adding experimental DMARC (relax) and SPF (relax) default support

This commit is contained in:
Benjamin Sonntag 2015-06-17 19:56:51 +02:00
parent ed914773d7
commit b0b0fa408e
5 changed files with 123 additions and 2 deletions

View File

@ -451,6 +451,12 @@ ORDER BY
$this->delete($one["id"]); $this->delete($one["id"]);
} }
} }
$db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
if ($db->next_record()) {
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine='".addslashes($db->Record["domaine"])."' AND type='txt' AND sub='' AND (valeur LIKE 'v=spf1 %' OR valeur LIKE 'v=dmarc1;%');");
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id=$domain_id;");
}
return true; return true;
} }
@ -907,11 +913,102 @@ ORDER BY
return false; return false;
} }
$mailname=$db->f("value"); $mailname=$db->f("value");
// set spf & dmarc for this domain
$db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
if ($db->next_record()) {
if ($spf=variable_get("default_spf_value")) {
$this->set_dns_spf($db->Record["domaine"],$spf);
}
if ($dmarc=variable_get("default_dmarc_value")) {
$this->set_dns_dmarc($db->Record["domaine"],$dmarc);
}
}
return $this->create_alias($domain_id, 'postmaster', $mem->user['login'].'@'.$mailname ); return $this->create_alias($domain_id, 'postmaster', $mem->user['login'].'@'.$mailname );
} }
/* ----------------------------------------------------------------- */
/** hook function called by variables when a variable is changed
* @access private
*/
function hook_variable_set($name,$old,$new) {
global $err, $db;
$err->log("mail","hook_variable_set($name,$old,$new)");
if ($name=="default_spf_value") {
$new=trim($new);
$old=trim($old);
$db->query("SELECT domaine,login,compte FROM domaines, membres WHERE gesdns=1 AND gesmx=1 and membres.uid=domaines.compte;");
while ($db->next_record()) {
$this->set_dns_spf($db->Record["domaine"],$new,$old,$db->Record["compte"],$db->Record["login"]);
}
}
if ($name=="default_dmarc_value") {
$new=trim($new);
$old=trim($old);
$db->query("SELECT domaine,login,compte FROM domaines, membres WHERE gesdns=1 AND gesmx=1 and membres.uid=domaines.compte;");
while ($db->next_record()) {
$this->set_dns_dmarc($db->Record["domaine"],$new,$old,$db->Record["compte"],$db->Record["login"]);
}
}
}
/* ----------------------------------------------------------------- */
/** Set or UPDATE the DNS record for the domain $dom(str) to be $spf
* account's login is current and if not it's $login.
* don't change spf if current value is not $old
* @access private
*/
function set_dns_spf($domain, $spf, $previous=-1, $uid=-1, $login=-1) {
global $db, $cuid, $dom, $mem;
// defaults
if ($uid===-1) $uid=intval($cuid); else $uid=intval($uid);
if ($login===-1) $login=$mem->user["login"];
// Search for the record in sub_domaines table
$db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='".addslashes($domain)."' AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';");
if ($db->next_record()) {
if ($previous!==-1 && $db->Record["valeur"]=="v=spf1 ".$spf) {
return; // skip, no change asked.
}
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='".$db->Record["id"]."';");
}
$db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='".addslashes($domain)."', sub='', type='txt', valeur='".addslashes("v=spf1 ".$spf)."', web_action='UPDATE';");
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='".addslashes($domain)."';");
}
/* ----------------------------------------------------------------- */
/** Set or UPDATE the DNS record for the domain $dom(str) to be $dmarc
* account's login is current and if not it's $login.
* don't change dmarc if current value is not $old
* @access private
*/
function set_dns_dmarc($domain, $dmarc, $previous=-1, $uid=-1, $login=-1) {
global $db, $cuid, $dom, $mem, $L_FQDN;
// defaults
if ($uid===-1) $uid=intval($cuid); else $uid=intval($uid);
if ($login===-1) $login=$mem->user["login"];
$dmarc=str_replace("%%ADMINMAIL%%","admin@".$L_FQDN,$dmarc);
$dmarc=str_replace("%%USERMAIL%%",$login."@".$L_FQDN,$dmarc);
// Search for the record in sub_domaines table
$db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='".addslashes($domain)."' AND sub='' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';");
if ($db->next_record()) {
if ($previous!==-1 && $db->Record["valeur"]=="v=dmarc1;".$dmarc) {
return; // skip, no change asked.
}
$db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='".$db->Record["id"]."';");
}
$db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='".addslashes($domain)."', sub='', type='txt', valeur='".addslashes("v=dmarc1;".$dmarc)."', web_action='UPDATE';");
$db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='".addslashes($domain)."';");
}
/* ----------------------------------------------------------------- */ /* ----------------------------------------------------------------- */
/** hook function called by AlternC-upnp to know which open /** hook function called by AlternC-upnp to know which open

View File

@ -118,6 +118,7 @@ function variable_set($name, $value, $comment=null) {
$value2 = serialize($value); $value2 = serialize($value);
} }
if (!array_key_exists($name,$conf) || $value!=$conf[$name]) { if (!array_key_exists($name,$conf) || $value!=$conf[$name]) {
$previous=$conf[$name];
$conf[$name] = $value; $conf[$name] = $value;
if ( empty($comment) ) { if ( empty($comment) ) {
@ -127,6 +128,7 @@ function variable_set($name, $value, $comment=null) {
$query = "INSERT INTO variable (name, value, comment) values ('".$name."', '".addslashes($value2)."', '$comment') on duplicate key update name='$name', value='$value', comment='$comment';"; $query = "INSERT INTO variable (name, value, comment) values ('".$name."', '".addslashes($value2)."', '$comment') on duplicate key update name='$name', value='$value', comment='$comment';";
} }
$db->query($query); $db->query($query);
$hooks->invoke("hook_variable_set", array("name" => $name, "old"=> $previous, "new"=>$value ) );
} }
} }

1
debian/changelog vendored
View File

@ -9,6 +9,7 @@ alternc (3.1.7) oldoldstable; urgency=low
* fix added /run/alternc in open_basedir, fix ACTIONS not working * fix added /run/alternc in open_basedir, fix ACTIONS not working
* fix permission in browser not working * fix permission in browser not working
* fix FTP access security UX * fix FTP access security UX
* enh add DMARC and SPF management for gesmx & gesdns domains through variables
-- Benjamin Sonntag <benjamin@sonntag.fr> Thu, 16 Jun 2015 16:10:12 +0200 -- Benjamin Sonntag <benjamin@sonntag.fr> Thu, 16 Jun 2015 16:10:12 +0200

View File

@ -6,4 +6,3 @@ UPDATE domaines_type SET compatibility=REPLACE(compatibility, 'cname,','');
ALTER TABLE actions ALTER TABLE actions
CHANGE `type` CHANGE `type`
`type` enum('CREATE_FILE','FIX_USER','CREATE_DIR','DELETE','MOVE','FIX_DIR','FIX_FILE','CHMOD') DEFAULT NULL; `type` enum('CREATE_FILE','FIX_USER','CREATE_DIR','DELETE','MOVE','FIX_DIR','FIX_FILE','CHMOD') DEFAULT NULL;

View File

@ -0,0 +1,22 @@
#!/usr/bin/php
<?php
// We check that mysql php module is loaded
if(!function_exists('mysql_connect')) {
if(!dl("mysql.so"))
exit(1);
}
// we don't check our AlternC session
if(!chdir("/usr/share/alternc/panel"))
exit(1);
require("/usr/share/alternc/panel/class/config_nochk.php");
// we do it that way, so that the HOOK will be triggered, changing the zone files:
variable_set('default_spf_value','a mx ?all', 'This variable (if set) tells the SPF/TXT DNS field that will be published as a SPF entry, telling which server(s) are allowed to send email for this one. You can still change it later in the advanced DNS entries for ONE domain, this entry is only set once for new domains (or when you change it here).');
variable_set('default_dmarc_value', 'p=none;pct=100;rua=%%ADMINMAIL%%;aspf=r;adkim=r', 'This variable (if set) tells the DMARC/TXT DNS field that will be published as a DMARC entry, telling which policy you apply to this domain name. You can still change it later in the advanced DNS entries for ONE domain, this entry is only set once for new domains (or when you change it here). You can use %%ADMINMAIL%% or %%USERMAIL%% to substitute to admin-account or alternc user-account email address.');
// strict dmarc would be 'p=reject;pct=100;rua=%%ADMINMAIL%%;aspf=s;adkim=s'