Add multimap and forced actions for forwarded_hosts, removed from settings

master
andryyy 2017-05-08 23:09:21 +02:00
parent 5861bec0c3
commit d64ed65575
4 changed files with 50 additions and 101 deletions

View File

@ -1,56 +1,44 @@
<?php <?php
header('Content-Type: text/plain'); header('Content-Type: text/plain');
require_once "vars.inc.php";
ini_set('error_reporting', 0); ini_set('error_reporting', 0);
function in_net($addr, $net) $redis = new Redis();
{ $redis->connect('redis-mailcow', 6379);
function in_net($addr, $net) {
$net = explode('/', $net); $net = explode('/', $net);
if (count($net) > 1) if (count($net) > 1) {
$mask = $net[1]; $mask = $net[1];
}
$net = inet_pton($net[0]); $net = inet_pton($net[0]);
$addr = inet_pton($addr); $addr = inet_pton($addr);
$length = strlen($net); // 4 for IPv4, 16 for IPv6 $length = strlen($net); // 4 for IPv4, 16 for IPv6
if (strlen($net) != strlen($addr)) if (strlen($net) != strlen($addr)) {
return FALSE; return false;
if (!isset($mask)) }
if (!isset($mask)) {
$mask = $length * 8; $mask = $length * 8;
}
$addr_bin = ''; $addr_bin = '';
$net_bin = ''; $net_bin = '';
for ($i = 0; $i < $length; ++$i) for ($i = 0; $i < $length; ++$i) {
{
$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT); $addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT); $net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
} }
return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask); return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
} }
$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
try { try {
$pdo = new PDO($dsn, $database_user, $database_pass, $opt); foreach ($redis->hGetAll('WHITELISTED_FWD_HOST') as $host => $source) {
$stmt = $pdo->query("SELECT host FROM `forwarding_hosts`"); if (in_net($_GET['host'], $host)) {
$networks = $stmt->fetchAll(PDO::FETCH_COLUMN); echo '200 PERMIT';
foreach ($networks as $network)
{
if (in_net($_GET['host'], $network))
{
echo '200 permit';
exit; exit;
} }
} }
echo '200 dunno'; echo '200 DUNNO';
} }
catch (PDOException $e) { catch (RedisException $e) {
echo '200 dunno'; echo '200 DUNNO';
exit; exit;
} }
?> ?>

View File

@ -31,67 +31,7 @@ catch (PDOException $e) {
?> ?>
settings { settings {
/*
// Start whitelist for forwarding hosts
*/
<?php <?php
try {
$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts` WHERE `filter_spam` = 1");
$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
}
catch (PDOException $e) {
$rows = array();
}
if (!empty($rows)) {
?>
whitelist_forwarding_hosts_with_spam_filter {
priority = high;
<?php
foreach ($rows as $host):
?>
ip = "<?=$host;?>";
<?php
endforeach;
?>
apply "default" {
actions {
reject = 999.9;
greylist = 999.8;
}
}
symbols [
"WHITELIST_FORWARDING_HOST"
]
}
<?php
}
try {
$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts` WHERE `filter_spam` = 0");
$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
}
catch (PDOException $e) {
$rows = array();
}
if (!empty($rows)) {
?>
whitelist_forwarding_hosts {
priority = high;
<?php
foreach ($rows as $host):
?>
ip = "<?=$host;?>";
<?php
endforeach;
?>
want_spam = yes;
}
<?php
}
/* /*
// Start custom scores for users // Start custom scores for users

View File

@ -9,4 +9,14 @@ rules {
expression = "CLAM_VIRUS & !MAILCOW_WHITE"; expression = "CLAM_VIRUS & !MAILCOW_WHITE";
honor_action = ["reject"]; honor_action = ["reject"];
} }
WHITELIST_FORWARDING_HOST_NO_REJECT {
action = "add header";
expression = "WHITELIST_FORWARDING_HOST";
require_action = ["soft reject", "reject"];
}
WHITELIST_FORWARDING_HOST_NO_GREYLIST {
action = "no action";
expression = "WHITELIST_FORWARDING_HOST";
require_action = ["greylist"];
}
} }

View File

@ -9,3 +9,14 @@ RCPT_WANTS_SUBJECT_TAG {
filter = "email:addr" filter = "email:addr"
map = "redis://RCPT_WANTS_SUBJECT_TAG" map = "redis://RCPT_WANTS_SUBJECT_TAG"
} }
WHITELISTED_FWD_HOST {
type = "ip";
map = "redis://WHITELISTED_FWD_HOST"
}
KEEP_SPAM {
type = "ip";
map = "redis://KEEP_SPAM"
action = "accept";
}