Главная Обзор Помощь
Вход
mirrors
/
mailcow-dockerized
зеркало из https://github.com/mailcow/mailcow-dockerized
2
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Don't expose SMTP/IMAP if announced "not provided" via SRV

Fixes #5944
Julian Raufelder 1 год назад
Родитель
70126e1f0c
Сommit
384e5a2e64
1 измененных файлов с 8 добавлено и 0 удалено
Разделённый вид Показать статистику Diff
  1. 8 0
      data/web/autoconfig.php

+ 8 - 0
data/web/autoconfig.php
Просмотреть файл 

@@ -39,6 +39,9 @@ header('Content-Type: application/xml');
 
          <username>%EMAILADDRESS%</username>
 
          <authentication>password-cleartext</authentication>
 
       </incomingServer>
 
+<?php
 
+$records = dns_get_record('_imap._tcp.' . $domain, DNS_SRV); // check if IMAP is announced as "not provided" via SRV record
 
+if (count($records) == 0 || $records[0]['target'] != '') { ?>
 
       <incomingServer type="imap">
 
          <hostname><?=$autodiscover_config['imap']['server']; ?></hostname>
 
          <port><?=$autodiscover_config['imap']['tlsport']; ?></port>
 
@@ -46,6 +49,7 @@ header('Content-Type: application/xml');
 
          <username>%EMAILADDRESS%</username>
 
          <authentication>password-cleartext</authentication>
 
       </incomingServer>
 
+<?php } ?>
 
 
 <?php
 
 $records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record
 
@@ -77,6 +81,9 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
 
          <username>%EMAILADDRESS%</username>
 
          <authentication>password-cleartext</authentication>
 
       </outgoingServer>
 
+<?php
 
+$records = dns_get_record('_smtp._tcp.' . $domain, DNS_SRV); // check if SMTP is announced as "not provided" via SRV record
 
+if (count($records) == 0 || $records[0]['target'] != '') { ?>
 
       <outgoingServer type="smtp">
 
          <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname>
 
          <port><?=$autodiscover_config['smtp']['tlsport']; ?></port>
 
@@ -84,6 +91,7 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
 
          <username>%EMAILADDRESS%</username>
 
          <authentication>password-cleartext</authentication>
 
       </outgoingServer>
 
+<?php } ?>
 
 
       <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php">
 
          <instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction>