git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "a832becb"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "a832becb"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/container_ctrl.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/container_ctrl.php
new file mode 100644
index 0000000..f0e220f
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/container_ctrl.php
@@ -0,0 +1,52 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+if (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != 'admin') {
+ exit();
+}
+
+if (preg_match('/^[a-z\-]{0,}-mailcow/', $_GET['service'])) {
+ if ($_GET['action'] == "start") {
+ header('Content-Type: text/html; charset=utf-8');
+ $retry = 0;
+ while (docker('info', $_GET['service'])['State']['Running'] != 1 && $retry <= 3) {
+ $response = docker('post', $_GET['service'], 'start');
+ $response = json_decode($response, true);
+ $last_response = ($response['type'] == "success") ? '<b><span class="pull-right text-success">OK</span></b>' : '<b><span class="pull-right text-danger">Error: ' . $response['msg'] . '</span></b>';
+ if ($response['type'] == "success") {
+ break;
+ }
+ usleep(1500000);
+ $retry++;
+ }
+ echo (!isset($last_response)) ? '<b><span class="pull-right text-warning">Already running</span></b>' : $last_response;
+ }
+ if ($_GET['action'] == "stop") {
+ header('Content-Type: text/html; charset=utf-8');
+ $retry = 0;
+ while (docker('info', $_GET['service'])['State']['Running'] == 1 && $retry <= 3) {
+ $response = docker('post', $_GET['service'], 'stop');
+ $response = json_decode($response, true);
+ $last_response = ($response['type'] == "success") ? '<b><span class="pull-right text-success">OK</span></b>' : '<b><span class="pull-right text-danger">Error: ' . $response['msg'] . '</span></b>';
+ if ($response['type'] == "success") {
+ break;
+ }
+ usleep(1500000);
+ $retry++;
+ }
+ echo (!isset($last_response)) ? '<b><span class="pull-right text-warning">Not running</span></b>' : $last_response;
+ }
+ if ($_GET['action'] == "restart") {
+ header('Content-Type: text/html; charset=utf-8');
+ $response = docker('post', $_GET['service'], 'restart');
+ $response = json_decode($response, true);
+ $last_response = ($response['type'] == "success") ? '<b><span class="pull-right text-success">OK</span></b>' : '<b><span class="pull-right text-danger">Error: ' . $response['msg'] . '</span></b>';
+ echo (!isset($last_response)) ? '<b><span class="pull-right text-warning">Cannot restart container</span></b>' : $last_response;
+ }
+ if ($_GET['action'] == "logs") {
+ $lines = (empty($_GET['lines']) || !is_numeric($_GET['lines'])) ? 1000 : $_GET['lines'];
+ header('Content-Type: text/plain; charset=utf-8');
+ print_r(preg_split('/\n/', docker('logs', $_GET['service'], $lines)));
+ }
+}
+
+?>
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/destroy_tfa_auth.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/destroy_tfa_auth.php
new file mode 100644
index 0000000..72c7f1e
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/destroy_tfa_auth.php
@@ -0,0 +1,6 @@
+<?php
+session_start();
+unset($_SESSION['pending_mailcow_cc_username']);
+unset($_SESSION['pending_mailcow_cc_role']);
+unset($_SESSION['pending_tfa_method']);
+?>
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/dns_diagnostics.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/dns_diagnostics.php
new file mode 100644
index 0000000..928a4e4
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/dns_diagnostics.php
@@ -0,0 +1,481 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/spf.inc.php';
+
+define('state_good', '<span class="glyphicon glyphicon-ok text-success"></span>');
+define('state_missing', '<span class="glyphicon glyphicon-remove text-danger"></span>');
+define('state_nomatch', "?");
+define('state_optional', " <sup>2</sup>");
+
+if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "admin"|| $_SESSION['mailcow_cc_role'] == "domainadmin")) {
+
+$domains = mailbox('get', 'domains');
+$alias_domains = array();
+foreach($domains as $dn) {
+ $alias_domains = array_merge($alias_domains, mailbox('get', 'alias_domains', $dn));
+}
+$domains = array_merge($domains, $alias_domains);
+
+if (isset($_GET['domain'])) {
+ if (is_valid_domain_name($_GET['domain'])) {
+ if (in_array($_GET['domain'], $domains)) {
+ $domain = $_GET['domain'];
+ }
+ else {
+ echo "No such domain in context";
+ exit();
+ }
+ }
+ else {
+ echo "Invalid domain name";
+ exit();
+ }
+}
+
+$ch = curl_init('http://ip4.mailcow.email');
+curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
+curl_setopt($ch, CURLOPT_VERBOSE, false);
+curl_setopt($ch, CURLOPT_HEADER, false);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
+$ip = curl_exec($ch);
+curl_close($ch);
+
+$ch = curl_init('http://ip6.mailcow.email');
+curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6);
+curl_setopt($ch, CURLOPT_VERBOSE, false);
+curl_setopt($ch, CURLOPT_HEADER, false);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
+$ip6 = curl_exec($ch);
+curl_close($ch);
+
+$ptr = implode('.', array_reverse(explode('.', $ip))) . '.in-addr.arpa';
+if (!empty($ip6)) {
+ $ip6_full = str_replace('::', str_repeat(':', 9-substr_count($ip6, ':')), $ip6);
+ $ip6_full = str_replace('::', ':0:', $ip6_full);
+ $ip6_full = str_replace('::', ':0:', $ip6_full);
+ $ptr6 = '';
+ foreach (explode(':', $ip6_full) as $part) {
+ $ptr6 .= str_pad($part, 4, '0', STR_PAD_LEFT);
+ }
+ $ptr6 = implode('.', array_reverse(str_split($ptr6, 1))) . '.ip6.arpa';
+}
+
+$https_port = strpos($_SERVER['HTTP_HOST'], ':');
+if ($https_port === FALSE) {
+ $https_port = 443;
+}
+else {
+ $https_port = substr($_SERVER['HTTP_HOST'], $https_port+1);
+}
+
+if (!isset($autodiscover_config['sieve'])) {
+ $autodiscover_config['sieve'] = array('server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('SIEVE_PORT'))));
+}
+
+// Init records array
+$spf_link = '<a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework" target="_blank">SPF Record Syntax</a><br />';
+$dmarc_link = '<a href="https://www.kitterman.com/dmarc/assistant.html" target="_blank">DMARC Assistant</a>';
+
+$records = array();
+if ($_SESSION['mailcow_cc_role'] == "admin") {
+ $records[] = array(
+ $mailcow_hostname,
+ 'A',
+ $ip
+ );
+ $records[] = array(
+ $ptr,
+ 'PTR',
+ $mailcow_hostname
+ );
+ if (!empty($ip6)) {
+ $records[] = array(
+ $mailcow_hostname,
+ 'AAAA',
+ expand_ipv6($ip6)
+ );
+ $records[] = array(
+ $ptr6,
+ 'PTR',
+ $mailcow_hostname
+ );
+ }
+ $records[] = array(
+ '_25._tcp.'.$autodiscover_config['smtp']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['smtp']['server'], 25, 1)
+ );
+ if (!in_array($domain, $alias_domains)) {
+ $records[] = array(
+ '_'.$https_port.
+ '._tcp.'.$mailcow_hostname,
+ 'TLSA',
+ generate_tlsa_digest($mailcow_hostname, $https_port)
+ );
+ $records[] = array(
+ '_'.$autodiscover_config['pop3']['tlsport'].
+ '._tcp.'.$autodiscover_config['pop3']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['tlsport'], 1)
+ );
+ $records[] = array(
+ '_'.$autodiscover_config['imap']['tlsport'].
+ '._tcp.'.$autodiscover_config['imap']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['tlsport'], 1)
+ );
+ $records[] = array(
+ '_'.$autodiscover_config['smtp']['port'].
+ '._tcp.'.$autodiscover_config['smtp']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['port'])
+ );
+ $records[] = array(
+ '_'.$autodiscover_config['smtp']['tlsport'].
+ '._tcp.'.$autodiscover_config['smtp']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['smtp']['server'], $autodiscover_config['smtp']['tlsport'], 1)
+ );
+ $records[] = array(
+ '_'.$autodiscover_config['imap']['port'].
+ '._tcp.'.$autodiscover_config['imap']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['imap']['server'], $autodiscover_config['imap']['port'])
+ );
+ $records[] = array(
+ '_'.$autodiscover_config['pop3']['port'].
+ '._tcp.'.$autodiscover_config['pop3']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['pop3']['server'], $autodiscover_config['pop3']['port'])
+ );
+ $records[] = array(
+ '_'.$autodiscover_config['sieve']['port'].
+ '._tcp.'.$autodiscover_config['sieve']['server'],
+ 'TLSA',
+ generate_tlsa_digest($autodiscover_config['sieve']['server'], $autodiscover_config['sieve']['port'], 1)
+ );
+ }
+}
+$records[] = array(
+ $domain,
+ 'MX',
+ $mailcow_hostname
+);
+if (!in_array($domain, $alias_domains)) {
+ $records[] = array(
+ 'autodiscover.'.$domain,
+ 'CNAME',
+ $mailcow_hostname
+ );
+ $records[] = array(
+ '_autodiscover._tcp.'.$domain,
+ 'SRV',
+ $mailcow_hostname.
+ ' '.$https_port
+ );
+ $records[] = array(
+ 'autoconfig.'.$domain,
+ 'CNAME',
+ $mailcow_hostname
+ );
+}
+$records[] = array(
+ $domain,
+ 'TXT',
+ $spf_link,
+ state_optional
+);
+$records[] = array(
+ '_dmarc.'.$domain,
+ 'TXT',
+ $dmarc_link,
+ state_optional
+);
+
+if (!empty($dkim = dkim('details', $domain))) {
+ $records[] = array(
+ $dkim['dkim_selector'] . '._domainkey.' . $domain,
+ 'TXT',
+ $dkim['dkim_txt']
+ );
+}
+if (!in_array($domain, $alias_domains)) {
+ $current_records = dns_get_record('_pop3._tcp.' . $domain, DNS_SRV);
+ if (count($current_records) == 0 || $current_records[0]['target'] != '') {
+ if ($autodiscover_config['pop3']['tlsport'] != '110') {
+ $records[] = array(
+ '_pop3._tcp.' . $domain,
+ 'SRV',
+ $autodiscover_config['pop3']['server'] . ' ' . $autodiscover_config['pop3']['tlsport']
+ );
+ }
+ }
+ else {
+ $records[] = array(
+ '_pop3._tcp.' . $domain,
+ 'SRV',
+ '. 0'
+ );
+ }
+ $current_records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV);
+ if (count($current_records) == 0 || $current_records[0]['target'] != '') {
+ if ($autodiscover_config['pop3']['port'] != '995') {
+ $records[] = array(
+ '_pop3s._tcp.' . $domain,
+ 'SRV',
+ $autodiscover_config['pop3']['server'] . ' ' . $autodiscover_config['pop3']['port']
+ );
+ }
+ }
+ else {
+ $records[] = array(
+ '_pop3s._tcp.' . $domain,
+ 'SRV',
+ '. 0'
+ );
+ }
+ if ($autodiscover_config['imap']['tlsport'] != '143') {
+ $records[] = array(
+ '_imap._tcp.' . $domain,
+ 'SRV',
+ $autodiscover_config['imap']['server'] . ' ' . $autodiscover_config['imap']['tlsport']
+ );
+ }
+ if ($autodiscover_config['imap']['port'] != '993') {
+ $records[] = array(
+ '_imaps._tcp.' . $domain,
+ 'SRV',
+ $autodiscover_config['imap']['server'] . ' ' . $autodiscover_config['imap']['port']
+ );
+ }
+ if ($autodiscover_config['smtp']['tlsport'] != '587') {
+ $records[] = array(
+ '_submission._tcp.' . $domain,
+ 'SRV',
+ $autodiscover_config['smtp']['server'] . ' ' . $autodiscover_config['smtp']['tlsport']
+ );
+ }
+ if ($autodiscover_config['smtp']['port'] != '465') {
+ $records[] = array(
+ '_smtps._tcp.' . $domain,
+ 'SRV',
+ $autodiscover_config['smtp']['server'] . ' ' . $autodiscover_config['smtp']['port']
+ );
+ }
+ if ($autodiscover_config['sieve']['port'] != '4190') {
+ $records[] = array(
+ '_sieve._tcp.' . $domain,
+ 'SRV',
+ $autodiscover_config['sieve']['server'] . ' ' . $autodiscover_config['sieve']['port']
+ );
+ }
+}
+
+$record_types = array(
+ 'A' => DNS_A,
+ 'AAAA' => DNS_AAAA,
+ 'CNAME' => DNS_CNAME,
+ 'MX' => DNS_MX,
+ 'PTR' => DNS_PTR,
+ 'SRV' => DNS_SRV,
+ 'TXT' => DNS_TXT,
+);
+$data_field = array(
+ 'A' => 'ip',
+ 'AAAA' => 'ipv6',
+ 'CNAME' => 'target',
+ 'MX' => 'target',
+ 'PTR' => 'target',
+ 'SRV' => 'data',
+ 'TLSA' => 'data',
+ 'TXT' => 'txt',
+);
+
+?>
+<div class="table-responsive" id="dnstable">
+ <table class="table table-striped">
+ <tr>
+ <th><?=$lang['diagnostics']['dns_records_name'];?></th>
+ <th><?=$lang['diagnostics']['dns_records_type'];?></th>
+ <th><?=$lang['diagnostics']['dns_records_data'];?></th>
+ <th><?=$lang['diagnostics']['dns_records_status'];?></th>
+ </tr>
+<?php
+foreach ($records as &$record) {
+ $record[1] = strtoupper($record[1]);
+ $state = state_missing;
+ if ($record[1] == 'TLSA') {
+ $currents = dns_get_record($record[0], 52, $_, $_, TRUE);
+ foreach ($currents as &$current) {
+ $current['type'] = 'TLSA';
+ $current['cert_usage'] = hexdec(bin2hex($current['data']{0}));
+ $current['selector'] = hexdec(bin2hex($current['data']{1}));
+ $current['match_type'] = hexdec(bin2hex($current['data']{2}));
+ $current['cert_data'] = bin2hex(substr($current['data'], 3));
+ $current['data'] = $current['cert_usage'] . ' ' . $current['selector'] . ' ' . $current['match_type'] . ' ' . $current['cert_data'];
+ }
+ unset($current);
+ }
+ else {
+ $currents = dns_get_record($record[0], $record_types[$record[1]]);
+ if ($record[0] == $mailcow_hostname && ($record[1] == "A" || $record[1] == "AAAA")) {
+ if (!empty(dns_get_record($record[0], DNS_CNAME))) {
+ $currents[0]['ip'] = state_missing . ' <b>(CNAME)</b>';
+ $currents[0]['ipv6'] = state_missing . ' <b>(CNAME)</b>';
+ }
+ }
+ if ($record[1] == 'SRV') {
+ foreach ($currents as &$current) {
+ if ($current['target'] == '') {
+ $current['target'] = '.';
+ $current['port'] = '0';
+ }
+ $current['data'] = $current['target'] . ' ' . $current['port'];
+ }
+ unset($current);
+ }
+ elseif ($record[1] == 'TXT') {
+ foreach ($currents as &$current) {
+ unset($current);
+ }
+ unset($current);
+ }
+ elseif ($record[1] == 'AAAA') {
+ foreach ($currents as &$current) {
+ $current['ipv6'] = expand_ipv6($current['ipv6']);
+ }
+ }
+ }
+
+ if ($record[1] == 'CNAME' && count($currents) == 0) {
+ // A and AAAA are also valid instead of CNAME
+ $a = dns_get_record($record[0], DNS_A);
+ $cname = dns_get_record($record[2], DNS_A);
+ if (count($a) > 0 && count($cname) > 0) {
+ if ($a[0]['ip'] == $cname[0]['ip']) {
+ $currents = array(array('host' => $record[0], 'class' => 'IN', 'type' => 'CNAME', 'target' => $record[2]));
+ $aaaa = dns_get_record($record[0], DNS_AAAA);
+ $cname = dns_get_record($record[2], DNS_AAAA);
+ if (count($aaaa) == 0 || count($cname) == 0 || expand_ipv6($aaaa[0]['ipv6']) != expand_ipv6($cname[0]['ipv6'])) {
+ $currents[0]['target'] = expand_ipv6($aaaa[0]['ipv6']) . ' <sup>1</sup>';
+ }
+ }
+ else {
+ $currents = array(array('host' => $record[0], 'class' => 'IN', 'type' => 'CNAME', 'target' => $a[0]['ip'] . ' <sup>1</sup>'));
+ }
+ }
+ }
+
+ foreach ($currents as &$current) {
+ if ($current['type'] == 'TXT' &&
+ stripos($current['txt'], 'v=dmarc') === 0 &&
+ $record[2] == $dmarc_link) {
+ $current['txt'] = str_replace(' ', '', $current['txt']);
+ $state = $current[$data_field[$current['type']]] . state_optional;
+ }
+ elseif ($current['type'] == 'TXT' &&
+ stripos($current['txt'], 'v=spf') === 0 &&
+ $record[2] == $spf_link) {
+ $state = state_nomatch;
+ $rslt = get_spf_allowed_hosts($record[0]);
+ if(in_array($ip, $rslt) && in_array(expand_ipv6($ip6), $rslt)){
+ $state = state_good;
+ }
+ $state .= '<br />' . $current[$data_field[$current['type']]].state_optional;
+ }
+ elseif ($current['type'] == 'TXT' &&
+ stripos($current['txt'], 'v=dkim') === 0 &&
+ stripos($record[2], 'v=dkim') === 0) {
+ preg_match('/v=DKIM1;.*k=rsa;.*p=([^;]*).*/i', $current[$data_field[$current['type']]], $dkim_matches_current);
+ preg_match('/v=DKIM1;.*k=rsa;.*p=([^;]*).*/i', $record[2], $dkim_matches_good);
+ if ($dkim_matches_current[1] == $dkim_matches_good[1]) {
+ $state = state_good;
+ }
+ }
+ elseif ($current['type'] != 'TXT' &&
+ isset($data_field[$current['type']]) && $state != state_good) {
+ $state = state_nomatch;
+ if ($current[$data_field[$current['type']]] == $record[2]) {
+ $state = state_good;
+ }
+ }
+ }
+ unset($current);
+
+ if (isset($record[3]) &&
+ $record[3] == state_optional &&
+ ($state == state_missing || $state == state_nomatch)) {
+ $state = state_optional;
+ }
+
+ if ($state == state_nomatch) {
+ $state = array();
+ foreach ($currents as $current) {
+ $state[] = $current[$data_field[$current['type']]];
+ }
+ $state = implode('<br />', $state);
+ }
+ echo sprintf('<tr>
+ <td>%s</td>
+ <td>%s</td>
+ <td class="dns-found">%s</td>
+ <td class="dns-recommended">%s</td>
+ </tr>', $record[0], $record[1], $record[2], $state);
+ $record[3] = explode('<br />', $state);
+}
+unset($record);
+
+$dns_data = sprintf("\$ORIGIN %s.\n", $domain);
+foreach ($records as $record) {
+ if ($domain == substr($record[0], -strlen($domain))) {
+ $label = substr($record[0], 0, -strlen($domain)-1);
+ $val = $record[2];
+ if (strlen($label) == 0) {
+ $label = "@";
+ }
+ $vals = array();
+ if (strpos($val, "<a") !== FALSE) {
+ if(is_array($record[3]) && count($record[3]) == 1 && $record[3][0] == state_optional) {
+ $record[3][0] = "**TODO**";
+ $label = ';' . $label;
+ }
+ foreach ($record[3] as $val) {
+ $val = str_replace(state_optional, '', $val);
+ $val = str_replace(state_good, '', $val);
+ if (strlen($val) > 0) {
+ $vals[] = sprintf("%s\tIN\t%s\t%s\n", $label, $record[1], $val);
+ }
+ }
+ }
+ else {
+ $vals[] = sprintf("%s\tIN\t%s\t%s\n", $label, $record[1], $val);
+ }
+ foreach ($vals as $val) {
+ $dns_data .= str_replace($domain, $domain . '.', $val);
+ }
+ }
+}
+
+?>
+ </table>
+ <a id='download-zonefile' data-zonefile="<?=base64_encode($dns_data);?>" download='<?=$_GET['domain'];?>.txt' type='text/csv'>Download</a>
+ <script>
+ var zonefile_dl_link = document.getElementById('download-zonefile');
+ var zonefile = atob(zonefile_dl_link.getAttribute('data-zonefile'));
+ var data = new Blob([zonefile]);
+ var download_zonefile_link = document.getElementById('download-zonefile');
+ download_zonefile_link.href = URL.createObjectURL(data);
+ </script>
+</div>
+<p class="help-block">
+<sup>1</sup> <?=$lang['diagnostics']['cname_from_a'];?><br />
+<sup>2</sup> <?=$lang['diagnostics']['optional'];?>
+</p>
+<?php
+} else {
+ echo "Session invalid";
+ exit();
+}
+?>
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qitem_details.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qitem_details.php
new file mode 100644
index 0000000..35e599c
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qitem_details.php
@@ -0,0 +1,206 @@
+<?php
+header("Content-Type: application/json");
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+
+function rrmdir($src) {
+ $dir = opendir($src);
+ while(false !== ( $file = readdir($dir)) ) {
+ if (( $file != '.' ) && ( $file != '..' )) {
+ $full = $src . '/' . $file;
+ if ( is_dir($full) ) {
+ rrmdir($full);
+ }
+ else {
+ unlink($full);
+ }
+ }
+ }
+ closedir($dir);
+ rmdir($src);
+}
+
+function addAddresses(&$list, $mail, $headerName) {
+ $addresses = $mail->getAddresses($headerName);
+ foreach ($addresses as $address) {
+ if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) {
+ $list[] = array('address' => $address['address'], 'type' => $headerName);
+ }
+ }
+}
+
+if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) {
+ $mailc = quarantine('hash_details', $_GET['hash']);
+ if ($mailc === false) {
+ echo json_encode(array('error' => 'Message invalid'));
+ exit;
+ }
+ if (strlen($mailc['msg']) > 10485760) {
+ echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
+ exit;
+ }
+ if (!empty($mailc['msg'])) {
+ // Init message array
+ $data = array();
+ // Init parser
+ $mail_parser = new PhpMimeMailParser\Parser();
+ $html2text = new Html2Text\Html2Text();
+ // Load msg to parser
+ $mail_parser->setText($mailc['msg']);
+ // Get mail recipients
+ {
+ $recipientsList = array();
+ addAddresses($recipientsList, $mail_parser, 'to');
+ addAddresses($recipientsList, $mail_parser, 'cc');
+ addAddresses($recipientsList, $mail_parser, 'bcc');
+ $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
+ $data['recipients'] = $recipientsList;
+ }
+ // Get from
+ $data['header_from'] = $mail_parser->getHeader('from');
+ $data['env_from'] = $mailc['sender'];
+ // Get rspamd score
+ $data['score'] = $mailc['score'];
+ // Get rspamd action
+ $data['action'] = $mailc['action'];
+ // Get rspamd symbols
+ $data['symbols'] = json_decode($mailc['symbols']);
+ // Get fuzzy hashes
+ $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
+ $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
+ (empty($data['subject'])) ? $data['subject'] = '-' : null;
+ echo json_encode($data);
+ }
+}
+elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
+ if (!isset($_SESSION['mailcow_cc_role'])) {
+ echo json_encode(array('error' => 'Access denied'));
+ exit();
+ }
+ $tmpdir = '/tmp/' . $_GET['id'] . '/';
+ $mailc = quarantine('details', $_GET['id']);
+ if ($mailc === false) {
+ echo json_encode(array('error' => 'Access denied'));
+ exit;
+ }
+ if (strlen($mailc['msg']) > 10485760) {
+ echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
+ exit;
+ }
+ if (!empty($mailc['msg'])) {
+ if (isset($_GET['quick_release'])) {
+ $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
+ header('Location: /qhandler/release/' . $hash);
+ exit;
+ }
+ if (isset($_GET['quick_delete'])) {
+ $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
+ header('Location: /qhandler/delete/' . $hash);
+ exit;
+ }
+ // Init message array
+ $data = array();
+ // Init parser
+ $mail_parser = new PhpMimeMailParser\Parser();
+ $html2text = new Html2Text\Html2Text();
+ // Load msg to parser
+ $mail_parser->setText($mailc['msg']);
+
+ // Get mail recipients
+ {
+ $recipientsList = array();
+ addAddresses($recipientsList, $mail_parser, 'to');
+ addAddresses($recipientsList, $mail_parser, 'cc');
+ addAddresses($recipientsList, $mail_parser, 'bcc');
+ $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
+ $data['recipients'] = $recipientsList;
+ }
+ // Get from
+ $data['header_from'] = $mail_parser->getHeader('from');
+ $data['env_from'] = $mailc['sender'];
+ // Get rspamd score
+ $data['score'] = $mailc['score'];
+ // Get rspamd action
+ $data['action'] = $mailc['action'];
+ // Get rspamd symbols
+ $data['symbols'] = json_decode($mailc['symbols']);
+ // Get fuzzy hashes
+ $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
+ // Get text/plain content
+ $data['text_plain'] = $mail_parser->getMessageBody('text');
+ // Get html content and convert to text
+ $data['text_html'] = $html2text->convert($mail_parser->getMessageBody('html'));
+ if (empty($data['text_plain']) && empty($data['text_html'])) {
+ // Failed to parse content, try raw
+ $text = trim(substr($mailc['msg'], strpos($mailc['msg'], "\r\n\r\n") + 1));
+ // Only return html->text
+ $data['text_plain'] = 'Parser failed, assuming HTML';
+ $data['text_html'] = $html2text->convert($text);
+ }
+ (empty($data['text_plain'])) ? $data['text_plain'] = '-' : null;
+ // Get subject
+ $data['subject'] = $mail_parser->getHeader('subject');
+ $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
+ (empty($data['subject'])) ? $data['subject'] = '-' : null;
+ // Get attachments
+ if (is_dir($tmpdir)) {
+ rrmdir($tmpdir);
+ }
+ mkdir('/tmp/' . $_GET['id']);
+ $mail_parser->saveAttachments($tmpdir, true);
+ $atts = $mail_parser->getAttachments(true);
+ if (count($atts) > 0) {
+ foreach ($atts as $key => $val) {
+ $data['attachments'][$key] = array(
+ // Index
+ // 0 => file name
+ // 1 => mime type
+ // 2 => file size
+ // 3 => vt link by sha256
+ $val->getFilename(),
+ $val->getContentType(),
+ filesize($tmpdir . $val->getFilename()),
+ 'https://www.virustotal.com/file/' . hash_file('SHA256', $tmpdir . $val->getFilename()) . '/analysis/'
+ );
+ }
+ }
+ if (isset($_GET['eml'])) {
+ $dl_filename = filter_var($data['subject'], FILTER_SANITIZE_STRING);
+ $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename;
+ header('Pragma: public');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Cache-Control: private', false);
+ header('Content-Type: message/rfc822');
+ header('Content-Disposition: attachment; filename="'. $dl_filename . '.eml";');
+ header('Content-Transfer-Encoding: binary');
+ header('Content-Length: ' . strlen($mailc['msg']));
+ echo $mailc['msg'];
+ exit;
+ }
+ if (isset($_GET['att'])) {
+ if ($_SESSION['acl']['quarantine_attachments'] == 0) {
+ exit(json_encode('Forbidden'));
+ }
+ $dl_id = intval($_GET['att']);
+ $dl_filename = filter_var($data['attachments'][$dl_id][0], FILTER_SANITIZE_STRING);
+ $dl_filename_short = strlen($dl_filename) > 20 ? substr($dl_filename, 0, 20) : $dl_filename;
+ $dl_filename_extension = pathinfo($tmpdir . $dl_filename)['extension'];
+ $dl_filename_short = preg_replace('/\.' . $dl_filename_extension . '$/', '', $dl_filename_short);
+ if (!is_dir($tmpdir . $dl_filename) && file_exists($tmpdir . $dl_filename)) {
+ header('Pragma: public');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Cache-Control: private', false);
+ header('Content-Type: ' . $data['attachments'][$dl_id][1]);
+ header('Content-Disposition: attachment; filename="'. $dl_filename_short . '.' . $dl_filename_extension . '";');
+ header('Content-Transfer-Encoding: binary');
+ header('Content-Length: ' . $data['attachments'][$dl_id][2]);
+ readfile($tmpdir . $dl_filename);
+ exit;
+ }
+ }
+ echo json_encode($data);
+ }
+
+}
+?>
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qr_gen.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qr_gen.php
new file mode 100644
index 0000000..267d65a
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qr_gen.php
@@ -0,0 +1,10 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+header('Content-Type: text/plain');
+if (!isset($_SESSION['mailcow_cc_role'])) {
+ exit();
+}
+if (isset($_GET['token']) && ctype_alnum($_GET['token'])) {
+ echo $tfa->getQRCodeImageAsDataUri($_SESSION['mailcow_cc_username'], $_GET['token']);
+}
+?>
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/show_rspamd_global_filters.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/show_rspamd_global_filters.php
new file mode 100644
index 0000000..7c7affe
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/show_rspamd_global_filters.php
@@ -0,0 +1,3 @@
+<?php
+session_start();
+$_SESSION['show_rspamd_global_filters'] = true;
\ No newline at end of file
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/sieve_validation.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/sieve_validation.php
new file mode 100644
index 0000000..eb421b4
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/sieve_validation.php
@@ -0,0 +1,22 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+header('Content-Type: application/json');
+if (!isset($_SESSION['mailcow_cc_role'])) {
+ exit();
+}
+if (isset($_GET['script'])) {
+ $sieve = new Sieve\SieveParser();
+ try {
+ if (empty($_GET['script'])) {
+ echo json_encode(array('type' => 'danger', 'msg' => $lang['danger']['script_empty']));
+ exit();
+ }
+ $sieve->parse($_GET['script']);
+ }
+ catch (Exception $e) {
+ echo json_encode(array('type' => 'danger', 'msg' => $e->getMessage()));
+ exit();
+ }
+ echo json_encode(array('type' => 'success', 'msg' => $lang['add']['validation_success']));
+}
+?>
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/syncjob_logs.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/syncjob_logs.php
new file mode 100644
index 0000000..9c521ae
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/syncjob_logs.php
@@ -0,0 +1,14 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+header('Content-Type: text/plain');
+if (!isset($_SESSION['mailcow_cc_role'])) {
+ exit();
+}
+
+if (isset($_GET['id']) && is_numeric($_GET['id'])) {
+ if ($details = mailbox('get', 'syncjob_details', intval($_GET['id']))) {
+ echo (empty($details['log'])) ? '-' : $details['log'];
+ }
+}
+
+?>
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/transport_check.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/transport_check.php
new file mode 100644
index 0000000..7921687
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/transport_check.php
@@ -0,0 +1,143 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/vars.inc.php';
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\SMTP;
+use PHPMailer\PHPMailer\Exception;
+
+error_reporting(0);
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admin") {
+ $transport_id = intval($_GET['transport_id']);
+ $transport_type = $_GET['transport_type'];
+ if (isset($_GET['mail_from']) && filter_var($_GET['mail_from'], FILTER_VALIDATE_EMAIL)) {
+ $mail_from = $_GET['mail_from'];
+ }
+ else {
+ $mail_from = "relay@example.org";
+ }
+ if ($transport_type == 'transport-map') {
+ $transport_details = transport('details', $transport_id);
+ $nexthop = $transport_details['nexthop'];
+ }
+ elseif ($transport_type == 'sender-dependent') {
+ $transport_details = relayhost('details', $transport_id);
+ $nexthop = $transport_details['hostname'];
+ }
+ if (!empty($transport_details)) {
+ // Remove [ and ]
+ $hostname_w_port = preg_replace('/\[|\]/', '', $nexthop);
+ preg_match('/\[.+\](:.+)/', $nexthop, $hostname_port_match);
+ preg_match('/\[\d\.\d\.\d\.\d\](:.+)/', $nexthop, $ipv4_port_match);
+ $has_bracket_and_port = (isset($hostname_port_match[1])) ? true : false;
+ $is_ipv4_and_has_port = (isset($ipv4_port_match[1])) ? true : false;
+ $skip_lookup_mx = strpos($nexthop, '[');
+ // Explode to hostname and port
+ if ($has_bracket_and_port) {
+ $port = substr($hostname_w_port, strrpos($hostname_w_port, ':') + 1);
+ $hostname = preg_replace('/'. preg_quote(':' . $port, '/') . '$/', '', $hostname_w_port);
+ if (filter_var($hostname, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+ $hostname = '[' . $hostname . ']:';
+ }
+ }
+ else {
+ if ($is_ipv4_and_has_port) {
+ $port = substr($hostname_w_port, strrpos($hostname_w_port, ':') + 1);
+ $hostname = preg_replace('/'. preg_quote(':' . $port, '/') . '$/', '', $hostname_w_port);
+ }
+ if (filter_var($hostname_w_port, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+ $hostname = $hostname_w_port;
+ $port = null;
+ }
+ elseif (filter_var($hostname_w_port, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+ $hostname = '[' . $hostname_w_port . ']';
+ $port = null;
+ }
+ else {
+ $hostname = preg_replace('/'. preg_quote(':' . $port, '/') . '$/', '', $hostname_w_port);
+ $port = null;
+ }
+ }
+ // Try to get MX if host is not [host]
+ if ($skip_lookup_mx === false) {
+ getmxrr($hostname, $mx_records, $mx_weight);
+ if (!empty($mx_records)) {
+ for ($i = 0; $i < count($mx_records); $i++) {
+ $mxs[$mx_records[$i]] = $mx_weight[$i];
+ }
+ asort ($mxs);
+ $records = array_keys($mxs);
+ echo 'Using first matched primary MX for "' . $hostname . '": ';
+ $hostname = $records[0];
+ echo $hostname . '<br>';
+ }
+ else {
+ echo 'No MX records for ' . $hostname . ' were found in DNS, skipping and using hostname as next-hop.<br>';
+ }
+ }
+ // Use port 25 if no port was given
+ $port = (empty($port)) ? 25 : $port;
+ $username = $transport_details['username'];
+ $password = $transport_details['password'];
+
+ $mail = new PHPMailer;
+ $mail->Timeout = 15;
+ $mail->SMTPOptions = array(
+ 'ssl' => array(
+ 'verify_peer' => false,
+ 'verify_peer_name' => false,
+ 'allow_self_signed' => true
+ )
+ );
+ $mail->SMTPDebug = 3;
+ // smtp: and smtp_enforced_tls: do not support wrapped tls, todo?
+ // change postfix map to detect wrapped tls or add a checkbox to toggle wrapped tls
+ // if ($port == 465) {
+ // $mail->SMTPSecure = "ssl";
+ // }
+ $mail->Debugoutput = function($str, $level) {
+ foreach(preg_split("/((\r?\n)|(\r\n?)|\n)/", $str) as $line){
+ if (empty($line)) { continue; }
+ if (preg_match("/SERVER \-\> CLIENT: 2\d\d.+/i", $line)) {
+ echo '<span style="color:darkgreen;font-weight:bold">' . htmlspecialchars($line) . '</span><br>';
+ }
+ elseif (preg_match("/SERVER \-\> CLIENT: 3\d\d.+/i", $line)) {
+ echo '<span style="color:lightgreen;font-weight:bold">' . htmlspecialchars($line) . '</span><br>';
+ }
+ elseif (preg_match("/SERVER \-\> CLIENT: 4\d\d.+/i", $line)) {
+ echo '<span style="color:yellow;font-weight:bold">' . htmlspecialchars($line) . '</span><br>';
+ }
+ elseif (preg_match("/SERVER \-\> CLIENT: 5\d\d.+/i", $line)) {
+ echo '<span style="color:red;font-weight:bold">' . htmlspecialchars($line) . '</span><br>';
+ }
+ elseif (preg_match("/CLIENT \-\> SERVER:.+/i", $line)) {
+ echo '<span style="color:#999;font-weight:bold">' . htmlspecialchars($line) . '</span><br>';
+ }
+ elseif (preg_match("/^(?!SERVER|CLIENT|Connection:|\)).+$/i", $line)) {
+ echo '<span> ↪ ' . htmlspecialchars($line) . '</span><br>';
+ }
+ else {
+ echo htmlspecialchars($line) . '<br>';
+ }
+ }
+ };
+ $mail->isSMTP();
+ $mail->Host = $hostname;
+ if (!empty($username)) {
+ $mail->SMTPAuth = true;
+ $mail->Username = $username;
+ $mail->Password = $password;
+ }
+ $mail->Port = $port;
+ $mail->setFrom($mail_from, 'Mailer');
+ $mail->Subject = 'A subject for a SMTP test';
+ $mail->addAddress($RELAY_TO, 'Joe Null');
+ $mail->Body = 'This is our test body';
+ $mail->send();
+ }
+ else {
+ echo "Unknown transport.";
+ }
+}
+else {
+ echo "Permission denied.";
+}