diff --git a/data/web/admin.php b/data/web/admin.php
index da27a7d6..07d38776 100644
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -303,6 +303,16 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
<label for="password"><?=$lang['admin']['password'];?></label>
<input class="form-control" name="password">
</div>
+ <!-- <div class="form-group">
+ <label>
+ <input type="checkbox" name="lookup_mx" value="1"> <?=$lang['admin']['lookup_mx'];?>
+ </label>
+ </div> -->
+ <div class="form-group">
+ <label>
+ <input type="checkbox" name="active" value="1"> <?=$lang['admin']['active'];?>
+ </label>
+ </div>
<p class="help-block"><?=$lang['admin']['credentials_transport_warning'];?></p>
<button class="btn btn-default" data-action="add_item" data-id="transport" data-api-url='add/transport' data-api-attr='{}' href="#"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
</form>
@@ -363,7 +373,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
else {
?>
<div class="row">
- <div class="col-md-1"><input class="dkim_missing" type="checkbox" data-id="dkim" name="multi_select" value="<?=$domain;?>" disabled /></div>
+ <div class="col-md-1"><input class="dkim_missing" type="checkbox" data-id="dkim" name="multi_select" value="<?=$domain;?>" disabled /></div>
<div class="col-md-3">
<p><?=$lang['admin']['domain'];?>: <strong><?=htmlspecialchars($domain);?></strong><br /><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
</div>
diff --git a/data/web/edit.php b/data/web/edit.php
index 3bb8a26c..72431812 100644
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -644,6 +644,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
<div class="form-group">
<button class="btn btn-default" data-action="edit_selected" data-id="mboxratelimit" data-item="<?=htmlspecialchars($mailbox);?>" data-api-url='edit/rl-mbox' data-api-attr='{}' href="#"><?=$lang['admin']['save'];?></button>
</div>
+ <p class="help-block"><?=$lang['edit']['mbox_rl_info'];?></p>
</div>
</div>
</form>
@@ -686,6 +687,7 @@ if (isset($_SESSION['mailcow_cc_role'])) {
<label class="control-label col-sm-2" for="hostname"><?=$lang['add']['hostname'];?></label>
<div class="col-sm-10">
<input type="text" class="form-control" name="hostname" value="<?=htmlspecialchars($result['hostname'], ENT_QUOTES, 'UTF-8');?>" required>
+ <p class="help-block"><?=$lang['add']['relayhost_wrapped_tls_info'];?></p>
</div>
</div>
<div class="form-group">
diff --git a/data/web/inc/ajax/transport_check.php b/data/web/inc/ajax/transport_check.php
index e956f4f2..f959ee35 100644
--- a/data/web/inc/ajax/transport_check.php
+++ b/data/web/inc/ajax/transport_check.php
@@ -58,9 +58,11 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
)
);
$mail->SMTPDebug = 3;
- if ($port == 465) {
- $mail->SMTPSecure = "ssl";
- }
+ // smtp: and smtp_enforced_tls: do not support wrapped tls, todo?
+ // change postfix map to detect wrapped tls or add a checkbox to toggle wrapped tls
+ // if ($port == 465) {
+ // $mail->SMTPSecure = "ssl";
+ // }
$mail->Debugoutput = function($str, $level) {
foreach(preg_split("/((\r?\n)|(\r\n?)|\n)/", $str) as $line){
if (empty($line)) { continue; }
diff --git a/data/web/inc/functions.mailbox.inc.php b/data/web/inc/functions.mailbox.inc.php
index 80d6900f..d16c3a18 100644
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3069,7 +3069,14 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$mailboxdata['max_new_quota'] = ($DomainQuota['maxquota'] * 1048576);
}
$mailboxdata['username'] = $row['username'];
- $mailboxdata['rl'] = $rl;
+ if (!empty($rl)) {
+ $mailboxdata['rl'] = $rl;
+ $mailboxdata['rl_scope'] = 'mailbox';
+ }
+ else {
+ $mailboxdata['rl'] = ratelimit('get', 'domain', $row['domain']);
+ $mailboxdata['rl_scope'] = 'domain';
+ }
$mailboxdata['is_relayed'] = $row['backupmx'];
$mailboxdata['name'] = $row['name'];
$mailboxdata['active'] = $row['active'];
diff --git a/data/web/inc/functions.transports.inc.php b/data/web/inc/functions.transports.inc.php
index e007f94d..0bc19c13 100644
--- a/data/web/inc/functions.transports.inc.php
+++ b/data/web/inc/functions.transports.inc.php
@@ -187,6 +187,8 @@ function transport($_action, $_data = null) {
return false;
}
$destination = trim($_data['destination']);
+ $active = intval($_data['active']);
+ $lookup_mx = intval($_data['lookup_mx']);
$nexthop = trim($_data['nexthop']);
preg_match('/\[(.+)\].*/', $nexthop, $next_hop_matches);
$next_hop_clean = (isset($next_hop_matches[1])) ? $next_hop_matches[1] : $nexthop;
@@ -256,14 +258,15 @@ function transport($_action, $_data = null) {
}
}
try {
- $stmt = $pdo->prepare("INSERT INTO `transports` (`nexthop`, `destination`, `username` ,`password`, `active`)
- VALUES (:nexthop, :destination, :username, :password, :active)");
+ $stmt = $pdo->prepare("INSERT INTO `transports` (`nexthop`, `destination`, `username` , `password`, `lookup_mx`, `active`)
+ VALUES (:nexthop, :destination, :username, :password, :lookup_mx, :active)");
$stmt->execute(array(
':nexthop' => $nexthop,
':destination' => $destination,
':username' => $username,
':password' => str_replace(':', '\:', $password),
- ':active' => '1'
+ ':lookup_mx' => $lookup_mx,
+ ':active' => $active
));
$stmt = $pdo->prepare("UPDATE `transports` SET
`username` = :username,
@@ -306,7 +309,8 @@ function transport($_action, $_data = null) {
$nexthop = (!empty($_data['nexthop'])) ? trim($_data['nexthop']) : $is_now['nexthop'];
$username = (isset($_data['username'])) ? trim($_data['username']) : $is_now['username'];
$password = (isset($_data['password'])) ? trim($_data['password']) : $is_now['password'];
- $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int'];
+ $lookup_mx = (isset($_data['lookup_mx']) && $_data['lookup_mx'] != '') ? intval($_data['lookup_mx']) : $is_now['lookup_mx_int'];
+ $active = (isset($_data['active']) && $_data['active'] != '') ? intval($_data['active']) : $is_now['active_int'];
}
else {
$_SESSION['return'][] = array(
@@ -368,6 +372,7 @@ function transport($_action, $_data = null) {
`nexthop` = :nexthop,
`username` = :username,
`password` = :password,
+ `lookup_mx` = :lookup_mx,
`active` = :active
WHERE `id` = :id");
$stmt->execute(array(
@@ -376,6 +381,7 @@ function transport($_action, $_data = null) {
':nexthop' => $nexthop,
':username' => $username,
':password' => $password,
+ ':lookup_mx' => $lookup_mx,
':active' => $active
));
$stmt = $pdo->prepare("UPDATE `transports` SET
@@ -453,8 +459,10 @@ function transport($_action, $_data = null) {
`username`,
`password`,
`active` AS `active_int`,
+ `lookup_mx` AS `lookup_mx_int`,
CONCAT(LEFT(`password`, 3), '...') AS `password_short`,
- CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`
+ CASE `active` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `active`,
+ CASE `lookup_mx` WHEN 1 THEN '".$lang['mailbox']['yes']."' ELSE '".$lang['mailbox']['no']."' END AS `lookup_mx`
FROM `transports`
WHERE `id` = :id");
$stmt->execute(array(':id' => $_data));
diff --git a/data/web/inc/init_db.inc.php b/data/web/inc/init_db.inc.php
index ddbf5ab1..cd8ca1c7 100644
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
@@ -3,7 +3,7 @@ function init_db_schema() {
try {
global $pdo;
- $db_version = "09062019_1208";
+ $db_version = "22082019_2140";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -116,6 +116,7 @@ function init_db_schema() {
"nexthop" => "VARCHAR(255) NOT NULL",
"username" => "VARCHAR(255) NOT NULL",
"password" => "VARCHAR(255) NOT NULL",
+ "lookup_mx" => "TINYINT(1) NOT NULL DEFAULT '1'",
"active" => "TINYINT(1) NOT NULL DEFAULT '1'"
),
"keys" => array(
diff --git a/data/web/js/site/mailbox.js b/data/web/js/site/mailbox.js
index 50b5956d..9a8e555e 100644
--- a/data/web/js/site/mailbox.js
+++ b/data/web/js/site/mailbox.js
@@ -352,6 +352,9 @@ jQuery(function($){
item.rl = $.map(item.rl, function(e){
return e;
}).join('/1');
+ if (item.rl_scope === 'domain') {
+ item.rl = '↪ ' + item.rl + ' (via ' + item.domain + ')';
+ }
}
item.chkbox = '<input type="checkbox" data-id="mailbox" name="multi_select" value="' + encodeURIComponent(item.username) + '" />';
item.tls_enforce_in = '<span class="text-' + (item.attributes.tls_enforce_in == 1 ? 'success' : 'danger') + ' glyphicon glyphicon-lock"></span>';
diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php
index 243d7432..b7215750 100644
--- a/data/web/lang/lang.de.php
+++ b/data/web/lang/lang.de.php
@@ -614,7 +614,7 @@ $lang['admin']['forwarding_hosts_hint'] = 'Eingehende Nachrichten werden von den
$lang['admin']['forwarding_hosts_add_hint'] = 'Sie können entweder IPv4/IPv6-Adressen, Netzwerke in CIDR-Notation, Hostnamen (die zu IP-Adressen aufgelöst werden), oder Domainnamen (die zu IP-Adressen aufgelöst werden, indem ihr SPF-Record abgefragt wird oder, in dessen Abwesenheit, ihre MX-Records) angeben.';
$lang['admin']['relayhosts_hint'] = 'Erstellen Sie senderabhängige Transporte, um diese im Einstellungsdialog einer Domain auszuwählen.<br>
Der Transporttyp lautet immer "smtp:". Benutzereinstellungen bezüglich Verschlüsselungsrichtlinie werden beim Transport berücksichtigt.';
-$lang['admin']['transports_hint'] = '→ Transport Maps <b>überwiegen</b> senderabhängige Transport Maps.
+$lang['admin']['transports_hint'] = '→ Transport Maps <b>überwiegen</b> senderabhängige Transport Maps.<br>
→ Transport Maps ignorieren Mailbox-Einstellungen für ausgehende Verschlüsselung. Eine serverweite TLS-Richtlinie wird jedoch angewendet.<br>
→ Der Transport erfolgt immer via "smtp:".<br>
→ Adressen, die mit "/localhost$/" übereinstimmen, werden immer via "local:" transportiert, daher sind sie von einer Zieldefinition "*" ausgeschlossen.<br>
@@ -852,3 +852,8 @@ $lang['admin']['validate_license_now'] = 'GUID erneut verifizieren';
$lang['admin']['customer_id'] = 'Kunde';
$lang['admin']['service_id'] = 'Service';
+$lang['admin']['lookup_mx'] = 'Ziel gegen MX prüfen (etwa .outlook.com, um alle Ziele mit MX *.outlook.com zu routen)';
+$lang['edit']['mbox_rl_info'] = 'Dieses Limit wird auf den SASL Loginnamen angewendet und betrifft daher alle Absenderadressen, die der eingeloggte Benutzer verwendet. Eub Mailbox Ratelimit überwiegt ein Domain-weites Ratelimit.';
+
+$lang['add']['relayhost_wrapped_tls_info'] = 'Bitte <b>keine</b> TLS-wrapped Ports verwenden (etwa SMTPS via Port 465/tcp).<br>
+Der Transport wird stattdessen STARTTLS anfordern, um TLS zu verwenden. TLS kann unter "TLS Policy Maps" erzwungen werden.';
diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php
index b5748482..3d6f599f 100644
--- a/data/web/lang/lang.en.php
+++ b/data/web/lang/lang.en.php
@@ -880,3 +880,10 @@ $lang['admin']['validate_license_now'] = 'Validate GUID against license server';
$lang['admin']['customer_id'] = 'Customer ID';
$lang['admin']['service_id'] = 'Service ID';
+
+$lang['admin']['lookup_mx'] = 'Match destination against MX (.outlook.com to route all mail targeted to a MX *.outlook.com over this hop)';
+$lang['edit']['mbox_rl_info'] = 'This rate limit is applied on the SASL login name, it matches any "from" address used by the logged-in user. A mailbox rate limit overrides a domain-wide rate limit.';
+
+$lang['add']['relayhost_wrapped_tls_info'] = 'Please do <b>not</b> use TLS-wrapped ports (mostly used on port 465).<br>
+Use any non-wrapped port and issue STARTTLS. A TLS policy to enforce TLS can be created in "TLS policy maps".';
+