wip #8026 @14

diff --git a/.docker/images/php/Dockerfile b/.docker/images/php/Dockerfile
index f18e6ff193b062ed7b8b8ce4ab9681cc38e37fef..9371b3072cbfc1e61b380c60d6acbf6a0bc7d36d 100644 (file)
--- a/.docker/images/php/Dockerfile
+++ b/.docker/images/php/Dockerfile
@@ -82,6 +82,8 @@ ENV LC_ALL fr_FR.UTF-8
 RUN cd /root;wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2;tar xvjf phantomjs-2.1.1-linux-x86_64.tar.bz2;mv phantomjs-2.1.1-linux-x86_64 /usr/local/share;ln -sf /usr/local/share/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin
 RUN cd /root;wget https://github.com/RazrFalcon/svgcleaner/releases/download/v0.9.5/svgcleaner_linux_x86_64_0.9.5.tar.gz; tar xvzf svgcleaner_linux_x86_64_0.9.5.tar.gz;mv svgcleaner /usr/local/bin
 RUN cd /root;wget https://github.com/astraw/svg_stack/archive/refs/tags/0.1.0.tar.gz; tar xvzf 0.1.0.tar.gz;mv svg_stack-0.1.0 /usr/local/svg_stack
+RUN cd /usr/local/;git clone https://github.com/spf-tools/spf-tools
+RUN cd /usr/local/;git clone https://github.com/stevejenkins/postwhite
 
 RUN curl -L https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/latest/download/yt-dlp -o /usr/local/bin/yt-dlp && chmod 755 /usr/local/bin/yt-dlp
 

diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php
index b6f0d3977eeb9c8f44205883f1239256615acec6..ec0707908cb18b38fcd1b581a46516181d6b406b 100644 (file)
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@@ -41,6 +41,7 @@ class Kernel extends \Cubist\Backpack\Console\Kernel
             $schedule->command('job:dispatchNow Maintenance\\\\ListWorkingSymlinks')->dailyAt('0:30');
             // Email config
             $schedule->command('job:dispatchNow Maintenance\\\\EmailServerRefresh')->twiceDailyAt();
+            $schedule->exec('/usr/local/postwhite/postwhite ' . storage_path('emailconfig/postwhite.conf'))->monthly();
             // Quotes
             $schedule->command('fluidbook:quote --reminder')->weekdays()->at('8:00');
             // DSN

diff --git a/app/Models/TeamEmails.php b/app/Models/TeamEmails.php
index 8a8ff5e412d7ec8b04bcd8e9f8c0c2da50d31f6f..10c6e065af0ff51ab7522976ddc42af72581a207 100644 (file)
--- a/app/Models/TeamEmails.php
+++ b/app/Models/TeamEmails.php
@@ -62,6 +62,24 @@ class TeamEmails extends CubistMagicAbstractModel
         $spam_whitelist = json_decode($this->spam_whitelist, true);
         $spam_whitelist = self::getWhitelistFromClients($spam_whitelist);
 
+        $postwhite_domains = [];
+        foreach ($spam_whitelist as $s) {
+            $e = explode("@", $s);
+            $de = explode(".", $e[1]);
+            $domain = $de;
+            foreach ($de as $dd) {
+                if ($dd === '*') {
+                    array_shift($domain);
+                } else {
+                    break;
+                }
+            }
+            $postwhite_domains[] = implode(".", $domain);
+
+        }
+
+        $postwhite_domains = array_unique($postwhite_domains);
+
         $spam_blacklist = json_decode($this->spam_blacklist, true);
         $auth_whitelist = json_decode($this->auth_whitelist, true);
 
@@ -236,6 +254,7 @@ class TeamEmails extends CubistMagicAbstractModel
         }
         $my_networks = array_unique($my_networks);
 
+        $this->_replaceInFile('postwhite.conf', ['postwhite_domains' => implode(" ",$postwhite_domains)]);
         $this->_replaceInFile('postfix-main.cf', ['my_networks' => implode(', ', $my_networks)]);
         $this->_replaceInFile('fail2ban-jail.cf', ['ignoreip' => implode(',', $my_networks)]);
         $this->_replaceInFile('spamassassin-rules.cf', ['spam_whitelist' => implode("\n", $spam_wl), 'spam_blacklist' => implode("\n", $spam_bl)]);
@@ -249,7 +268,9 @@ class TeamEmails extends CubistMagicAbstractModel
         foreach ($variables as $k => $v) {
             $content = str_replace('$' . $k, $v, $content);
         }
+
         $content = str_replace("\r\n", "\n", $content);
+
         file_put_contents(storage_path('emailconfig/' . $filename), $content);
     }
 

diff --git a/resources/emailconfig/postfix-main.cf b/resources/emailconfig/postfix-main.cf
index 44de3b998568c07feb4aab4b257b3e1330bd5a55..01825ddbfa5c009a30e1f2bbec246a6cad48726d 100644 (file)
--- a/resources/emailconfig/postfix-main.cf
+++ b/resources/emailconfig/postfix-main.cf
@@ -5,7 +5,5 @@ prepend_delivered_header = command, file, forward
 mynetworks = $my_networks
 smtpd_recipient_restrictions = check_recipient_access pcre:/etc/postfix/recipient_access.pcre
 
-postscreen_bare_newline_enable = no
-postscreen_non_smtp_command_enable = no
-postscreen_pipelining_enable = no
-
+postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_spf_whitelist.cidr
+postscreen_dnsbl_timeout = 5s

diff --git a/resources/emailconfig/postwhite.conf b/resources/emailconfig/postwhite.conf
new file mode 100644 (file)
index 0000000..4db5d23
--- /dev/null
+++ b/resources/emailconfig/postwhite.conf
@@ -0,0 +1,34 @@
+# CONFIGURATION OPTIONS FOR POSTWHITE
+# https://github.com/stevejenkins/postwhite
+# POSTWHITE WILL LOOK FOR THIS FILE IN /etc/postwhite.conf
+
+# FILE PATHS
+spftoolspath=/usr/local/spf-tools
+postfixpath=/application/storage/emailconfig
+postfixbinarypath=/usr/sbin
+whitelist=postscreen_spf_whitelist.cidr
+blacklist=postscreen_spf_blacklist.cidr
+yahoo_static_hosts=/usr/local/postwhite/yahoo_static_hosts.txt
+
+# CUSTOM HOSTS
+# Enter custom hosts separated by a space, ex: "example.com example2.com example3.com"
+custom_hosts="$postwhite_domains"
+
+# Include list of Yahoo Outbound IPs from https://help.yahoo.com/kb/SLN23997.html?
+include_yahoo="yes"
+
+# Do you also want to build a blacklist?
+enable_blacklist=no
+blacklist_hosts=""
+
+# Do what to invalid IPv4 addresses and CIDRs?
+# Valid settings are 'remove' 'fix' or 'keep'
+invalid_ip4=remove
+
+# Simplify (remove) IP addresses from the whitelist that are already covered by CIDRs?
+# WARNING: Enabling this option can dramatically increase the time Postwhite takes to
+# run if you have many mailers selected. Try it once, then come back and turn it off. :)
+simplify=no
+
+# Reload Postfix Automatically when done?
+reload_postfix=no