paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[ACME] Fix for CNAME response on AAAA dig request

master
André 2018-06-28 20:41:44 +02:00
parent 9dc250c9f2
commit d6a74e82e3
3 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
data/Dockerfiles/acme/docker-entrypoint.sh
View File

@ -172,6 +172,10 @@ while true; do
for SQL_DOMAIN in "${SQL_DOMAIN_ARR[@]}"; do for SQL_DOMAIN in "${SQL_DOMAIN_ARR[@]}"; do
A_CONFIG=$(dig A autoconfig.${SQL_DOMAIN} +short | tail -n 1) A_CONFIG=$(dig A autoconfig.${SQL_DOMAIN} +short | tail -n 1)
AAAA_CONFIG=$(dig AAAA autoconfig.${SQL_DOMAIN} +short | tail -n 1) AAAA_CONFIG=$(dig AAAA autoconfig.${SQL_DOMAIN} +short | tail -n 1)
# Check if CNAME without v6 enabled target
if [[ ! -z ${AAAA_CONFIG} ]] && [[ -z $(echo ${AAAA_CONFIG} | grep "^\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}$") ]]; then
AAAA_CONFIG=
fi
if [[ ! -z ${AAAA_CONFIG} ]]; then if [[ ! -z ${AAAA_CONFIG} ]]; then
log_f "Found AAAA record for autoconfig.${SQL_DOMAIN}: ${AAAA_CONFIG} - skipping A record check" log_f "Found AAAA record for autoconfig.${SQL_DOMAIN}: ${AAAA_CONFIG} - skipping A record check"
if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_CONFIG}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_CONFIG}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then
@ -194,6 +198,10 @@ while true; do
A_DISCOVER=$(dig A autodiscover.${SQL_DOMAIN} +short | tail -n 1) A_DISCOVER=$(dig A autodiscover.${SQL_DOMAIN} +short | tail -n 1)
AAAA_DISCOVER=$(dig AAAA autodiscover.${SQL_DOMAIN} +short | tail -n 1) AAAA_DISCOVER=$(dig AAAA autodiscover.${SQL_DOMAIN} +short | tail -n 1)
# Check if CNAME without v6 enabled target
if [[ ! -z ${AAAA_DISCOVER} ]] && [[ -z $(echo ${AAAA_DISCOVER} | grep "^\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}$") ]]; then
AAAA_DISCOVER=
fi
if [[ ! -z ${AAAA_DISCOVER} ]]; then if [[ ! -z ${AAAA_DISCOVER} ]]; then
log_f "Found AAAA record for autodiscover.${SQL_DOMAIN}: ${AAAA_DISCOVER} - skipping A record check" log_f "Found AAAA record for autodiscover.${SQL_DOMAIN}: ${AAAA_DISCOVER} - skipping A record check"
if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_DISCOVER}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_DISCOVER}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then
@ -217,6 +225,10 @@ while true; do
A_MAILCOW_HOSTNAME=$(dig A ${MAILCOW_HOSTNAME} +short | tail -n 1) A_MAILCOW_HOSTNAME=$(dig A ${MAILCOW_HOSTNAME} +short | tail -n 1)
AAAA_MAILCOW_HOSTNAME=$(dig AAAA ${MAILCOW_HOSTNAME} +short | tail -n 1) AAAA_MAILCOW_HOSTNAME=$(dig AAAA ${MAILCOW_HOSTNAME} +short | tail -n 1)
# Check if CNAME without v6 enabled target
if [[ ! -z ${AAAA_MAILCOW_HOSTNAME} ]] && [[ -z $(echo ${AAAA_MAILCOW_HOSTNAME} | grep "^\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}$") ]]; then
AAAA_MAILCOW_HOSTNAME=
fi
if [[ ! -z ${AAAA_MAILCOW_HOSTNAME} ]]; then if [[ ! -z ${AAAA_MAILCOW_HOSTNAME} ]]; then
log_f "Found AAAA record for ${MAILCOW_HOSTNAME}: ${AAAA_MAILCOW_HOSTNAME} - skipping A record check" log_f "Found AAAA record for ${MAILCOW_HOSTNAME}: ${AAAA_MAILCOW_HOSTNAME} - skipping A record check"
if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_MAILCOW_HOSTNAME}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_MAILCOW_HOSTNAME}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then
@ -243,6 +255,10 @@ while true; do
fi fi
A_SAN=$(dig A ${SAN} +short | tail -n 1) A_SAN=$(dig A ${SAN} +short | tail -n 1)
AAAA_SAN=$(dig AAAA ${SAN} +short | tail -n 1) AAAA_SAN=$(dig AAAA ${SAN} +short | tail -n 1)
# Check if CNAME without v6 enabled target
if [[ ! -z ${AAAA_SAN} ]] && [[ -z $(echo ${AAAA_SAN} | grep "^\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}$") ]]; then
AAAA_SAN=
fi
if [[ ! -z ${AAAA_SAN} ]]; then if [[ ! -z ${AAAA_SAN} ]]; then
log_f "Found AAAA record for ${SAN}: ${AAAA_SAN} - skipping A record check" log_f "Found AAAA record for ${SAN}: ${AAAA_SAN} - skipping A record check"
if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_SAN}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then if [[ $(expand ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}) == $(expand ${AAAA_SAN}) ]] || [[ ${SKIP_IP_CHECK} == "y" ]]; then

6
data/conf/rspamd/dynmaps/settings.php
View File

@ -47,7 +47,7 @@ function ucl_rcpts($object, $type) {
if (!empty($local) && !empty($domain)) { if (!empty($local) && !empty($domain)) {
$rcpt[] = '/' . str_replace('/', '\/', $local) . '[+].*' . str_replace('/', '\/', $domain) . '/i'; $rcpt[] = '/' . str_replace('/', '\/', $local) . '[+].*' . str_replace('/', '\/', $domain) . '/i';
} }
$rcpt[] = str_replace('/', '\/', $row['address']); $rcpt[] = '/' . str_replace('/', '\/', $row['address']) . '/i';
} }
// Aliases by alias domains // Aliases by alias domains
$stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `alias` FROM `mailbox` $stmt = $pdo->prepare("SELECT CONCAT(`local_part`, '@', `alias_domain`.`alias_domain`) AS `alias` FROM `mailbox`
@ -63,9 +63,9 @@ function ucl_rcpts($object, $type) {
$local = parse_email($row['alias'])['local']; $local = parse_email($row['alias'])['local'];
$domain = parse_email($row['alias'])['domain']; $domain = parse_email($row['alias'])['domain'];
if (!empty($local) && !empty($domain)) { if (!empty($local) && !empty($domain)) {
$rcpt[] = '/' . $local . '[+].*' . $domain . '/i'; $rcpt[] = '/' . str_replace('/', '\/', $local) . '[+].*' . str_replace('/', '\/', $domain) . '/i';
} }
$rcpt[] = $row['alias']; $rcpt[] = '/' . str_replace('/', '\/', $row['alias']) . '/i';
} }
} }
} }

2
docker-compose.yml
View File

@ -298,7 +298,7 @@ services:
depends_on: depends_on:
- nginx-mailcow - nginx-mailcow
- mysql-mailcow - mysql-mailcow
image: mailcow/acme:1.32 image: mailcow/acme:1.33
build: ./data/Dockerfiles/acme build: ./data/Dockerfiles/acme
sysctls: sysctls:
- net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}