From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/plugins-available/postfix_server_plugin.inc.php |   78 ++++++++++++++++++++++++++++++++------
 1 files changed, 65 insertions(+), 13 deletions(-)

diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php
index ad92dec..87ae500 100644
--- a/server/plugins-available/postfix_server_plugin.inc.php
+++ b/server/plugins-available/postfix_server_plugin.inc.php
@@ -79,53 +79,105 @@
 		global $app, $conf;
 
 		// get the config
-		$app->uses("getconf");
+		$app->uses("getconf,system");
 		$old_ini_data = $app->ini_parser->parse_ini_string($data['old']['config']);
 		$mail_config = $app->getconf->get_server_config($conf['server_id'], 'mail');
 
 		copy('/etc/postfix/main.cf', '/etc/postfix/main.cf~');
+		
+		if ($mail_config['relayhost'].$mail_config['relayhost_user'].$mail_config['relayhost_password'] != $old_ini_data['mail']['relayhost'].$old_ini_data['mail']['relayhost_user'].$old_ini_data['mail']['relayhost_password']) {
+			$content = file_exists('/etc/postfix/sasl_passwd') ? file_get_contents('/etc/postfix/sasl_passwd') : '';
+			$content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost']).'\s+[^\n]*(:?\n|)/m','',$content);
 
-		if($mail_config['relayhost'] != '') {
-			exec("postconf -e 'relayhost = ".$mail_config['relayhost']."'");
-			if($mail_config['relayhost_user'] != '' && $mail_config['relayhost_password'] != '') {
+			if (!empty($mail_config['relayhost']) || !empty($mail_config['relayhost_user']) || !empty($mail_config['relayhost_password'])) {
+				$content .= "\n".$mail_config['relayhost'].'   '.$mail_config['relayhost_user'].':'.$mail_config['relayhost_password'];
+			}
+			
+			if (preg_replace('/^(#[^\n]*|\s+)(:?\n+|)/m','',$content) != '') {
 				exec("postconf -e 'smtp_sasl_auth_enable = yes'");
 			} else {
 				exec("postconf -e 'smtp_sasl_auth_enable = no'");
 			}
-			exec("postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'");
-			exec("postconf -e 'smtp_sasl_security_options ='");
-
-			// Store the sasl passwd
-			$content = $mail_config['relayhost'].'   '.$mail_config['relayhost_user'].':'.$mail_config['relayhost_password'];
+			
+			exec("postconf -e 'relayhost = ".$mail_config['relayhost']."'");
 			file_put_contents('/etc/postfix/sasl_passwd', $content);
 			chmod('/etc/postfix/sasl_passwd', 0600);
 			chown('/etc/postfix/sasl_passwd', 'root');
 			chgrp('/etc/postfix/sasl_passwd', 'root');
+			exec("postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'");
+			exec("postconf -e 'smtp_sasl_security_options ='");
 			exec('postmap /etc/postfix/sasl_passwd');
 			exec($conf['init_scripts'] . '/' . 'postfix restart');
-
-		} else {
-			exec("postconf -e 'relayhost ='");
 		}
 
 		if($mail_config['realtime_blackhole_list'] != $old_ini_data['mail']['realtime_blackhole_list']) {
+			$rbl_updated = false;
 			$rbl_hosts = trim(preg_replace('/\s+/', '', $mail_config['realtime_blackhole_list']));
 			if($rbl_hosts != ''){
 				$rbl_hosts = explode(",", $rbl_hosts);
 			}
 			$options = explode(", ", exec("postconf -h smtpd_recipient_restrictions"));
+			$new_options = array();
 			foreach ($options as $key => $value) {
 				if (!preg_match('/reject_rbl_client/', $value)) {
 					$new_options[] = $value;
+				} else {
+					if(is_array($rbl_hosts) && !empty($rbl_hosts) && !$rbl_updated){
+						$rbl_updated = true;
+						foreach ($rbl_hosts as $key => $value) {
+							$value = trim($value);
+							if($value != '') $new_options[] = "reject_rbl_client ".$value;
+						}
+					}
 				}
 			}
-			if(is_array($rbl_hosts) && !empty($rbl_hosts)){
+			//* first time add rbl-list
+			if (!$rbl_updated && is_array($rbl_hosts) && !empty($rbl_hosts)) {
 				foreach ($rbl_hosts as $key => $value) {
 					$value = trim($value);
 					if($value != '') $new_options[] = "reject_rbl_client ".$value;
 				}
 			}
 			exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+			exec('postfix reload');
+		}
+		
+		if($mail_config['reject_sender_login_mismatch'] != $old_ini_data['mail']['reject_sender_login_mismatch']) {
+			$options = explode(", ", exec("postconf -h smtpd_sender_restrictions"));
+			$new_options = array();
+			foreach ($options as $key => $value) {
+				if (!preg_match('/reject_authenticated_sender_login_mismatch/', $value)) {
+					$new_options[] = $value;
+				}
+			}
+				
+			if ($mail_config['reject_sender_login_mismatch'] == 'y') {
+				reset($new_options); $i = 0;
+				// insert after check_sender_access but before permit_...
+				while (isset($new_options[$i]) && substr($new_options[$i], 0, 19) == 'check_sender_access') ++$i;
+				array_splice($new_options, $i, 0, array('reject_authenticated_sender_login_mismatch'));
+			}
+			exec("postconf -e 'smtpd_sender_restrictions = ".implode(", ", $new_options)."'");
+			exec('postfix reload');
+		}		
+		
+		if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {
+			// If dovecot switch to lmtp
+			if($app->system->is_installed('dovecot')) {
+				exec("postconf -e 'virtual_transport = lmtp:unix:private/dovecot-lmtp'");
+				exec('postfix reload');
+				$app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3", "protocols = imap pop3 lmtp");
+				exec($conf['init_scripts'] . '/' . 'dovecot restart');
+			}
+		}
+		else {
+			// If dovecot switch to dovecot
+			if($app->system->is_installed('dovecot')) {
+				exec("postconf -e 'virtual_transport = dovecot'");
+				exec('postfix reload');
+				$app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3 lmtp", "protocols = imap pop3");
+				exec($conf['init_scripts'] . '/' . 'dovecot restart');
+			}
 		}
 
 		exec("postconf -e 'mailbox_size_limit = ".intval($mail_config['mailbox_size_limit']*1024*1024)."'");

--
Gitblit v1.9.1