adding experimental DMARC (relax) and SPF (relax) default support

bureau/class/m_mail.php

@@ -451,6 +451,12 @@ ORDER BY
 	$this->delete($one["id"]);
       }
     }
+    $db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
+    if ($db->next_record()) {
+      $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE domaine='".addslashes($db->Record["domaine"])."' AND type='txt' AND sub='' AND (valeur LIKE 'v=spf1 %' OR valeur LIKE 'v=dmarc1;%');");
+      $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE id=$domain_id;");
+    }
+
     return true;
   }
 
@@ -907,11 +913,102 @@ ORDER BY
       return false;
     }
     $mailname=$db->f("value");
-
+    // set spf & dmarc for this domain
+    $db->query("SELECT domaine FROM domaines WHERE id=$domain_id;");
+    if ($db->next_record()) {
+      if ($spf=variable_get("default_spf_value")) {
+	$this->set_dns_spf($db->Record["domaine"],$spf);
+      }
+      if ($dmarc=variable_get("default_dmarc_value")) {
+	$this->set_dns_dmarc($db->Record["domaine"],$dmarc);	
+      }
+    }
     return $this->create_alias($domain_id, 'postmaster', $mem->user['login'].'@'.$mailname );
   }
 
 
+  /* ----------------------------------------------------------------- */
+  /** hook function called by variables when a variable is changed
+   * @access private
+   */
+   function hook_variable_set($name,$old,$new) {
+     global $err, $db;
+     $err->log("mail","hook_variable_set($name,$old,$new)");
+
+     if ($name=="default_spf_value") {
+       $new=trim($new);
+       $old=trim($old);
+       $db->query("SELECT domaine,login,compte FROM domaines, membres WHERE gesdns=1 AND gesmx=1 and membres.uid=domaines.compte;");
+       while ($db->next_record()) {
+	 $this->set_dns_spf($db->Record["domaine"],$new,$old,$db->Record["compte"],$db->Record["login"]);
+       }
+     }
+
+     if ($name=="default_dmarc_value") {
+       $new=trim($new);
+       $old=trim($old);
+       $db->query("SELECT domaine,login,compte FROM domaines, membres WHERE gesdns=1 AND gesmx=1 and membres.uid=domaines.compte;");
+       while ($db->next_record()) {
+	 $this->set_dns_dmarc($db->Record["domaine"],$new,$old,$db->Record["compte"],$db->Record["login"]);
+       }
+     }
+     
+   }
+
+
+  /* ----------------------------------------------------------------- */
+  /** Set or UPDATE the DNS record for the domain $dom(str) to be $spf
+   * account's login is current and if not it's $login.
+   * don't change spf if current value is not $old
+   * @access private
+   */
+   function set_dns_spf($domain, $spf, $previous=-1, $uid=-1, $login=-1) {
+     global $db, $cuid, $dom, $mem;
+     // defaults
+     if ($uid===-1) $uid=intval($cuid); else $uid=intval($uid);
+     if ($login===-1) $login=$mem->user["login"];
+     // Search for the record in sub_domaines table
+     $db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='".addslashes($domain)."' AND sub='' AND type='txt' AND valeur LIKE 'v=spf1 %' AND web_action!='DELETE';");
+     if ($db->next_record()) {
+       if ($previous!==-1 && $db->Record["valeur"]=="v=spf1 ".$spf) {
+	 return; // skip, no change asked.
+       }
+       $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='".$db->Record["id"]."';");
+     }
+     $db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='".addslashes($domain)."', sub='', type='txt', valeur='".addslashes("v=spf1 ".$spf)."', web_action='UPDATE';");
+     $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='".addslashes($domain)."';");
+   }
+
+
+
+  /* ----------------------------------------------------------------- */
+  /** Set or UPDATE the DNS record for the domain $dom(str) to be $dmarc
+   * account's login is current and if not it's $login.
+   * don't change dmarc if current value is not $old
+   * @access private
+   */
+   function set_dns_dmarc($domain, $dmarc, $previous=-1, $uid=-1, $login=-1) {
+     global $db, $cuid, $dom, $mem, $L_FQDN;
+     // defaults
+     if ($uid===-1) $uid=intval($cuid); else $uid=intval($uid);
+     if ($login===-1) $login=$mem->user["login"];
+     $dmarc=str_replace("%%ADMINMAIL%%","admin@".$L_FQDN,$dmarc);
+     $dmarc=str_replace("%%USERMAIL%%",$login."@".$L_FQDN,$dmarc);
+
+     // Search for the record in sub_domaines table
+     $db->query("SELECT * FROM sub_domaines WHERE compte=$uid AND domaine='".addslashes($domain)."' AND sub='' AND type='txt' AND valeur LIKE 'v=dmarc1;%' AND web_action!='DELETE';");
+     if ($db->next_record()) {
+       if ($previous!==-1 && $db->Record["valeur"]=="v=dmarc1;".$dmarc) {
+	 return; // skip, no change asked.
+       }
+       $db->query("UPDATE sub_domaines SET web_action='DELETE' WHERE id='".$db->Record["id"]."';");
+     }
+     $db->query("INSERT INTO sub_domaines SET compte=$uid, domaine='".addslashes($domain)."', sub='', type='txt', valeur='".addslashes("v=dmarc1;".$dmarc)."', web_action='UPDATE';");
+     $db->query("UPDATE domaines SET dns_action='UPDATE' WHERE domaine='".addslashes($domain)."';");
+   }
+
+
+
 
   /* ----------------------------------------------------------------- */
   /** hook function called by AlternC-upnp to know which open 

bureau/class/variables.php

@@ -118,6 +118,7 @@ function variable_set($name, $value, $comment=null) {
     $value2 = serialize($value);
   }
   if (!array_key_exists($name,$conf) || $value!=$conf[$name]) {
+    $previous=$conf[$name];
     $conf[$name] = $value;
     
     if ( empty($comment) ) {
@@ -127,6 +128,7 @@ function variable_set($name, $value, $comment=null) {
       $query = "INSERT INTO variable (name, value, comment) values ('".$name."', '".addslashes($value2)."', '$comment') on duplicate key update name='$name', value='$value', comment='$comment';";
     }
     $db->query($query);
+    $hooks->invoke("hook_variable_set", array("name" => $name, "old"=> $previous, "new"=>$value ) );
   }
 }
 

debian/changelog

@@ -9,6 +9,7 @@ alternc (3.1.7) oldoldstable; urgency=low
   * fix added /run/alternc in open_basedir, fix ACTIONS not working
   * fix permission in browser not working
   * fix FTP access security UX
+  * enh add DMARC and SPF management for gesmx & gesdns domains through variables
 
  -- Benjamin Sonntag <benjamin@sonntag.fr>  Thu, 16 Jun 2015 16:10:12 +0200
 

install/upgrades/3.4.2.sql

@@ -6,4 +6,3 @@ UPDATE domaines_type SET compatibility=REPLACE(compatibility, 'cname,','');
 ALTER TABLE actions 
   CHANGE `type` 
   `type` enum('CREATE_FILE','FIX_USER','CREATE_DIR','DELETE','MOVE','FIX_DIR','FIX_FILE','CHMOD') DEFAULT NULL;
-

install/upgrades/3.4.2~a.php

@@ -0,0 +1,22 @@
+#!/usr/bin/php
+<?php
+
+// We check that mysql php module is loaded 
+if(!function_exists('mysql_connect'))  {
+  if(!dl("mysql.so"))
+    exit(1);
+}
+
+// we don't check our AlternC session
+if(!chdir("/usr/share/alternc/panel"))
+exit(1);
+require("/usr/share/alternc/panel/class/config_nochk.php");
+
+// we do it that way, so that the HOOK will be triggered, changing the zone files:
+
+variable_set('default_spf_value','a mx ?all', 'This variable (if set) tells the SPF/TXT DNS field that will be published as a SPF entry, telling which server(s) are allowed to send email for this one. You can still change it later in the advanced DNS entries for ONE domain, this entry is only set once for new domains (or when you change it here).');
+
+variable_set('default_dmarc_value', 'p=none;pct=100;rua=%%ADMINMAIL%%;aspf=r;adkim=r', 'This variable (if set) tells the DMARC/TXT DNS field that will be published as a DMARC entry, telling which policy you apply to this domain name. You can still change it later in the advanced DNS entries for ONE domain, this entry is only set once for new domains (or when you change it here). You can use %%ADMINMAIL%% or %%USERMAIL%% to substitute to admin-account or alternc user-account email address.');
+
+//  strict dmarc would be  'p=reject;pct=100;rua=%%ADMINMAIL%%;aspf=s;adkim=s'
+