7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Remove XMPP options

Browse Source 
[Web] Add Rspamd preset #4
[Web] Do not show failed SASL logins (and also remove them from db)
This commit is contained in:
andryyy
2021-06-30 10:13:29 +02:00
parent 13223245f2
commit 8b08d09ca2
22 changed files with 49 additions and 762 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
data/web/inc/ajax/dns_diagnostics.php
View File

@@ -126,28 +126,6 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
'CNAME',
$mailcow_hostname
);
if ($domain_details['xmpp'] === 1 && isset($domain_details['xmpp_prefix'])) {
$records[] = array(
$domain_details['xmpp_prefix'] . '.' . $domain,
'CNAME',
$mailcow_hostname
);
$records[] = array(
'*.' . $domain_details['xmpp_prefix'] . '.' . $domain,
'CNAME',
$mailcow_hostname
);
$records[] = array(
'_xmpp-client._tcp.' . $domain_details['xmpp_prefix'] . '.' . $domain,
'SRV',
$mailcow_hostname . ' ' . array_pop(explode(':', getenv('XMPP_C2S_PORT')))
);
$records[] = array(
'_xmpp-server._tcp.' . $domain_details['xmpp_prefix'] . '.' . $domain,
'SRV',
$mailcow_hostname . ' ' . array_pop(explode(':', getenv('XMPP_S2S_PORT')))
);
}
}
$records[] = array(

4
data/web/inc/functions.inc.php
View File

@@ -262,7 +262,6 @@ function last_login($action, $username, $sasl_limit_days = 7) {
LEFT OUTER JOIN `app_passwd` on `sasl_logs`.`app_password` = `app_passwd`.`id`
WHERE `username` = :username
AND HOUR(TIMEDIFF(NOW(), `datetime`)) < :sasl_limit_days
AND `success` = 1
GROUP BY `real_rip`, `service`, `app_password`
ORDER BY `datetime` DESC;');
$stmt->execute(array(':username' => $username, ':sasl_limit_days' => ($sasl_limit_days * 24)));
@@ -333,8 +332,7 @@ function last_login($action, $username, $sasl_limit_days = 7) {
case 'reset':
if (filter_var($username, FILTER_VALIDATE_EMAIL) && hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
$stmt = $pdo->prepare('DELETE FROM `sasl_logs`
WHERE `username` = :username
AND `success` = 1;');
WHERE `username` = :username');
$stmt->execute(array(':username' => $username));
}
if ($_SESSION['mailcow_cc_role'] == "admin" || $username == $_SESSION['mailcow_cc_username']) {

46
data/web/inc/functions.mailbox.inc.php
View File

@@ -450,7 +450,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
}
$domain = idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
$description = $_data['description'];
$xmpp_prefix = preg_replace('/[^\da-z-]/i', '', $_data['xmpp_prefix']);
if (empty($description)) {
$description = $domain;
}
@@ -497,7 +496,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$relay_unknown_only = intval($_data['relay_unknown_only']);
$backupmx = intval($_data['backupmx']);
$gal = intval($_data['gal']);
$xmpp = intval($_data['xmpp']);
if ($relay_all_recipients == 1) {
$backupmx = '1';
}
@@ -551,8 +549,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$stmt->execute(array(
':domain' => '%@' . $domain
));
$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `defquota`, `maxquota`, `quota`, `backupmx`, `gal`, `xmpp`, `xmpp_prefix`, `active`, `relay_unknown_only`, `relay_all_recipients`)
VALUES (:domain, :description, :aliases, :mailboxes, :defquota, :maxquota, :quota, :backupmx, :gal, :xmpp, :xmpp_prefix, :active, :relay_unknown_only, :relay_all_recipients)");
$stmt = $pdo->prepare("INSERT INTO `domain` (`domain`, `description`, `aliases`, `mailboxes`, `defquota`, `maxquota`, `quota`, `backupmx`, `gal`, `active`, `relay_unknown_only`, `relay_all_recipients`)
VALUES (:domain, :description, :aliases, :mailboxes, :defquota, :maxquota, :quota, :backupmx, :gal, :active, :relay_unknown_only, :relay_all_recipients)");
$stmt->execute(array(
':domain' => $domain,
':description' => $description,
@@ -563,8 +561,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
':quota' => $quota,
':backupmx' => $backupmx,
':gal' => $gal,
':xmpp' => $xmpp,
':xmpp_prefix' => $xmpp_prefix,
':active' => $active,
':relay_unknown_only' => $relay_unknown_only,
':relay_all_recipients' => $relay_all_recipients
@@ -960,8 +956,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$imap_access = (isset($_data['imap_access'])) ? intval($_data['imap_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['imap_access']);
$pop3_access = (isset($_data['pop3_access'])) ? intval($_data['pop3_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['pop3_access']);
$smtp_access = (isset($_data['smtp_access'])) ? intval($_data['smtp_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['smtp_access']);
$xmpp_access = (isset($_data['xmpp_access'])) ? intval($_data['xmpp_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['xmpp_access']);
$xmpp_admin = (isset($_data['xmpp_admin'])) ? intval($_data['xmpp_admin']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['xmpp_admin']);
$quarantine_notification = (isset($_data['quarantine_notification'])) ? strval($_data['quarantine_notification']) : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification']);
$quarantine_category = (isset($_data['quarantine_category'])) ? strval($_data['quarantine_category']) : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_category']);
$quota_b = ($quota_m * 1048576);
@@ -974,8 +968,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
'imap_access' => strval($imap_access),
'pop3_access' => strval($pop3_access),
'smtp_access' => strval($smtp_access),
'xmpp_access' => strval($xmpp_access),
'xmpp_admin' => strval($xmpp_admin),
'passwd_update' => time(),
'mailbox_format' => strval($MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format']),
'quarantine_notification' => strval($quarantine_notification),
@@ -2145,8 +2137,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$is_now = mailbox('get', 'domain_details', $domain);
if (!empty($is_now)) {
$gal = (isset($_data['gal'])) ? intval($_data['gal']) : $is_now['gal'];
$xmpp = (isset($_data['xmpp']) && !empty($_SESSION['acl']['xmpp_domain_access']) && $_SESSION['acl']['xmpp_domain_access'] == "1") ? intval($_data['xmpp']) : $is_now['xmpp'];
$xmpp_prefix = (!empty($_data['xmpp_prefix']) && !empty($_SESSION['acl']['xmpp_prefix']) && $_SESSION['acl']['xmpp_prefix'] == "1") ? $_data['xmpp_prefix'] : $is_now['xmpp_prefix'];
$description = (!empty($_data['description']) && isset($_SESSION['acl']['domain_desc']) && $_SESSION['acl']['domain_desc'] == "1") ? $_data['description'] : $is_now['description'];
(int)$relayhost = (isset($_data['relayhost']) && isset($_SESSION['acl']['domain_relayhost']) && $_SESSION['acl']['domain_relayhost'] == "1") ? intval($_data['relayhost']) : intval($is_now['relayhost']);
}
@@ -2158,18 +2148,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
);
continue;
}
$xmpp_prefix = preg_replace('/[^\da-z-]/i', '', $xmpp_prefix);
$stmt = $pdo->prepare("UPDATE `domain` SET
`description` = :description,
`gal` = :gal,
`xmpp` = :xmpp,
`xmpp_prefix` = :xmpp_prefix
`gal` = :gal
WHERE `domain` = :domain");
$stmt->execute(array(
':description' => $description,
':gal' => $gal,
':xmpp' => $xmpp,
':xmpp_prefix' => $xmpp_prefix,
':domain' => $domain
));
$_SESSION['return'][] = array(
@@ -2184,7 +2169,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
$backupmx = (isset($_data['backupmx'])) ? intval($_data['backupmx']) : $is_now['backupmx'];
$gal = (isset($_data['gal'])) ? intval($_data['gal']) : $is_now['gal'];
$xmpp = (isset($_data['xmpp'])) ? intval($_data['xmpp']) : $is_now['xmpp'];
$relay_all_recipients = (isset($_data['relay_all_recipients'])) ? intval($_data['relay_all_recipients']) : $is_now['relay_all_recipients'];
$relay_unknown_only = (isset($_data['relay_unknown_only'])) ? intval($_data['relay_unknown_only']) : $is_now['relay_unknown_only'];
$relayhost = (isset($_data['relayhost'])) ? intval($_data['relayhost']) : $is_now['relayhost'];
@@ -2194,7 +2178,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$maxquota = (!empty($_data['maxquota'])) ? $_data['maxquota'] : ($is_now['max_quota_for_mbox'] / 1048576);
$quota = (!empty($_data['quota'])) ? $_data['quota'] : ($is_now['max_quota_for_domain'] / 1048576);
$description = (!empty($_data['description'])) ? $_data['description'] : $is_now['description'];
$xmpp_prefix = (!empty($_data['xmpp_prefix'])) ? $_data['xmpp_prefix'] : $is_now['xmpp_prefix'];
if ($relay_all_recipients == '1') {
$backupmx = '1';
}
@@ -2211,7 +2194,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
);
continue;
}
$xmpp_prefix = preg_replace('/[^\da-z-]/i', '', $xmpp_prefix);
// todo: should be using api here
$stmt = $pdo->prepare("SELECT
COUNT(*) AS count,
@@ -2299,8 +2281,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
`relay_unknown_only` = :relay_unknown_only,
`backupmx` = :backupmx,
`gal` = :gal,
`xmpp` = :xmpp,
`xmpp_prefix` = :xmpp_prefix,
`active` = :active,
`quota` = :quota,
`defquota` = :defquota,
@@ -2315,8 +2295,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
':relay_unknown_only' => $relay_unknown_only,
':backupmx' => $backupmx,
':gal' => $gal,
':xmpp' => $xmpp,
':xmpp_prefix' => $xmpp_prefix,
':active' => $active,
':quota' => $quota,
':defquota' => $defquota,
@@ -2365,8 +2343,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
(int)$imap_access = (isset($_data['imap_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['imap_access']) : intval($is_now['attributes']['imap_access']);
(int)$pop3_access = (isset($_data['pop3_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['pop3_access']) : intval($is_now['attributes']['pop3_access']);
(int)$smtp_access = (isset($_data['smtp_access']) && isset($_SESSION['acl']['protocol_access']) && $_SESSION['acl']['protocol_access'] == "1") ? intval($_data['smtp_access']) : intval($is_now['attributes']['smtp_access']);
(int)$xmpp_admin = (isset($_data['xmpp_admin']) && isset($_SESSION['acl']['xmpp_admin']) && $_SESSION['acl']['xmpp_admin'] == "1") ? intval($_data['xmpp_admin']) : intval($is_now['attributes']['xmpp_admin']);
(int)$xmpp_access = (isset($_data['xmpp_access']) && isset($_SESSION['acl']['xmpp_mailbox_access']) && $_SESSION['acl']['xmpp_mailbox_access'] == "1") ? intval($_data['xmpp_access']) : intval($is_now['attributes']['xmpp_access']);
(int)$relayhost = (isset($_data['relayhost']) && isset($_SESSION['acl']['mailbox_relayhost']) && $_SESSION['acl']['mailbox_relayhost'] == "1") ? intval($_data['relayhost']) : intval($is_now['attributes']['relayhost']);
(int)$quota_m = (isset_has_content($_data['quota'])) ? intval($_data['quota']) : ($is_now['quota'] / 1048576);
$name = (!empty($_data['name'])) ? ltrim(rtrim($_data['name'], '>'), '<') : $is_now['name'];
@@ -2639,8 +2615,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
`attributes` = JSON_SET(`attributes`, '$.sogo_access', :sogo_access),
`attributes` = JSON_SET(`attributes`, '$.imap_access', :imap_access),
`attributes` = JSON_SET(`attributes`, '$.pop3_access', :pop3_access),
`attributes` = JSON_SET(`attributes`, '$.xmpp_admin', :xmpp_admin),
`attributes` = JSON_SET(`attributes`, '$.xmpp_access', :xmpp_access),
`attributes` = JSON_SET(`attributes`, '$.relayhost', :relayhost),
`attributes` = JSON_SET(`attributes`, '$.smtp_access', :smtp_access)
WHERE `username` = :username");
@@ -2653,8 +2627,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
':imap_access' => $imap_access,
':pop3_access' => $pop3_access,
':smtp_access' => $smtp_access,
':xmpp_admin' => $xmpp_admin,
':xmpp_access' => $xmpp_access,
':relayhost' => $relayhost,
':username' => $username
));
@@ -3413,8 +3385,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
`relay_unknown_only`,
`backupmx`,
`gal`,
`xmpp`,
`xmpp_prefix`,
`active`
FROM `domain` WHERE `domain`= :domain");
$stmt->execute(array(
@@ -3473,8 +3443,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$domaindata['backupmx'] = $row['backupmx'];
$domaindata['backupmx_int'] = $row['backupmx'];
$domaindata['gal'] = $row['gal'];
$domaindata['xmpp'] = $row['xmpp'];
$domaindata['xmpp_prefix'] = $row['xmpp_prefix'];
$domaindata['gal_int'] = $row['gal'];
$domaindata['rl'] = $rl;
$domaindata['active'] = $row['active'];
@@ -3520,8 +3488,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
`mailbox`.`domain`,
`mailbox`.`local_part`,
`mailbox`.`quota`,
`domain`.`xmpp` AS `domain_xmpp`,
`domain`.`xmpp_prefix` AS `domain_xmpp_prefix`,
`quota2`.`bytes`,
`attributes`,
`quota2`.`messages`
@@ -3540,8 +3506,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
`mailbox`.`domain`,
`mailbox`.`local_part`,
`mailbox`.`quota`,
`domain`.`xmpp` AS `domain_xmpp`,
`domain`.`xmpp_prefix` AS `domain_xmpp_prefix`,
`quota2replica`.`bytes`,
`attributes`,
`quota2replica`.`messages`
@@ -3560,10 +3524,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
$mailboxdata['active'] = $row['active'];
$mailboxdata['active_int'] = $row['active'];
$mailboxdata['domain'] = $row['domain'];
$mailboxdata['domain_xmpp'] = $row['domain_xmpp'];
$mailboxdata['relayhost'] = $row['relayhost'];
$mailboxdata['name'] = $row['name'];
$mailboxdata['domain_xmpp_prefix'] = $row['domain_xmpp_prefix'];
$mailboxdata['local_part'] = $row['local_part'];
$mailboxdata['quota'] = $row['quota'];
$mailboxdata['messages'] = $row['messages'];
@@ -3587,7 +3549,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
// Determine last logins
$stmt = $pdo->prepare("SELECT MAX(`datetime`) AS `datetime`, `service` FROM `sasl_logs`
WHERE `username` = :mailbox
AND `success` = 1
GROUP BY `service` DESC");
$stmt->execute(array(':mailbox' => $_data));
$SaslLogsData = $stmt->fetchAll(PDO::FETCH_ASSOC);
@@ -4376,6 +4337,5 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
}
if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource'))) {
update_sogo_static_view();
xmpp_rebuild_configs();
}
}

299
data/web/inc/functions.xmpp.inc.php
View File

@@ -1,299 +0,0 @@
<?php
function xmpp_control($_action, $_data = null) {
global $lang;
$_data_log = $_data;
switch ($_action) {
case 'reload':
$curl = curl_init();
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($curl, CURLOPT_URL, 'http://ejabberd:5280/api/reload_config');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($curl);
curl_close($curl);
if ($response === "0") {
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'xmpp_reloaded'
);
}
else {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'xmpp_reload_failed'
);
}
break;
case 'restart':
$curl = curl_init();
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($curl, CURLOPT_URL, 'http://ejabberd:5280/api/restart');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($curl);
curl_close($curl);
if ($response === "0") {
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'xmpp_restarted'
);
}
else {
// If no host is available, the container might be in sleeping state, we need to restart the container
$response = json_decode(docker('post', 'ejabberd-mailcow', 'restart'), true);
if (isset($response['type']) && $response['type'] == "success") {
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'xmpp_restarted'
);
}
else {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'xmpp_restart_failed'
);
}
}
break;
case 'status':
if ($_SESSION['mailcow_cc_role'] != "admin") {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'access_denied'
);
return false;
}
foreach (array(
'onlineusers' => 'stats?name=onlineusers',
'uptimeseconds' => 'stats?name=uptimeseconds',
'muc_online_rooms' => 'muc_online_rooms?service=global'
) as $stat => $url) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($curl, CURLOPT_URL, 'http://ejabberd:5280/api/' . $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$response_json = json_decode(curl_exec($curl), true);
if (isset($response_json['stat'])) {
$response_data[$stat] = $response_json['stat'];
}
else {
$response_data[$stat] = $response_json;
}
curl_close($curl);
// Something went wrong
if ($response_data[$stat] === false) {
$response_data[$stat] = '?';
}
}
return $response_data;
break;
}
}
function xmpp_rebuild_configs() {
global $pdo;
global $lang;
$_data_log = $_data;
try {
$xmpp_domains = array();
$stmt = $pdo->query('SELECT CONCAT(`xmpp_prefix`, ".", `domain`) AS `xmpp_host`, `domain` FROM `domain` WHERE `xmpp` = 1');
$xmpp_domain_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($xmpp_domain_rows as $xmpp_domain_row) {
$xmpp_domains[$xmpp_domain_row['domain']] = array('xmpp_host' => $xmpp_domain_row['xmpp_host']);
$stmt = $pdo->query('SELECT CONCAT(`local_part`, "@", CONCAT(`domain`.`xmpp_prefix`, ".", `domain`.`domain`)) AS `xmpp_username` FROM `mailbox`
JOIN `domain`
WHERE `domain`.`xmpp` = 1
AND JSON_VALUE(`attributes`, "$.xmpp_admin") = 1');
$xmpp_admin_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($xmpp_admin_rows as $xmpp_admin_row) {
$xmpp_domains[$xmpp_domain_row['domain']]['xmpp_admins'][] = $xmpp_admin_row['xmpp_username'];
}
}
touch('/ejabberd/ejabberd_hosts.yml');
touch('/ejabberd/ejabberd_acl.yml');
touch('/etc/nginx/conf.d/ZZZ-ejabberd.conf');
$ejabberd_hosts_md5 = md5_file('/ejabberd/ejabberd_hosts.yml');
$ejabberd_acl_md5 = md5_file('/ejabberd/ejabberd_acl.yml');
$ejabberd_site_md5 = md5_file('/etc/nginx/conf.d/ZZZ-ejabberd.conf');
if (!empty($xmpp_domains)) {
// Handle hosts file
$hosts_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
if (!$hosts_handle) {
throw new Exception($lang['danger']['file_open_error']);
}
fwrite($hosts_handle, '# Autogenerated by mailcow' . PHP_EOL);
fwrite($hosts_handle, 'hosts:' . PHP_EOL);
foreach ($xmpp_domains as $domain => $domain_values) {
fwrite($hosts_handle, ' - ' . $xmpp_domains[$domain]['xmpp_host'] . PHP_EOL);
}
fclose($hosts_handle);
// Handle ACL file
$acl_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
if (!$acl_handle) {
throw new Exception($lang['danger']['file_open_error']);
}
fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
fwrite($acl_handle, 'append_host_config:' . PHP_EOL);
foreach ($xmpp_domains as $domain => $domain_values) {
fwrite($acl_handle, ' ' . $xmpp_domains[$domain]['xmpp_host'] . ':' . PHP_EOL);
fwrite($acl_handle, ' acl:' . PHP_EOL);
fwrite($acl_handle, ' admin:' . PHP_EOL);
fwrite($acl_handle, ' user:' . PHP_EOL);
foreach ($xmpp_domains[$domain]['xmpp_admins'] as $xmpp_admin) {
fwrite($acl_handle, ' - ' . $xmpp_admin . PHP_EOL);
}
}
fclose($acl_handle);
// Handle Nginx site
$site_handle = @fopen('/etc/nginx/conf.d/ZZZ-ejabberd.conf', 'r+');
if ($site_handle !== false) {
ftruncate($site_handle, 0);
fclose($site_handle);
}
$site_handle = fopen('/etc/nginx/conf.d/ZZZ-ejabberd.conf', 'w');
if (!$site_handle) {
throw new Exception($lang['danger']['file_open_error']);
}
fwrite($site_handle, '# Autogenerated by mailcow' . PHP_EOL);
foreach ($xmpp_domains as $domain => $domain_values) {
$site_config = <<<EOF
server {
root /web;
include /etc/nginx/conf.d/listen_ssl.active;
include /etc/nginx/conf.d/listen_plain.active;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem;
server_name %s conference.%s proxy.%s pubsub.%s upload.%s;
if (\$request_uri ~* "%%0A|%%0D") {
return 403;
}
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
location / {
proxy_pass http://ejabberd:5281/;
proxy_set_header Host \$http_host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP \$remote_addr;
proxy_redirect off;
}
}
EOF;
fwrite($site_handle, sprintf($site_config,
$xmpp_domains[$domain]['xmpp_host'],
$xmpp_domains[$domain]['xmpp_host'],
$xmpp_domains[$domain]['xmpp_host'],
$xmpp_domains[$domain]['xmpp_host'],
$xmpp_domains[$domain]['xmpp_host']
));
}
fclose($site_handle);
}
else {
// Write empty hosts file
$hosts_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
if (!$hosts_handle) {
throw new Exception($lang['danger']['file_open_error']);
}
fwrite($hosts_handle, '# Autogenerated by mailcow' . PHP_EOL);
fclose($hosts_handle);
// Write empty ACL file
$acl_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
if (!$acl_handle) {
throw new Exception($lang['danger']['file_open_error']);
}
fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
fclose($acl_handle);
// Write empty Nginx site
$acl_handle = fopen('/etc/nginx/conf.d/ZZZ-ejabberd.conf', 'w');
if (!$acl_handle) {
throw new Exception($lang['danger']['file_open_error']);
}
fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
fclose($acl_handle);
}
if (md5_file('/ejabberd/ejabberd_acl.yml') != $ejabberd_acl_md5) {
xmpp_control('restart');
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'xmpp_maps_updated'
);
}
elseif (md5_file('/ejabberd/ejabberd_hosts.yml') != $ejabberd_hosts_md5) {
xmpp_control('reload');
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'xmpp_maps_updated'
);
}
if (md5_file('/etc/nginx/conf.d/ZZZ-ejabberd.conf') != $ejabberd_site_md5) {
$response = json_decode(docker('post', 'nginx-mailcow', 'exec', array("cmd" => "reload", "task" => "nginx"), 'Content-type: application/json'), true);
if (isset($response['type']) && $response['type'] == "success") {
$_SESSION['return'][] = array(
'type' => 'success',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => 'nginx_reloaded'
);
}
else {
if (!empty($response['msg'])) {
$error = $response['msg'];
}
else {
$error = '-';
}
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('nginx_reload_failed', htmlspecialchars($error))
);
}
}
}
catch (Exception $e) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('xmpp_map_write_error', htmlspecialchars($e->getMessage()))
);
}
}

30
data/web/inc/init_db.inc.php
View File

@@ -3,7 +3,7 @@ function init_db_schema() {
try {
global $pdo;
$db_version = "07062021_2320";
$db_version = "30062021_0910";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -240,8 +240,6 @@ function init_db_schema() {
"gal" => "TINYINT(1) NOT NULL DEFAULT '1'",
"relay_all_recipients" => "TINYINT(1) NOT NULL DEFAULT '0'",
"relay_unknown_only" => "TINYINT(1) NOT NULL DEFAULT '0'",
"xmpp" => "TINYINT(1) NOT NULL DEFAULT '0'",
"xmpp_prefix" => "VARCHAR(255) DEFAULT 'im'",
"created" => "DATETIME(0) NOT NULL DEFAULT NOW(0)",
"modified" => "DATETIME ON UPDATE CURRENT_TIMESTAMP",
"active" => "TINYINT(1) NOT NULL DEFAULT '1'"
@@ -513,7 +511,6 @@ function init_db_schema() {
"sasl_logs" => array(
"cols" => array(
"id" => "INT NOT NULL AUTO_INCREMENT",
"success" => "TINYINT(1) NOT NULL DEFAULT '0'",
"service" => "VARCHAR(32) NOT NULL DEFAULT ''",
"app_password" => "INT",
"username" => "VARCHAR(255) NOT NULL",
@@ -527,7 +524,6 @@ function init_db_schema() {
"key" => array(
"username" => array("username"),
"service" => array("service"),
"success" => array("success"),
"datetime" => array("datetime"),
"real_rip" => array("real_rip")
)
@@ -598,10 +594,6 @@ function init_db_schema() {
"alias_domains" => "TINYINT(1) NOT NULL DEFAULT '0'",
"mailbox_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
"domain_relayhost" => "TINYINT(1) NOT NULL DEFAULT '1'",
"xmpp_prefix" => "TINYINT(1) NOT NULL DEFAULT '0'",
"xmpp_domain_access" => "TINYINT(1) NOT NULL DEFAULT '0'",
"xmpp_mailbox_access" => "TINYINT(1) NOT NULL DEFAULT '0'",
"xmpp_admin" => "TINYINT(1) NOT NULL DEFAULT '0'",
"domain_desc" => "TINYINT(1) NOT NULL DEFAULT '0'"
),
"keys" => array(
@@ -1007,6 +999,7 @@ function init_db_schema() {
}
}
}
// Migrate tls_enforce_* options
if ($table == 'mailbox') {
$stmt = $pdo->query("SHOW TABLES LIKE 'mailbox'");
@@ -1023,6 +1016,20 @@ function init_db_schema() {
}
}
}
// Remove deprecated success = 0 entries before migrating sasl_logs
if ($table == 'sasl_logs') {
$stmt = $pdo->query("SHOW TABLES LIKE 'sasl_logs'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$stmt = $pdo->query("SHOW COLUMNS FROM `sasl_logs` LIKE '%success%'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
$stmt = $pdo->query("DELETE FROM `sasl_logs` WHERE `success` = 0");
}
}
}
$stmt = $pdo->query("SHOW TABLES LIKE '" . $table . "'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
if ($num_results != 0) {
@@ -1216,8 +1223,6 @@ function init_db_schema() {
$pdo->query("UPDATE `mailbox` SET `attributes` = '{}' WHERE `attributes` = '' OR `attributes` IS NULL;");
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.passwd_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.passwd_update') IS NULL;");
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.relayhost', \"0\") WHERE JSON_VALUE(`attributes`, '$.relayhost') IS NULL;");
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.xmpp_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.xmpp_access') IS NULL;");
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.xmpp_admin', \"0\") WHERE JSON_VALUE(`attributes`, '$.xmpp_admin') IS NULL;");
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.force_pw_update', \"0\") WHERE JSON_VALUE(`attributes`, '$.force_pw_update') IS NULL;");
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.sogo_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.sogo_access') IS NULL;");
$pdo->query("UPDATE `mailbox` SET `attributes` = JSON_SET(`attributes`, '$.imap_access', \"1\") WHERE JSON_VALUE(`attributes`, '$.imap_access') IS NULL;");
@@ -1266,7 +1271,6 @@ function init_db_schema() {
if (php_sapi_name() == "cli") {
include '/web/inc/vars.inc.php';
include '/web/inc/functions.docker.inc.php';
include '/web/inc/functions.xmpp.inc.php';
// $now = new DateTime();
// $mins = $now->getOffset() / 60;
// $sgn = ($mins < 0 ? -1 : 1);
@@ -1305,7 +1309,5 @@ if (php_sapi_name() == "cli") {
catch ( Exception $e ) {
// Dunno
}
xmpp_rebuild_configs();
echo "Rebuilt XMPP configuration". PHP_EOL;
init_db_schema();
}

1
data/web/inc/prerequisites.inc.php
View File

@@ -240,7 +240,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.ratelimit.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.rspamd.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.tls_policy_maps.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.transports.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.xmpp.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/init_db.inc.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.inc.php';
init_db_schema();

11
data/web/inc/presets/rspamd/preset_4.yml Normal file
View File

@@ -0,0 +1,11 @@
headline: lang.rsettings_preset_4
content: |
priority = 10;
rcpt = "/.*@develcow.de$/";
from = "/.*/";
apply "default" {
MAILCOW_WHITE = -9999.0;
}
symbols [
"MAILCOW_WHITE"
]

6
data/web/inc/vars.inc.php
View File

@@ -175,12 +175,6 @@ $MAILBOX_DEFAULT_ATTRIBUTES['pop3_access'] = true;
// Mailbox has SMTP access by default
$MAILBOX_DEFAULT_ATTRIBUTES['smtp_access'] = true;
// Mailbox has XMPP access by default (if domain has XMPP enabled)
$MAILBOX_DEFAULT_ATTRIBUTES['xmpp_access'] = true;
// Mailbox is XMPP admin by default (bad)
$MAILBOX_DEFAULT_ATTRIBUTES['xmpp_admin'] = false;
// Mailbox receives notifications about...
// "add_header" - mail that was put into the Junk folder
// "reject" - mail that was rejected