[Postfix, Web] Feature: Show last SMTP login

master
andryyy 2020-09-15 11:02:53 +02:00
parent 28041b1d97
commit 1f36ae28d4
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
7 changed files with 49 additions and 7 deletions

View File

@ -25,6 +25,7 @@ RUN groupadd -g 102 postfix \
postfix \ postfix \
postfix-mysql \ postfix-mysql \
postfix-pcre \ postfix-pcre \
redis-tools \
sasl2-bin \ sasl2-bin \
sudo \ sudo \
supervisor \ supervisor \
@ -44,6 +45,7 @@ COPY postfix.sh /opt/postfix.sh
COPY rspamd-pipe-ham /usr/local/bin/rspamd-pipe-ham COPY rspamd-pipe-ham /usr/local/bin/rspamd-pipe-ham
COPY rspamd-pipe-spam /usr/local/bin/rspamd-pipe-spam COPY rspamd-pipe-spam /usr/local/bin/rspamd-pipe-spam
COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
COPY smtpd_last_login.sh /usr/local/bin/smtpd_last_login.sh
COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh COPY stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
COPY docker-entrypoint.sh /docker-entrypoint.sh COPY docker-entrypoint.sh /docker-entrypoint.sh
@ -51,6 +53,7 @@ RUN chmod +x /opt/postfix.sh \
/usr/local/bin/rspamd-pipe-ham \ /usr/local/bin/rspamd-pipe-ham \
/usr/local/bin/rspamd-pipe-spam \ /usr/local/bin/rspamd-pipe-spam \
/usr/local/bin/whitelist_forwardinghosts.sh \ /usr/local/bin/whitelist_forwardinghosts.sh \
/usr/local/bin/smtpd_last_login.sh \
/usr/local/sbin/stop-supervisor.sh /usr/local/sbin/stop-supervisor.sh
RUN rm -rf /tmp/* /var/tmp/* RUN rm -rf /tmp/* /var/tmp/*

View File

@ -0,0 +1,20 @@
#!/bin/bash
# Do not attempt to write to slave
if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
else
REDIS_CMDLINE="redis-cli -h redis -p 6379"
fi
while read QUERY; do
QUERY=($QUERY)
# If nothing matched, end here - Postfix last line will be empty
if [[ -z "$(echo ${QUERY[0]} | tr -d '\040\011\012\015')" ]]; then
echo -ne "action=dunno\n\n"
# We found a username, log and return
elif [[ "${QUERY[0]}" =~ sasl_username ]]; then
${REDIS_CMDLINE} SET "last-login/smtp/$(echo ${QUERY[0]#sasl_username=})" "$(date +%s)"
echo -ne "action=dunno\n\n"
fi
done

View File

@ -189,6 +189,7 @@ smtp_sasl_auth_soft_bounce = no
postscreen_discard_ehlo_keywords = silent-discard, dsn postscreen_discard_ehlo_keywords = silent-discard, dsn
compatibility_level = 2 compatibility_level = 2
smtputf8_enable = no smtputf8_enable = no
smtpd_last_auth = check_policy_service inet:127.0.0.1:10028
# Define protocols for SMTPS and submission service # Define protocols for SMTPS and submission service
submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

View File

@ -16,6 +16,7 @@ smtps inet n - n - - smtpd
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o syslog_name=postfix/smtps -o syslog_name=postfix/smtps
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
10465 inet n - n - - smtpd 10465 inet n - n - - smtpd
-o smtpd_upstream_proxy_protocol=haproxy -o smtpd_upstream_proxy_protocol=haproxy
-o smtpd_tls_wrappermode=yes -o smtpd_tls_wrappermode=yes
@ -23,6 +24,7 @@ smtps inet n - n - - smtpd
-o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$smtps_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o syslog_name=postfix/smtps-haproxy -o syslog_name=postfix/smtps-haproxy
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
# smtpd with starttls on 587/tcp # smtpd with starttls on 587/tcp
# TLS protocol can be modified by setting submission_smtpd_tls_mandatory_protocols in extra.cf # TLS protocol can be modified by setting submission_smtpd_tls_mandatory_protocols in extra.cf
@ -33,6 +35,7 @@ submission inet n - n - - smtpd
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o syslog_name=postfix/submission -o syslog_name=postfix/submission
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
10587 inet n - n - - smtpd 10587 inet n - n - - smtpd
-o smtpd_upstream_proxy_protocol=haproxy -o smtpd_upstream_proxy_protocol=haproxy
-o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
@ -41,6 +44,7 @@ submission inet n - n - - smtpd
-o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols -o smtpd_tls_mandatory_protocols=$submission_smtpd_tls_mandatory_protocols
-o tls_preempt_cipherlist=yes -o tls_preempt_cipherlist=yes
-o syslog_name=postfix/submission-haproxy -o syslog_name=postfix/submission-haproxy
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
# used by SOGo # used by SOGo
# smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function # smtpd_sender_restrictions should match main.cf, but with check_sasl_access prepended for login-as-mailbox-user function
@ -49,6 +53,7 @@ submission inet n - n - - smtpd
-o smtpd_tls_auth_only=no -o smtpd_tls_auth_only=no
-o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain -o smtpd_sender_restrictions=check_sasl_access,regexp:/opt/postfix/conf/allow_mailcow_local.regexp,reject_authenticated_sender_login_mismatch,permit_mynetworks,permit_sasl_authenticated,reject_unlisted_sender,reject_unknown_sender_domain
-o syslog_name=postfix/sogo -o syslog_name=postfix/sogo
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
# used to reinject quarantine mails # used to reinject quarantine mails
590 inet n - n - - smtpd 590 inet n - n - - smtpd
@ -58,13 +63,13 @@ submission inet n - n - - smtpd
-o smtpd_milters= -o smtpd_milters=
-o non_smtpd_milters= -o non_smtpd_milters=
-o syslog_name=postfix/quarantine -o syslog_name=postfix/quarantine
-o smtpd_end_of_data_restrictions=$smtpd_last_auth
# enforced smtp connector # enforced smtp connector
smtp_enforced_tls unix - - n - - smtp smtp_enforced_tls unix - - n - - smtp
-o smtp_tls_security_level=encrypt -o smtp_tls_security_level=encrypt
-o syslog_name=enforced-tls-smtp -o syslog_name=enforced-tls-smtp
-o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter -o smtp_delivery_status_filter=pcre:/opt/postfix/conf/smtp_dsn_filter
# smtp connector used, when a transport map matched # smtp connector used, when a transport map matched
# this helps to have different sasl maps than we have with sender dependent transport maps # this helps to have different sasl maps than we have with sender dependent transport maps
smtp_via_transport_maps unix - - n - - smtp smtp_via_transport_maps unix - - n - - smtp
@ -100,6 +105,7 @@ maildrop unix - n n - - pipe flags=DRhu
# start whitelist_fwd # start whitelist_fwd
127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh 127.0.0.1:10027 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/whitelist_forwardinghosts.sh
127.0.0.1:10028 inet n n n - 0 spawn user=nobody argv=/usr/local/bin/smtpd_last_login.sh
# end whitelist_fwd # end whitelist_fwd
# start watchdog-specific # start watchdog-specific

View File

@ -57,7 +57,13 @@ table tbody tr {
table tbody tr td input[type="checkbox"] { table tbody tr td input[type="checkbox"] {
cursor: pointer; cursor: pointer;
} }
.label-last { .label-last-in {
color: #c7254e !important; line-height: 2.5;
background-color: #f9f2f4 !important; color: #4a4a4a!important;
background-color: #ececec!important;
}
.label-last-out {
line-height: 2.5;
color: #ececec!important;
background-color: #a0a0a0!important;
} }

View File

@ -3345,10 +3345,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$mailboxdata = array(); $mailboxdata = array();
$rl = ratelimit('get', 'mailbox', $_data); $rl = ratelimit('get', 'mailbox', $_data);
$last_imap_login = $redis->Get('last-login/imap/' . $_data); $last_imap_login = $redis->Get('last-login/imap/' . $_data);
$last_smtp_login = $redis->Get('last-login/smtp/' . $_data);
$last_pop3_login = $redis->Get('last-login/pop3/' . $_data); $last_pop3_login = $redis->Get('last-login/pop3/' . $_data);
if ($last_imap_login === false || $GLOBALS['SHOW_LAST_LOGIN'] === false) { if ($last_imap_login === false || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
$last_imap_login = '0'; $last_imap_login = '0';
} }
if ($last_smtp_login === false || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
$last_smtp_login = '0';
}
if ($last_pop3_login === false || $GLOBALS['SHOW_LAST_LOGIN'] === false) { if ($last_pop3_login === false || $GLOBALS['SHOW_LAST_LOGIN'] === false) {
$last_pop3_login = '0'; $last_pop3_login = '0';
} }
@ -3416,6 +3420,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$mailboxdata['is_relayed'] = $row['backupmx']; $mailboxdata['is_relayed'] = $row['backupmx'];
$mailboxdata['name'] = $row['name']; $mailboxdata['name'] = $row['name'];
$mailboxdata['last_imap_login'] = $last_imap_login; $mailboxdata['last_imap_login'] = $last_imap_login;
$mailboxdata['last_smtp_login'] = $last_smtp_login;
$mailboxdata['last_pop3_login'] = $last_pop3_login; $mailboxdata['last_pop3_login'] = $last_pop3_login;
$mailboxdata['active'] = $row['active']; $mailboxdata['active'] = $row['active'];
$mailboxdata['active_int'] = $row['active_int']; $mailboxdata['active_int'] = $row['active_int'];

View File

@ -363,8 +363,9 @@ jQuery(function($){
}, },
"formatter": function(value){ "formatter": function(value){
res = value.split("/"); res = value.split("/");
return '<div class="label label-last">IMAP @ ' + unix_time_format(Number(res[0])) + '</div> ' + return '<div class="label label-last-in">IMAP @ ' + unix_time_format(Number(res[0])) + '</div><br>' +
'<div class="label label-last">POP3 @ ' + unix_time_format(Number(res[1])) + '</div>'; '<div class="label label-last-in">POP3 @ ' + unix_time_format(Number(res[1])) + '</div><br>' +
'<div class="label label-last-out">SMTP @ ' + unix_time_format(Number(res[2])) + '</div>';
}}, }},
{"name":"quarantine_notification","filterable": false,"title":lang.quarantine_notification,"breakpoints":"all"}, {"name":"quarantine_notification","filterable": false,"title":lang.quarantine_notification,"breakpoints":"all"},
{"name":"in_use","filterable": false,"type":"html","title":lang.in_use,"sortValue": function(value){ {"name":"in_use","filterable": false,"type":"html","title":lang.in_use,"sortValue": function(value){
@ -388,7 +389,7 @@ jQuery(function($){
$.each(data, function (i, item) { $.each(data, function (i, item) {
item.quota = item.quota_used + "/" + item.quota; item.quota = item.quota_used + "/" + item.quota;
item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox); item.max_quota_for_mbox = humanFileSize(item.max_quota_for_mbox);
item.last_mail_login = item.last_imap_login + '/' + item.last_pop3_login; item.last_mail_login = item.last_imap_login + '/' + item.last_pop3_login + '/' + item.last_smtp_login;
if (!item.rl) { if (!item.rl) {
item.rl = '∞'; item.rl = '∞';
} else { } else {