git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "a832becb"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "a832becb"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/functions.quarantine.inc.php b/mailcow/src/mailcow-dockerized/data/web/inc/functions.quarantine.inc.php
new file mode 100644
index 0000000..f4f49de
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/functions.quarantine.inc.php
@@ -0,0 +1,841 @@
+<?php
+use PHPMailer\PHPMailer\PHPMailer;
+use PHPMailer\PHPMailer\SMTP;
+use PHPMailer\PHPMailer\Exception;
+function quarantine($_action, $_data = null) {
+ global $pdo;
+ global $redis;
+ global $lang;
+ $_data_log = $_data;
+ switch ($_action) {
+ case 'quick_delete':
+ // Dont return results, just log
+ $hash = trim($_data);
+ if (preg_match("/^([a-f0-9]{64})$/", $hash) === false) {
+ logger(array('return' => array(
+ array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ )
+ )));
+ return false;
+ }
+ $stmt = $pdo->prepare('SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl`.`username` = `rcpt`
+ WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash
+ AND user_acl.quarantine = 1
+ AND rcpt IN (SELECT username FROM mailbox)');
+ $stmt->execute(array(':hash' => $hash));
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if (empty($row['id']) || !is_numeric($row['id'])) {
+ logger(array('return' => array(
+ array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ )
+ )));
+ return false;
+ }
+ else {
+ $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE id = :id");
+ $stmt->execute(array(
+ ':id' => $row['id']
+ ));
+ }
+ logger(array('return' => array(
+ array(
+ 'type' => 'success',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('item_deleted', $row['id'])
+ )
+ )));
+ break;
+ case 'quick_release':
+ // Dont return results, just log
+ $hash = trim($_data);
+ if (preg_match("/^([a-f0-9]{64})$/", $hash) === false) {
+ logger(array('return' => array(
+ array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ )
+ )));
+ return false;
+ }
+ $stmt = $pdo->prepare('SELECT `id` FROM `quarantine` LEFT OUTER JOIN `user_acl` ON `user_acl`.`username` = `rcpt`
+ WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash
+ AND `user_acl`.`quarantine` = 1
+ AND `username` IN (SELECT `username` FROM `mailbox`)');
+ $stmt->execute(array(':hash' => $hash));
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if (empty($row['id']) || !is_numeric($row['id'])) {
+ logger(array('return' => array(
+ array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ )
+ )));
+ return false;
+ }
+ else {
+ $stmt = $pdo->prepare('SELECT `msg`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
+ $stmt->execute(array(':id' => $row['id']));
+ $detail_row = $stmt->fetch(PDO::FETCH_ASSOC);
+ $sender = !empty($detail_row['sender']) ? $detail_row['sender'] : 'sender-unknown@rspamd';
+ if (!empty(gethostbynamel('postfix-mailcow'))) {
+ $postfix = 'postfix-mailcow';
+ }
+ if (!empty(gethostbynamel('postfix'))) {
+ $postfix = 'postfix';
+ }
+ else {
+ logger(array('return' => array(
+ array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('release_send_failed', 'Cannot determine Postfix host')
+ )
+ )));
+ return false;
+ }
+ try {
+ $release_format = $redis->Get('Q_RELEASE_FORMAT');
+ }
+ catch (RedisException $e) {
+ logger(array('return' => array(
+ array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('redis_error', $e)
+ )
+ )));
+ return false;
+ }
+ if ($release_format == 'attachment') {
+ try {
+ $mail = new PHPMailer(true);
+ $mail->isSMTP();
+ $mail->SMTPDebug = 0;
+ $mail->SMTPOptions = array(
+ 'ssl' => array(
+ 'verify_peer' => false,
+ 'verify_peer_name' => false,
+ 'allow_self_signed' => true
+ )
+ );
+ if (!empty(gethostbynamel('postfix-mailcow'))) {
+ $postfix = 'postfix-mailcow';
+ }
+ if (!empty(gethostbynamel('postfix'))) {
+ $postfix = 'postfix';
+ }
+ else {
+ logger(array('return' => array(
+ array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('release_send_failed', 'Cannot determine Postfix host')
+ )
+ )));
+ return false;
+ }
+ $mail->Host = $postfix;
+ $mail->Port = 590;
+ $mail->setFrom($sender);
+ $mail->CharSet = 'UTF-8';
+ $mail->Subject = sprintf($lang['quarantine']['release_subject'], $detail_row['qid']);
+ $mail->addAddress($detail_row['rcpt']);
+ $mail->IsHTML(false);
+ $msg_tmpf = tempnam("/tmp", $detail_row['qid']);
+ file_put_contents($msg_tmpf, $detail_row['msg']);
+ $mail->addAttachment($msg_tmpf, $detail_row['qid'] . '.eml');
+ $mail->Body = sprintf($lang['quarantine']['release_body']);
+ $mail->send();
+ unlink($msg_tmpf);
+ }
+ catch (phpmailerException $e) {
+ unlink($msg_tmpf);
+ logger(array('return' => array(
+ array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('release_send_failed', $e->errorMessage())
+ )
+ )));
+ return false;
+ }
+ }
+ elseif ($release_format == 'raw') {
+ $detail_row['msg'] = preg_replace('/^X-Spam-Flag: (.*)/', 'X-Pre-Release-Spam-Flag $1', $detail_row['msg']);
+ $postfix_talk = array(
+ array('220', 'HELO quarantine' . chr(10)),
+ array('250', 'MAIL FROM: ' . $sender . chr(10)),
+ array('250', 'RCPT TO: ' . $detail_row['rcpt'] . chr(10)),
+ array('250', 'DATA' . chr(10)),
+ array('354', $detail_row['msg'] . chr(10) . '.' . chr(10)),
+ array('250', 'QUIT' . chr(10)),
+ array('221', '')
+ );
+ // Thanks to https://stackoverflow.com/questions/6632399/given-an-email-as-raw-text-how-can-i-send-it-using-php
+ $smtp_connection = fsockopen($postfix, 590, $errno, $errstr, 1);
+ if (!$smtp_connection) {
+ logger(array('return' => array(
+ array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'Cannot connect to Postfix'
+ )
+ )));
+ return false;
+ }
+ for ($i=0; $i < count($postfix_talk); $i++) {
+ $smtp_resource = fgets($smtp_connection, 256);
+ if (substr($smtp_resource, 0, 3) !== $postfix_talk[$i][0]) {
+ $ret = substr($smtp_resource, 0, 3);
+ $ret = (empty($ret)) ? '-' : $ret;
+ logger(array('return' => array(
+ array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'Postfix returned SMTP code ' . $smtp_resource . ', expected ' . $postfix_talk[$i][0]
+ )
+ )));
+ return false;
+ }
+ if ($postfix_talk[$i][1] !== '') {
+ fputs($smtp_connection, $postfix_talk[$i][1]);
+ }
+ }
+ fclose($smtp_connection);
+ }
+ $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE id = :id");
+ $stmt->execute(array(
+ ':id' => $row['id']
+ ));
+ }
+ logger(array('return' => array(
+ array(
+ 'type' => 'success',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('item_released', $hash)
+ )
+ )));
+ break;
+ case 'delete':
+ if (!is_array($_data['id'])) {
+ $ids = array();
+ $ids[] = $_data['id'];
+ }
+ else {
+ $ids = $_data['id'];
+ }
+ if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ return false;
+ }
+ foreach ($ids as $id) {
+ if (!is_numeric($id)) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ continue;
+ }
+ $stmt = $pdo->prepare('SELECT `rcpt` FROM `quarantine` WHERE `id` = :id');
+ $stmt->execute(array(':id' => $id));
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin') {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ continue;
+ }
+ else {
+ $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
+ $stmt->execute(array(
+ ':id' => $id
+ ));
+ }
+ $_SESSION['return'][] = array(
+ 'type' => 'success',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('item_deleted', $id)
+ );
+ }
+ break;
+ case 'edit':
+ if (!isset($_SESSION['acl']['quarantine']) || $_SESSION['acl']['quarantine'] != "1" ) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ return false;
+ }
+ // Edit settings
+ if ($_data['action'] == 'settings') {
+ if ($_SESSION['mailcow_cc_role'] != "admin") {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ return false;
+ }
+ $retention_size = $_data['retention_size'];
+ if ($_data['release_format'] == 'attachment' || $_data['release_format'] == 'raw') {
+ $release_format = $_data['release_format'];
+ }
+ else {
+ $release_format = 'raw';
+ }
+ $max_size = $_data['max_size'];
+ if ($_data['max_score'] == "") {
+ $max_score = '';
+ }
+ else {
+ $max_score = floatval($_data['max_score']);
+ }
+ $max_age = intval($_data['max_age']);
+ $subject = $_data['subject'];
+ if (!filter_var($_data['bcc'], FILTER_VALIDATE_EMAIL)) {
+ $bcc = '';
+ }
+ else {
+ $bcc = $_data['bcc'];
+ }
+ if (!filter_var($_data['redirect'], FILTER_VALIDATE_EMAIL)) {
+ $redirect = '';
+ }
+ else {
+ $redirect = $_data['redirect'];
+ }
+ if (!filter_var($_data['sender'], FILTER_VALIDATE_EMAIL)) {
+ $sender = '';
+ }
+ else {
+ $sender = $_data['sender'];
+ }
+ $html = $_data['html_tmpl'];
+ if ($max_age <= 0) {
+ $max_age = 365;
+ }
+ $exclude_domains = (array)$_data['exclude_domains'];
+ try {
+ $redis->Set('Q_RETENTION_SIZE', intval($retention_size));
+ $redis->Set('Q_MAX_SIZE', intval($max_size));
+ $redis->Set('Q_MAX_SCORE', $max_score);
+ $redis->Set('Q_MAX_AGE', $max_age);
+ $redis->Set('Q_EXCLUDE_DOMAINS', json_encode($exclude_domains));
+ $redis->Set('Q_RELEASE_FORMAT', $release_format);
+ $redis->Set('Q_SENDER', $sender);
+ $redis->Set('Q_BCC', $bcc);
+ $redis->Set('Q_REDIRECT', $redirect);
+ $redis->Set('Q_SUBJ', $subject);
+ $redis->Set('Q_HTML', $html);
+ }
+ catch (RedisException $e) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('redis_error', $e)
+ );
+ return false;
+ }
+ $_SESSION['return'][] = array(
+ 'type' => 'success',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'saved_settings'
+ );
+ }
+ // Release item
+ elseif ($_data['action'] == 'release' || $_data['action'] == 'learnham') {
+ if (!is_array($_data['id'])) {
+ $ids = array();
+ $ids[] = $_data['id'];
+ }
+ else {
+ $ids = $_data['id'];
+ }
+ foreach ($ids as $id) {
+ if (!is_numeric($id)) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ continue;
+ }
+ $stmt = $pdo->prepare('SELECT `msg`, `action`, `qid`, `sender`, `rcpt` FROM `quarantine` WHERE `id` = :id');
+ $stmt->execute(array(':id' => $id));
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin' || empty($row['rcpt'])) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ continue;
+ }
+ $sender = !empty($row['sender']) ? $row['sender'] : 'sender-unknown@rspamd';
+ if (!empty(gethostbynamel('postfix-mailcow'))) {
+ $postfix = 'postfix-mailcow';
+ }
+ if (!empty(gethostbynamel('postfix'))) {
+ $postfix = 'postfix';
+ }
+ else {
+ $_SESSION['return'][] = array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('release_send_failed', 'Cannot determine Postfix host')
+ );
+ continue;
+ }
+ try {
+ $release_format = $redis->Get('Q_RELEASE_FORMAT');
+ }
+ catch (RedisException $e) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('redis_error', $e)
+ );
+ return false;
+ }
+ if ($release_format == 'attachment') {
+ try {
+ $mail = new PHPMailer(true);
+ $mail->isSMTP();
+ $mail->SMTPDebug = 0;
+ $mail->SMTPOptions = array(
+ 'ssl' => array(
+ 'verify_peer' => false,
+ 'verify_peer_name' => false,
+ 'allow_self_signed' => true
+ )
+ );
+ if (!empty(gethostbynamel('postfix-mailcow'))) {
+ $postfix = 'postfix-mailcow';
+ }
+ if (!empty(gethostbynamel('postfix'))) {
+ $postfix = 'postfix';
+ }
+ else {
+ $_SESSION['return'][] = array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('release_send_failed', 'Cannot determine Postfix host')
+ );
+ continue;
+ }
+ $mail->Host = $postfix;
+ $mail->Port = 590;
+ $mail->setFrom($sender);
+ $mail->CharSet = 'UTF-8';
+ $mail->Subject = sprintf($lang['quarantine']['release_subject'], $row['qid']);
+ $mail->addAddress($row['rcpt']);
+ $mail->IsHTML(false);
+ $msg_tmpf = tempnam("/tmp", $row['qid']);
+ file_put_contents($msg_tmpf, $row['msg']);
+ $mail->addAttachment($msg_tmpf, $row['qid'] . '.eml');
+ $mail->Body = sprintf($lang['quarantine']['release_body']);
+ $mail->send();
+ unlink($msg_tmpf);
+ }
+ catch (phpmailerException $e) {
+ unlink($msg_tmpf);
+ $_SESSION['return'][] = array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('release_send_failed', $e->errorMessage())
+ );
+ continue;
+ }
+ }
+ elseif ($release_format == 'raw') {
+ $row['msg'] = preg_replace('/^X-Spam-Flag: (.*)/', 'X-Pre-Release-Spam-Flag $1', $row['msg']);
+ $postfix_talk = array(
+ array('220', 'HELO quarantine' . chr(10)),
+ array('250', 'MAIL FROM: ' . $sender . chr(10)),
+ array('250', 'RCPT TO: ' . $row['rcpt'] . chr(10)),
+ array('250', 'DATA' . chr(10)),
+ array('354', str_replace("\n.", '', $row['msg']) . chr(10) . '.' . chr(10)),
+ array('250', 'QUIT' . chr(10)),
+ array('221', '')
+ );
+ // Thanks to https://stackoverflow.com/questions/6632399/given-an-email-as-raw-text-how-can-i-send-it-using-php
+ $smtp_connection = fsockopen($postfix, 590, $errno, $errstr, 1);
+ if (!$smtp_connection) {
+ $_SESSION['return'][] = array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'Cannot connect to Postfix'
+ );
+ return false;
+ }
+ for ($i=0; $i < count($postfix_talk); $i++) {
+ $smtp_resource = fgets($smtp_connection, 256);
+ if (substr($smtp_resource, 0, 3) !== $postfix_talk[$i][0]) {
+ $ret = substr($smtp_resource, 0, 3);
+ $ret = (empty($ret)) ? '-' : $ret;
+ $_SESSION['return'][] = array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'Postfix returned SMTP code ' . $smtp_resource . ', expected ' . $postfix_talk[$i][0]
+ );
+ return false;
+ }
+ if ($postfix_talk[$i][1] !== '') {
+ fputs($smtp_connection, $postfix_talk[$i][1]);
+ }
+ }
+ fclose($smtp_connection);
+ }
+ $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
+ $stmt->execute(array(
+ ':id' => $id
+ ));
+ $_SESSION['return'][] = array(
+ 'type' => 'success',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('item_released', $id)
+ );
+ // Item was released and deleted from quarantine, now learning ham
+ $curl = curl_init();
+ curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($curl, CURLOPT_POST, 1);
+ curl_setopt($curl, CURLOPT_TIMEOUT, 30);
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain'));
+ curl_setopt($curl, CURLOPT_URL,"http://rspamd/learnham");
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
+ $response = curl_exec($curl);
+ if (!curl_errno($curl)) {
+ $response = json_decode($response, true);
+ if (isset($response['error'])) {
+ if (stripos($response['error'], 'already learned') === false) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('ham_learn_error', $response['error'])
+ );
+ continue;
+ }
+ }
+ curl_close($curl);
+ $curl = curl_init();
+ curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($curl, CURLOPT_POST, 1);
+ curl_setopt($curl, CURLOPT_TIMEOUT, 30);
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 11'));
+ curl_setopt($curl, CURLOPT_URL,"http://rspamd/fuzzydel");
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
+ // It is most likely not a spam hash, so we ignore any error/warning response
+ // $response = curl_exec($curl);
+ if (!curl_errno($curl)) {
+ curl_close($curl);
+ $curl = curl_init();
+ curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($curl, CURLOPT_POST, 1);
+ curl_setopt($curl, CURLOPT_TIMEOUT, 30);
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 13'));
+ curl_setopt($curl, CURLOPT_URL,"http://rspamd/fuzzyadd");
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
+ $response = curl_exec($curl);
+ curl_exec($curl);
+ if (!curl_errno($curl)) {
+ $response = json_decode($response, true);
+ if (isset($response['error'])) {
+ if (stripos($response['error'], 'No content to generate fuzzy') === false) {
+ $_SESSION['return'][] = array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('fuzzy_learn_error', $response['error'])
+ );
+ }
+ }
+ }
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'success',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('learned_ham', $id)
+ );
+ continue;
+ }
+ else {
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('ham_learn_error', 'Curl: ' . curl_strerror(curl_errno($curl)))
+ );
+ continue;
+ }
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('ham_learn_error', 'unknown')
+ );
+ continue;
+ }
+ else {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('ham_learn_error', 'Curl: ' . curl_strerror(curl_errno($curl)))
+ );
+ curl_close($curl);
+ continue;
+ }
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('ham_learn_error', 'unknown')
+ );
+ continue;
+ }
+ }
+ elseif ($_data['action'] == 'learnspam') {
+ if (!is_array($_data['id'])) {
+ $ids = array();
+ $ids[] = $_data['id'];
+ }
+ else {
+ $ids = $_data['id'];
+ }
+ foreach ($ids as $id) {
+ if (!is_numeric($id)) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ continue;
+ }
+ $stmt = $pdo->prepare('SELECT `msg`, `rcpt`, `action` FROM `quarantine` WHERE `id` = :id');
+ $stmt->execute(array(':id' => $id));
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) && $_SESSION['mailcow_cc_role'] != 'admin' || empty($row['rcpt'])) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ );
+ continue;
+ }
+ $stmt = $pdo->prepare("DELETE FROM `quarantine` WHERE `id` = :id");
+ $stmt->execute(array(
+ ':id' => $id
+ ));
+ $curl = curl_init();
+ curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($curl, CURLOPT_POST, 1);
+ curl_setopt($curl, CURLOPT_TIMEOUT, 30);
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain'));
+ curl_setopt($curl, CURLOPT_URL,"http://rspamd/learnspam");
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
+ $response = curl_exec($curl);
+ if (!curl_errno($curl)) {
+ $response = json_decode($response, true);
+ if (isset($response['error'])) {
+ if (stripos($response['error'], 'already learned') === false) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('spam_learn_error', $response['error'])
+ );
+ continue;
+ }
+ }
+ curl_close($curl);
+ $curl = curl_init();
+ curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($curl, CURLOPT_POST, 1);
+ curl_setopt($curl, CURLOPT_TIMEOUT, 30);
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 13'));
+ curl_setopt($curl, CURLOPT_URL,"http://rspamd/fuzzydel");
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
+ // It is most likely not a spam hash, so we ignore any error/warning response
+ // $response = curl_exec($curl);
+ if (!curl_errno($curl)) {
+ curl_close($curl);
+ $curl = curl_init();
+ curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock');
+ curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+ curl_setopt($curl, CURLOPT_POST, 1);
+ curl_setopt($curl, CURLOPT_TIMEOUT, 30);
+ curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 11'));
+ curl_setopt($curl, CURLOPT_URL,"http://rspamd/fuzzyadd");
+ curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']);
+ $response = curl_exec($curl);
+ curl_exec($curl);
+ if (!curl_errno($curl)) {
+ $response = json_decode($response, true);
+ if (isset($response['error'])) {
+ if (stripos($response['error'], 'No content to generate fuzzy') === false) {
+ $_SESSION['return'][] = array(
+ 'type' => 'warning',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('fuzzy_learn_error', $response['error'])
+ );
+ }
+ }
+ }
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'success',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('qlearn_spam', $id)
+ );
+ continue;
+ }
+ else {
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('spam_learn_error', 'Curl: ' . curl_strerror(curl_errno($curl)))
+ );
+ continue;
+ }
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('spam_learn_error', 'unknown')
+ );
+ continue;
+ }
+ else {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('spam_learn_error', 'Curl: ' . curl_strerror(curl_errno($curl)))
+ );
+ curl_close($curl);
+ continue;
+ }
+ curl_close($curl);
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('spam_learn_error', 'unknown')
+ );
+ continue;
+ }
+ }
+ return true;
+ break;
+ case 'get':
+ if ($_SESSION['mailcow_cc_role'] == "user") {
+ $stmt = $pdo->prepare('SELECT `id`, `qid`, `subject`, LOCATE("VIRUS_FOUND", `symbols`) AS `virus_flag`, `score`, `rcpt`, `sender`, `action`, UNIX_TIMESTAMP(`created`) AS `created`, `notified` FROM `quarantine` WHERE `rcpt` = :mbox');
+ $stmt->execute(array(':mbox' => $_SESSION['mailcow_cc_username']));
+ $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+ while($row = array_shift($rows)) {
+ $q_meta[] = $row;
+ }
+ }
+ elseif ($_SESSION['mailcow_cc_role'] == "admin") {
+ $stmt = $pdo->query('SELECT `id`, `qid`, `subject`, LOCATE("VIRUS_FOUND", `symbols`) AS `virus_flag`, `score`, `rcpt`, `sender`, `action`, UNIX_TIMESTAMP(`created`) AS `created`, `notified` FROM `quarantine`');
+ $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+ while($row = array_shift($rows)) {
+ $q_meta[] = $row;
+ }
+ }
+ else {
+ $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
+ foreach ($domains as $domain) {
+ $stmt = $pdo->prepare('SELECT `id`, `qid`, `subject`, LOCATE("VIRUS_FOUND", `symbols`) AS `virus_flag`, `score`, `rcpt`, `sender`, `action`, UNIX_TIMESTAMP(`created`) AS `created`, `notified` FROM `quarantine` WHERE `rcpt` REGEXP :domain');
+ $stmt->execute(array(':domain' => '@' . $domain . '$'));
+ $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+ while($row = array_shift($rows)) {
+ $q_meta[] = $row;
+ }
+ }
+ }
+ return $q_meta;
+ break;
+ case 'settings':
+ try {
+ if ($_SESSION['mailcow_cc_role'] == "admin") {
+ $settings['exclude_domains'] = json_decode($redis->Get('Q_EXCLUDE_DOMAINS'), true);
+ }
+ $settings['max_size'] = $redis->Get('Q_MAX_SIZE');
+ $settings['max_score'] = $redis->Get('Q_MAX_SCORE');
+ $settings['max_age'] = $redis->Get('Q_MAX_AGE');
+ $settings['retention_size'] = $redis->Get('Q_RETENTION_SIZE');
+ $settings['release_format'] = $redis->Get('Q_RELEASE_FORMAT');
+ $settings['subject'] = $redis->Get('Q_SUBJ');
+ $settings['sender'] = $redis->Get('Q_SENDER');
+ $settings['bcc'] = $redis->Get('Q_BCC');
+ $settings['redirect'] = $redis->Get('Q_REDIRECT');
+ $settings['html_tmpl'] = htmlspecialchars($redis->Get('Q_HTML'));
+ if (empty($settings['html_tmpl'])) {
+ $settings['html_tmpl'] = htmlspecialchars(file_get_contents("/tpls/quarantine.tpl"));
+ }
+ }
+ catch (RedisException $e) {
+ $_SESSION['return'][] = array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => array('redis_error', $e)
+ );
+ return false;
+ }
+ return $settings;
+ break;
+ case 'details':
+ if (!is_numeric($_data) || empty($_data)) {
+ return false;
+ }
+ $stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE `id`= :id');
+ $stmt->execute(array(':id' => $_data));
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if (hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $row['rcpt']) || $_SESSION['mailcow_cc_role'] == 'admin') {
+ return $row;
+ }
+ logger(array('return' => array(
+ array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ )
+ )));
+ return false;
+ break;
+ case 'hash_details':
+ $hash = trim($_data);
+ if (preg_match("/^([a-f0-9]{64})$/", $hash) === false) {
+ logger(array('return' => array(
+ array(
+ 'type' => 'danger',
+ 'log' => array(__FUNCTION__, $_action, $_data_log),
+ 'msg' => 'access_denied'
+ )
+ )));
+ return false;
+ }
+ $stmt = $pdo->prepare('SELECT * FROM `quarantine` WHERE SHA2(CONCAT(`id`, `qid`), 256) = :hash');
+ $stmt->execute(array(':hash' => $hash));
+ return $stmt->fetch(PDO::FETCH_ASSOC);
+ break;
+ }
+}