From 9f258df883220d4d7c96802cae783db1da5197cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristia=CC=81n=20Feldsam?= Date: Tue, 16 Jan 2018 00:06:01 +0100 Subject: [PATCH 1/4] DNS Diagnostics - Allow for domain administrator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kristián Feldsam --- data/web/inc/ajax/dns_diagnostics.php | 137 +++++++++++++------------- 1 file changed, 70 insertions(+), 67 deletions(-) diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php index d6c989b3..fa3354d5 100644 --- a/data/web/inc/ajax/dns_diagnostics.php +++ b/data/web/inc/ajax/dns_diagnostics.php @@ -7,7 +7,7 @@ define('state_missing', '2"); -if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") { +if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin"|| $_SESSION['mailcow_cc_role'] == "domainadmin")) { $domains = mailbox('get', 'domains'); foreach(mailbox('get', 'domains') as $dn) { @@ -77,73 +77,76 @@ $spf_link = ' $dmarc_link = 'DMARC Assistant'; $records = array(); -$records[] = array( - $mailcow_hostname, - 'A', - $ip -); -$records[] = array( - $ptr, - 'PTR', - $mailcow_hostname -); -if (!empty($ip6)) { - $records[] = array( - $mailcow_hostname, - 'AAAA', - $ip6 - ); - $records[] = array( - $ptr6, - 'PTR', - $mailcow_hostname - ); +if($_SESSION['mailcow_cc_role'] == "admin") +{ + $records[] = array( + $mailcow_hostname, + 'A', + $ip + ); + $records[] = array( + $ptr, + 'PTR', + $mailcow_hostname + ); + if (!empty($ip6)) { + $records[] = array( + $mailcow_hostname, + 'AAAA', + $ip6 + ); + $records[] = array( + $ptr6, + 'PTR', + $mailcow_hostname + ); + } + $records[] = array( + '_25._tcp.' . $autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1) + ); + $records[] = array( + '_' . $https_port . '._tcp.' . $mailcow_hostname, + 'TLSA', + generate_tlsa_digest($mailcow_hostname, $https_port) + ); + $records[] = array( + '_' . $autodiscover_config['pop3']['tlsport'] . '._tcp.' . $autodiscover_config['pop3']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1) + ); + $records[] = array( + '_' . $autodiscover_config['imap']['tlsport'] . '._tcp.' . $autodiscover_config['imap']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1) + ); + $records[] = array( + '_' . $autodiscover_config['smtp']['port'] . '._tcp.' . $autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port']) + ); + $records[] = array( + '_' . $autodiscover_config['smtp']['tlsport'] . '._tcp.' . $autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1) + ); + $records[] = array( + '_' . $autodiscover_config['imap']['port'] . '._tcp.' . $autodiscover_config['imap']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port']) + ); + $records[] = array( + '_' . $autodiscover_config['pop3']['port'] . '._tcp.' . $autodiscover_config['pop3']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port']) + ); + $records[] = array( + '_' . $autodiscover_config['sieve']['port'] . '._tcp.' . $autodiscover_config['sieve']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1) + ); } -$records[] = array( - '_25._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1) -); -$records[] = array( - '_' . $https_port . '._tcp.' . $mailcow_hostname, - 'TLSA', - generate_tlsa_digest($mailcow_hostname, $https_port) -); -$records[] = array( - '_' . $autodiscover_config['pop3']['tlsport'] . '._tcp.' . $autodiscover_config['pop3']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1) -); -$records[] = array( - '_' . $autodiscover_config['imap']['tlsport'] . '._tcp.' . $autodiscover_config['imap']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1) -); -$records[] = array( - '_' . $autodiscover_config['smtp']['port'] . '._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port']) -); -$records[] = array( - '_' . $autodiscover_config['smtp']['tlsport'] . '._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1) -); -$records[] = array( - '_' . $autodiscover_config['imap']['port'] . '._tcp.' . $autodiscover_config['imap']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port']) -); -$records[] = array( - '_' . $autodiscover_config['pop3']['port'] . '._tcp.' . $autodiscover_config['pop3']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port']) -); -$records[] = array( - '_' . $autodiscover_config['sieve']['port'] . '._tcp.' . $autodiscover_config['sieve']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1) -); $records[] = array( $domain, 'MX', From 2a8bdc8deab60db693fe36aa217dbdc88887e332 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristia=CC=81n=20Feldsam?= Date: Tue, 16 Jan 2018 00:06:21 +0100 Subject: [PATCH 2/4] DNS Diagnostics - Ehnaced SPF record check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Kristián Feldsam --- data/web/inc/ajax/dns_diagnostics.php | 13 +++++++++---- data/web/lang/lang.en.php | 1 + 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php index fa3354d5..3735b17c 100644 --- a/data/web/inc/ajax/dns_diagnostics.php +++ b/data/web/inc/ajax/dns_diagnostics.php @@ -73,7 +73,7 @@ if (!isset($autodiscover_config['sieve'])) { } // Init records array -$spf_link = 'SPF Record Syntax'; +$spf_link = 'SPF Record Syntax
'.$lang['diagnostics']['allow'].' '.$ip.'
'.$lang['diagnostics']['allow'].' '.$ip6.''; $dmarc_link = 'DMARC Assistant'; $records = array(); @@ -348,9 +348,14 @@ foreach ($records as $record) { $state = $current[$data_field[$current['type']]] . state_optional; } elseif ($current['type'] == 'TXT' && - stripos($current['txt'], 'v=spf' && - $record[2] == $spf_link) === 0) { - $state = $current[$data_field[$current['type']]] . state_optional; + stripos($current['txt'], 'v=spf') === 0 && + $record[2] == $spf_link) { + $state = state_nomatch; + $rslt = get_spf_allowed_hosts($record[0]); + if(in_array($ip, $rslt) && in_array($ip6, $rslt)){ + $state = state_good; + } + $state .= '
' . $current[$data_field[$current['type']]].state_optional; } elseif ($current['type'] == 'TXT' && stripos($current['txt'], 'v=dkim') === 0 && diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index 7fce2a3b..b23ec4d6 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -556,6 +556,7 @@ $lang['diagnostics']['dns_records_data'] = 'Correct Data'; $lang['diagnostics']['dns_records_status'] = 'Current State'; $lang['diagnostics']['optional'] = 'This record is optional.'; $lang['diagnostics']['cname_from_a'] = 'Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.'; +$lang['diagnostics']['allow'] = 'Allow'; $lang['admin']['relay_from'] = '"From:" address'; $lang['admin']['api_allow_from'] = "Allow API access from these IPs"; From 9aeaab23ab1e0b742f7ecfb98c23d684e66dc5d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Tue, 16 Jan 2018 09:26:48 +0100 Subject: [PATCH 3/4] Update lang.en.php --- data/web/lang/lang.en.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index b23ec4d6..178c722a 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -556,7 +556,7 @@ $lang['diagnostics']['dns_records_data'] = 'Correct Data'; $lang['diagnostics']['dns_records_status'] = 'Current State'; $lang['diagnostics']['optional'] = 'This record is optional.'; $lang['diagnostics']['cname_from_a'] = 'Value derived from A/AAAA record. This is supported as long as the record points to the correct resource.'; -$lang['diagnostics']['allow'] = 'Allow'; +$lang['diagnostics']['allow'] = 'Allow %s'; $lang['admin']['relay_from'] = '"From:" address'; $lang['admin']['api_allow_from'] = "Allow API access from these IPs"; From f1f7749b852b5bd2e69bae5e8f0aeadd0eb8b493 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Peters?= Date: Tue, 16 Jan 2018 09:33:39 +0100 Subject: [PATCH 4/4] Update dns_diagnostics.php Sprintf makes multi-lang easier. Fix indents --- data/web/inc/ajax/dns_diagnostics.php | 175 ++++++++++++++------------ 1 file changed, 92 insertions(+), 83 deletions(-) diff --git a/data/web/inc/ajax/dns_diagnostics.php b/data/web/inc/ajax/dns_diagnostics.php index 3735b17c..f15f8eb4 100644 --- a/data/web/inc/ajax/dns_diagnostics.php +++ b/data/web/inc/ajax/dns_diagnostics.php @@ -73,111 +73,120 @@ if (!isset($autodiscover_config['sieve'])) { } // Init records array -$spf_link = 'SPF Record Syntax
'.$lang['diagnostics']['allow'].' '.$ip.'
'.$lang['diagnostics']['allow'].' '.$ip6.''; +$spf_link = 'SPF Record Syntax
+ ' . sprintf($lang['diagnostics']['allow'], $ip) . '
' . sprintf($lang['diagnostics']['allow'], $ip6) . ''; $dmarc_link = 'DMARC Assistant'; $records = array(); -if($_SESSION['mailcow_cc_role'] == "admin") -{ +if ($_SESSION['mailcow_cc_role'] == "admin") { + $records[] = array( + $mailcow_hostname, + 'A', + $ip + ); + $records[] = array( + $ptr, + 'PTR', + $mailcow_hostname + ); + if (!empty($ip6)) { $records[] = array( $mailcow_hostname, - 'A', - $ip + 'AAAA', + $ip6 ); $records[] = array( - $ptr, + $ptr6, 'PTR', $mailcow_hostname ); - if (!empty($ip6)) { - $records[] = array( - $mailcow_hostname, - 'AAAA', - $ip6 - ); - $records[] = array( - $ptr6, - 'PTR', - $mailcow_hostname - ); - } - $records[] = array( - '_25._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1) - ); - $records[] = array( - '_' . $https_port . '._tcp.' . $mailcow_hostname, - 'TLSA', - generate_tlsa_digest($mailcow_hostname, $https_port) - ); - $records[] = array( - '_' . $autodiscover_config['pop3']['tlsport'] . '._tcp.' . $autodiscover_config['pop3']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1) - ); - $records[] = array( - '_' . $autodiscover_config['imap']['tlsport'] . '._tcp.' . $autodiscover_config['imap']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1) - ); - $records[] = array( - '_' . $autodiscover_config['smtp']['port'] . '._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port']) - ); - $records[] = array( - '_' . $autodiscover_config['smtp']['tlsport'] . '._tcp.' . $autodiscover_config['smtp']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1) - ); - $records[] = array( - '_' . $autodiscover_config['imap']['port'] . '._tcp.' . $autodiscover_config['imap']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port']) - ); - $records[] = array( - '_' . $autodiscover_config['pop3']['port'] . '._tcp.' . $autodiscover_config['pop3']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port']) - ); - $records[] = array( - '_' . $autodiscover_config['sieve']['port'] . '._tcp.' . $autodiscover_config['sieve']['server'], - 'TLSA', - generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1) - ); + } + $records[] = array( + '_25._tcp.'.$autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1) + ); + $records[] = array( + '_'.$https_port. + '._tcp.'.$mailcow_hostname, + 'TLSA', + generate_tlsa_digest($mailcow_hostname, $https_port) + ); + $records[] = array( + '_'.$autodiscover_config['pop3']['tlsport']. + '._tcp.'.$autodiscover_config['pop3']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1) + ); + $records[] = array( + '_'.$autodiscover_config['imap']['tlsport']. + '._tcp.'.$autodiscover_config['imap']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1) + ); + $records[] = array( + '_'.$autodiscover_config['smtp']['port']. + '._tcp.'.$autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port']) + ); + $records[] = array( + '_'.$autodiscover_config['smtp']['tlsport']. + '._tcp.'.$autodiscover_config['smtp']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1) + ); + $records[] = array( + '_'.$autodiscover_config['imap']['port']. + '._tcp.'.$autodiscover_config['imap']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port']) + ); + $records[] = array( + '_'.$autodiscover_config['pop3']['port']. + '._tcp.'.$autodiscover_config['pop3']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port']) + ); + $records[] = array( + '_'.$autodiscover_config['sieve']['port']. + '._tcp.'.$autodiscover_config['sieve']['server'], + 'TLSA', + generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1) + ); } $records[] = array( - $domain, - 'MX', - $mailcow_hostname + $domain, + 'MX', + $mailcow_hostname ); $records[] = array( - 'autodiscover.' . $domain, - 'CNAME', - $mailcow_hostname + 'autodiscover.'.$domain, + 'CNAME', + $mailcow_hostname ); $records[] = array( - '_autodiscover._tcp.' . $domain, - 'SRV', - $mailcow_hostname . ' ' . $https_port + '_autodiscover._tcp.'.$domain, + 'SRV', + $mailcow_hostname. + ' '.$https_port ); $records[] = array( - 'autoconfig.' . $domain, - 'CNAME', - $mailcow_hostname + 'autoconfig.'.$domain, + 'CNAME', + $mailcow_hostname ); $records[] = array( - $domain, - 'TXT', - $spf_link, - state_optional + $domain, + 'TXT', + $spf_link, + state_optional ); $records[] = array( - '_dmarc.' . $domain, - 'TXT', - $dmarc_link, - state_optional + '_dmarc.'.$domain, + 'TXT', + $dmarc_link, + state_optional ); if (!empty($dkim = dkim('details', $domain))) {