Add multimap and forced actions for forwarded_hosts, removed from settings
andryyy
parent
5861bec0c3
commit
d64ed65575
|
|
@ -1,56 +1,44 @@
|
|||
<?php
|
||||
header('Content-Type: text/plain');
|
||||
require_once "vars.inc.php";
|
||||
|
||||
ini_set('error_reporting', 0);
|
||||
|
||||
function in_net($addr, $net)
|
||||
{
|
||||
$net = explode('/', $net);
|
||||
if (count($net) > 1)
|
||||
$mask = $net[1];
|
||||
$net = inet_pton($net[0]);
|
||||
$addr = inet_pton($addr);
|
||||
$redis = new Redis();
|
||||
$redis->connect('redis-mailcow', 6379);
|
||||
|
||||
$length = strlen($net); // 4 for IPv4, 16 for IPv6
|
||||
if (strlen($net) != strlen($addr))
|
||||
return FALSE;
|
||||
if (!isset($mask))
|
||||
$mask = $length * 8;
|
||||
|
||||
$addr_bin = '';
|
||||
$net_bin = '';
|
||||
for ($i = 0; $i < $length; ++$i)
|
||||
{
|
||||
$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
|
||||
$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
|
||||
}
|
||||
|
||||
return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
|
||||
function in_net($addr, $net) {
|
||||
$net = explode('/', $net);
|
||||
if (count($net) > 1) {
|
||||
$mask = $net[1];
|
||||
}
|
||||
$net = inet_pton($net[0]);
|
||||
$addr = inet_pton($addr);
|
||||
$length = strlen($net); // 4 for IPv4, 16 for IPv6
|
||||
if (strlen($net) != strlen($addr)) {
|
||||
return false;
|
||||
}
|
||||
if (!isset($mask)) {
|
||||
$mask = $length * 8;
|
||||
}
|
||||
$addr_bin = '';
|
||||
$net_bin = '';
|
||||
for ($i = 0; $i < $length; ++$i) {
|
||||
$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
|
||||
$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
|
||||
}
|
||||
return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
|
||||
}
|
||||
|
||||
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
|
||||
$opt = [
|
||||
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
|
||||
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
|
||||
PDO::ATTR_EMULATE_PREPARES => false,
|
||||
];
|
||||
try {
|
||||
$pdo = new PDO($dsn, $database_user, $database_pass, $opt);
|
||||
$stmt = $pdo->query("SELECT host FROM `forwarding_hosts`");
|
||||
$networks = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
foreach ($networks as $network)
|
||||
{
|
||||
if (in_net($_GET['host'], $network))
|
||||
{
|
||||
echo '200 permit';
|
||||
foreach ($redis->hGetAll('WHITELISTED_FWD_HOST') as $host => $source) {
|
||||
if (in_net($_GET['host'], $host)) {
|
||||
echo '200 PERMIT';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
echo '200 dunno';
|
||||
echo '200 DUNNO';
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
echo '200 dunno';
|
||||
catch (RedisException $e) {
|
||||
echo '200 DUNNO';
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -31,67 +31,7 @@ catch (PDOException $e) {
|
|||
|
||||
?>
|
||||
settings {
|
||||
|
||||
/*
|
||||
// Start whitelist for forwarding hosts
|
||||
*/
|
||||
|
||||
<?php
|
||||
try {
|
||||
$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts` WHERE `filter_spam` = 1");
|
||||
$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
$rows = array();
|
||||
}
|
||||
|
||||
if (!empty($rows)) {
|
||||
?>
|
||||
whitelist_forwarding_hosts_with_spam_filter {
|
||||
priority = high;
|
||||
<?php
|
||||
foreach ($rows as $host):
|
||||
?>
|
||||
ip = "<?=$host;?>";
|
||||
<?php
|
||||
endforeach;
|
||||
?>
|
||||
apply "default" {
|
||||
actions {
|
||||
reject = 999.9;
|
||||
greylist = 999.8;
|
||||
}
|
||||
}
|
||||
symbols [
|
||||
"WHITELIST_FORWARDING_HOST"
|
||||
]
|
||||
}
|
||||
<?php
|
||||
}
|
||||
|
||||
try {
|
||||
$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts` WHERE `filter_spam` = 0");
|
||||
$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
$rows = array();
|
||||
}
|
||||
|
||||
if (!empty($rows)) {
|
||||
?>
|
||||
whitelist_forwarding_hosts {
|
||||
priority = high;
|
||||
<?php
|
||||
foreach ($rows as $host):
|
||||
?>
|
||||
ip = "<?=$host;?>";
|
||||
<?php
|
||||
endforeach;
|
||||
?>
|
||||
want_spam = yes;
|
||||
}
|
||||
<?php
|
||||
}
|
||||
|
||||
/*
|
||||
// Start custom scores for users
|
||||
|
|
|
|||
|
|
@ -9,4 +9,14 @@ rules {
|
|||
expression = "CLAM_VIRUS & !MAILCOW_WHITE";
|
||||
honor_action = ["reject"];
|
||||
}
|
||||
WHITELIST_FORWARDING_HOST_NO_REJECT {
|
||||
action = "add header";
|
||||
expression = "WHITELIST_FORWARDING_HOST";
|
||||
require_action = ["soft reject", "reject"];
|
||||
}
|
||||
WHITELIST_FORWARDING_HOST_NO_GREYLIST {
|
||||
action = "no action";
|
||||
expression = "WHITELIST_FORWARDING_HOST";
|
||||
require_action = ["greylist"];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,3 +9,14 @@ RCPT_WANTS_SUBJECT_TAG {
|
|||
filter = "email:addr"
|
||||
map = "redis://RCPT_WANTS_SUBJECT_TAG"
|
||||
}
|
||||
|
||||
WHITELISTED_FWD_HOST {
|
||||
type = "ip";
|
||||
map = "redis://WHITELISTED_FWD_HOST"
|
||||
}
|
||||
|
||||
KEEP_SPAM {
|
||||
type = "ip";
|
||||
map = "redis://KEEP_SPAM"
|
||||
action = "accept";
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue