Sākums Izpētīt Palīdzība
Pierakstīties
mirrors
/
mailcow-dockerized
spogulis no https://github.com/mailcow/mailcow-dockerized
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Koks: 66a3df16ed
Atzari Tagi
mailcow-dockeri...
/
data
/
conf
/
rspamd
/
meta_exporter
/
pipe.php

pipe.php 7.3 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224 
  1. <?php
    2. 

  2. // File size is limited by Nginx site to 10M
    3. 

  3. // To speed things up, we do not include prerequisites
    4. 

  4. header('Content-Type: text/plain');
    5. 

  5. require_once "vars.inc.php";
    6. 

  6. // Do not show errors, we log to using error_log
    7. 

  7. ini_set('error_reporting', 0);
    8. 

  8. // Init database
    9. 

  9. $dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
    10. 

  10. $opt = [
    11. 

  11.     PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    12. 

  12.     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    13. 

  13.     PDO::ATTR_EMULATE_PREPARES   => false,
    14. 

  14. ];
    15. 

  15. try {
    16. 

  16.   $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
    17. 

  17. }
    18. 

  18. catch (PDOException $e) {
    19. 

  19.   http_response_code(501);
    20. 

  20.   exit;
    21. 

  21. }
    22. 

  22. // Init Redis
    23. 

  23. $redis = new Redis();
    24. 

  24. $redis->connect('redis-mailcow', 6379);
    25. 

  25. 

  26. // Functions
    27. 

  27. function parse_email($email) {
    28. 

  28.   if(!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
    29. 

  29.   $a = strrpos($email, '@');
    30. 

  30.   return array('local' => substr($email, 0, $a), 'domain' => substr(substr($email, $a), 1));
    31. 

  31. }
    32. 

  32. if (!function_exists('getallheaders'))  {
    33. 

  33.   function getallheaders() {
    34. 

  34.     if (!is_array($_SERVER)) {
    35. 

  35.       return array();
    36. 

  36.     }
    37. 

  37.     $headers = array();
    38. 

  38.     foreach ($_SERVER as $name => $value) {
    39. 

  39.       if (substr($name, 0, 5) == 'HTTP_') {
    40. 

  40.         $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
    41. 

  41.       }
    42. 

  42.     }
    43. 

  43.     return $headers;
    44. 

  44.   }
    45. 

  45. }
    46. 

  46. 

  47. $raw_data = file_get_contents('php://input');
    48. 

  48. $headers = getallheaders();
    49. 

  49. 

  50. $qid      = $headers['X-Rspamd-Qid'];
    51. 

  51. $score    = $headers['X-Rspamd-Score'];
    52. 

  52. $rcpts    = $headers['X-Rspamd-Rcpt'];
    53. 

  53. $user     = $headers['X-Rspamd-User'];
    54. 

  54. $ip       = $headers['X-Rspamd-Ip'];
    55. 

  55. $action   = $headers['X-Rspamd-Action'];
    56. 

  56. $sender   = $headers['X-Rspamd-From'];
    57. 

  57. $symbols  = $headers['X-Rspamd-Symbols'];
    58. 

  58. 

  59. $raw_size = (int)$_SERVER['CONTENT_LENGTH'];
    60. 

  60. 

  61. try {
    62. 

  62.   if ($max_size = $redis->Get('Q_MAX_SIZE')) {
    63. 

  63.     if (!empty($max_size) && ($max_size * 1048576) < $raw_size) {
    64. 

  64.       error_log(sprintf("Message too large: %d exceeds %d", $raw_size, ($max_size * 1048576)));
    65. 

  65.       http_response_code(505);
    66. 

  66.       exit;
    67. 

  67.     }
    68. 

  68.   }
    69. 

  69.   if ($exclude_domains = $redis->Get('Q_EXCLUDE_DOMAINS')) {
    70. 

  70.     $exclude_domains = json_decode($exclude_domains, true);
    71. 

  71.   }
    72. 

  72.   $retention_size = (int)$redis->Get('Q_RETENTION_SIZE');
    73. 

  73. }
    74. 

  74. catch (RedisException $e) {
    75. 

  75.   error_log($e);
    76. 

  76.   http_response_code(504);
    77. 

  77.   exit;
    78. 

  78. }
    79. 

  79. 

  80. $rcpt_final_mailboxes = array();
    81. 

  81. 

  82. // Loop through all rcpts
    83. 

  83. foreach (json_decode($rcpts, true) as $rcpt) {
    84. 

  84.   // Break rcpt into local part and domain part
    85. 

  85.   $parsed_rcpt = parse_email($rcpt);
    86. 

  86.   
    87. 

  87.   // Skip if not a mailcow handled domain
    88. 

  88.   try {
    89. 

  89.     if (!$redis->hGet('DOMAIN_MAP', $parsed_rcpt['domain'])) {
    90. 

  90.       continue;
    91. 

  91.     }
    92. 

  92.   }
    93. 

  93.   catch (RedisException $e) {
    94. 

  94.     error_log($e);
    95. 

  95.     http_response_code(504);
    96. 

  96.     exit;
    97. 

  97.   }
    98. 

  98. 

  99.   // Skip if domain is excluded
    100. 

  100.   if (in_array($parsed_rcpt['domain'], $exclude_domains)) {
    101. 

  101.     error_log(sprintf("Skipped domain %s", $parsed_rcpt['domain']));
    102. 

  102.     continue;
    103. 

  103.   }
    104. 

  104. 

  105.   // Always assume rcpt is not a final mailbox but an alias for a mailbox or further aliases
    106. 

  106.   //
    107. 

  107.   //             rcpt
    108. 

  108.   //              |
    109. 

  109.   // mailbox <-- goto ---> alias1, alias2, mailbox2
    110. 

  110.   //                          |       |
    111. 

  111.   //                      mailbox3    |
    112. 

  112.   //                                  |
    113. 

  113.   //                               alias3 ---> mailbox4
    114. 

  114.   //
    115. 

  115.   try {
    116. 

  116.     $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :rcpt AND `active` = '1'");
    117. 

  117.     $stmt->execute(array(
    118. 

  118.       ':rcpt' => $rcpt
    119. 

  119.     ));
    120. 

  120.     $gotos = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
    121. 

  121.     if (empty($gotos)) {
    122. 

  122.       $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :rcpt AND `active` = '1'");
    123. 

  123.       $stmt->execute(array(
    124. 

  124.         ':rcpt' => '@' . $parsed_rcpt['domain']
    125. 

  125.       ));
    126. 

  126.       $gotos = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
    127. 

  127.     }
    128. 

  128.     $gotos_array = explode(',', $gotos);
    129. 

  129. 

  130.     $loop_c = 0;
    131. 

  131. 

  132.     while (count($gotos_array) != 0 && $loop_c <= 20) {
    133. 

  133. 

  134.       // Loop through all found gotos
    135. 

  135.       foreach ($gotos_array as $index => &$goto) {
    136. 

  136.         error_log("quarantine pipe: query " . $goto . " as username from mailbox");
    137. 

  137.         $stmt = $pdo->prepare("SELECT `username` FROM `mailbox` WHERE `username` = :goto AND `active`= '1';");
    138. 

  138.         $stmt->execute(array(':goto' => $goto));
    139. 

  139.         $username = $stmt->fetch(PDO::FETCH_ASSOC)['username'];
    140. 

  140.         if (!empty($username)) {
    141. 

  141.           error_log("quarantine pipe: mailbox found: " . $username);
    142. 

  142.           // Current goto is a mailbox, save to rcpt_final_mailboxes if not a duplicate
    143. 

  143.           if (!in_array($username, $rcpt_final_mailboxes)) {
    144. 

  144.             $rcpt_final_mailboxes[] = $username;
    145. 

  145.           }
    146. 

  146.         }
    147. 

  147.         else {
    148. 

  148.           $parsed_goto = parse_email($goto);
    149. 

  149.           if (!$redis->hGet('DOMAIN_MAP', $parsed_goto['domain'])) {
    150. 

  150.             error_log($goto . " is not a mailcow handled mailbox or alias address");
    151. 

  151.           }
    152. 

  152.           else {
    153. 

  153.             $stmt = $pdo->prepare("SELECT `goto` FROM `alias` WHERE `address` = :goto AND `active` = '1'");
    154. 

  154.             $stmt->execute(array(':goto' => $goto));
    155. 

  155.             $goto_branch = $stmt->fetch(PDO::FETCH_ASSOC)['goto'];
    156. 

  156.             error_log("quarantine pipe: goto address " . $goto . " is a alias branch for " . $goto_branch);
    157. 

  157.             $goto_branch_array = explode(',', $goto_branch);
    158. 

  158.           }
    159. 

  159.         }
    160. 

  160.         // goto item was processed, unset
    161. 

  161.         unset($gotos_array[$index]);
    162. 

  162.       }
    163. 

  163. 

  164.       // Merge goto branch array derived from previous loop (if any), filter duplicates and unset goto branch array
    165. 

  165.       if (!empty($goto_branch_array)) {
    166. 

  166.         $gotos_array = array_unique(array_merge($gotos_array, $goto_branch_array));
    167. 

  167.         unset($goto_branch_array);
    168. 

  168.       }
    169. 

  169. 

  170.       // Reindex array
    171. 

  171.       $gotos_array = array_values($gotos_array);
    172. 

  172. 

  173.       // Force exit if loop cannot be solved
    174. 

  174.       // Postfix does not allow for alias loops, so this should never happen.
    175. 

  175.       $loop_c++;
    176. 

  176.       error_log("quarantine pipe: goto array count on loop #". $loop_c . " is " . count($gotos_array));
    177. 

  177.     }
    178. 

  178.   }
    179. 

  179.   catch (PDOException $e) {
    180. 

  180.     error_log($e->getMessage());
    181. 

  181.     http_response_code(502);
    182. 

  182.     exit;
    183. 

  183.   }
    184. 

  184. }
    185. 

  185. 

  186. foreach ($rcpt_final_mailboxes as $rcpt) {
    187. 

  187.   error_log("quarantine pipe: processing quarantine message for rcpt " . $rcpt);
    188. 

  188.   try {
    189. 

  189.     $stmt = $pdo->prepare("INSERT INTO `quarantine` (`qid`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
    190. 

  190.       VALUES (:qid, :score, :sender, :rcpt, :symbols, :user, :ip, :msg, :action)");
    191. 

  191.     $stmt->execute(array(
    192. 

  192.       ':qid' => $qid,
    193. 

  193.       ':score' => $score,
    194. 

  194.       ':sender' => $sender,
    195. 

  195.       ':rcpt' => $rcpt,
    196. 

  196.       ':symbols' => $symbols,
    197. 

  197.       ':user' => $user,
    198. 

  198.       ':ip' => $ip,
    199. 

  199.       ':msg' => $raw_data,
    200. 

  200.       ':action' => $action
    201. 

  201.     ));
    202. 

  202.     $stmt = $pdo->prepare('DELETE FROM `quarantine` WHERE `rcpt` = :rcpt AND `id` NOT IN (
    203. 

  203.       SELECT `id`
    204. 

  204.       FROM (
    205. 

  205.         SELECT `id`
    206. 

  206.         FROM `quarantine`
    207. 

  207.         WHERE `rcpt` = :rcpt2
    208. 

  208.         ORDER BY id DESC
    209. 

  209.         LIMIT :retention_size
    210. 

  210.       ) x 
    211. 

  211.     );');
    212. 

  212.     $stmt->execute(array(
    213. 

  213.       ':rcpt' => $rcpt,
    214. 

  214.       ':rcpt2' => $rcpt,
    215. 

  215.       ':retention_size' => $retention_size
    216. 

  216.     ));
    217. 

  217.   }
    218. 

  218.   catch (PDOException $e) {
    219. 

  219.     error_log($e->getMessage());
    220. 

  220.     http_response_code(503);
    221. 

  221.     exit;
    222. 

  222.   }
    223. 

  223. }
    224. 

  224.