents ( " /tpls/quarantine.tpl " ));
2019-01-29 07:20:39 +08:00
}
2017-12-09 20:17:15 +08:00
}
catch ( RedisException $e ) {
2018-08-14 05:20:40 +08:00
$_SESSION [ 'return' ][] = array (
2017-12-09 20:17:15 +08:00
'type' => 'danger' ,
2018-08-04 02:31:33 +08:00
'log' => array ( __FUNCTION__ , $_action , $_data_log ),
'msg' => array ( 'redis_error' , $e )
2017-12-09 20:17:15 +08:00
);
return false ;
}
return $settings ;
break ;
case 'details' :
if ( ! is_numeric ( $_data ) || empty ( $_data )) {
return false ;
}
2018-08-14 05:20:40 +08:00
$stmt = $pdo -> prepare ( 'SELECT `rcpt`, `symbols`, `msg`, `domain` FROM `quarantine` WHERE `id`= :id' );
$stmt -> execute ( array ( ':id' => $_data ));
$row = $stmt -> fetch ( PDO :: FETCH_ASSOC );
if ( hasMailboxObjectAccess ( $_SESSION [ 'mailcow_cc_username' ], $_SESSION [ 'mailcow_cc_role' ], $row [ 'rcpt' ])) {
return $row ;
2017-12-09 20:17:15 +08:00
}
return false ;
break ;
}
2018-02-09 03:13:36 +08:00
}
