add SPF and DKIM stuff to DNS
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
@@ -129,12 +129,7 @@ if ($action == 'add_record' && ! empty($_POST)) {
|
||||
$content .= '.';
|
||||
} elseif ($type == 'TXT' && ! empty($content)) {
|
||||
// check that TXT content is enclosed in " "
|
||||
if (substr($content, 0, 1) != '"') {
|
||||
$content = '"' . $content;
|
||||
}
|
||||
if (substr($content, - 1) != '"') {
|
||||
$content .= '"';
|
||||
}
|
||||
$content = encloseTXTContent($content);
|
||||
} elseif ($type == 'SRV') {
|
||||
if ($prio === null || $prio < 0) {
|
||||
$errors[] = $lng['error']['dns_srv_prioempty'];
|
||||
|
||||
@@ -47,8 +47,7 @@ function createDomainZone($domain_id, $froxlorhostname = false)
|
||||
if ($domain['iswildcarddomain'] == '1') {
|
||||
addRequiredEntry('*', 'A', $required_entries);
|
||||
addRequiredEntry('*', 'AAAA', $required_entries);
|
||||
} else
|
||||
if ($domain['wwwserveralias'] == '1') {
|
||||
} elseif ($domain['wwwserveralias'] == '1') {
|
||||
addRequiredEntry('www', 'A', $required_entries);
|
||||
addRequiredEntry('www', 'AAAA', $required_entries);
|
||||
}
|
||||
@@ -92,14 +91,34 @@ function createDomainZone($domain_id, $froxlorhostname = false)
|
||||
addRequiredEntry(str_replace('.' . $domain['domain'], '', $mainbutsubtodomain['domain']), 'NS', $required_entries);
|
||||
}
|
||||
|
||||
// additional required records for SPF and DKIM if activated
|
||||
if (Settings::Get('spf.use_spf') == '1') {
|
||||
// check for SPF content later
|
||||
addRequiredEntry('@SPF@', 'TXT', $required_entries);
|
||||
}
|
||||
if (Settings::Get('dkim.use_dkim') == '1') {
|
||||
// check for DKIM content later
|
||||
addRequiredEntry('dkim_' . $domain['dkim_id'] . '._domainkey', 'TXT', $required_entries);
|
||||
// check for ASDP
|
||||
if (Settings::Get('dkim.dkim_add_adsp') == "1") {
|
||||
addRequiredEntry('_adsp._domainkey', 'TXT', $required_entries);
|
||||
}
|
||||
}
|
||||
|
||||
$primary_ns = null;
|
||||
$zonefile = "";
|
||||
|
||||
// now generate all records and unset the required entries we have
|
||||
foreach ($dom_entries as $entry) {
|
||||
if (array_key_exists($entry['type'], $required_entries) && array_key_exists(md5($entry['record']), $required_entries[$entry['type']])) {
|
||||
// check for SPF entry if required
|
||||
if (Settings::Get('spf.use_spf') == '1' && $entry['type'] == 'TXT' && $entry['record'] == '@' && strtolower(substr($entry['content'], 0, 7)) == '"v=spf1') {
|
||||
// unset special spf required-entry
|
||||
unset($required_entries[$entry['type']][md5("@SPF@")]);
|
||||
} else {
|
||||
unset($required_entries[$entry['type']][md5($entry['record'])]);
|
||||
}
|
||||
}
|
||||
if (empty($primary_ns) && $entry['type'] == 'NS') {
|
||||
// use the first NS entry as primary ns
|
||||
$primary_ns = $entry['content'];
|
||||
@@ -196,6 +215,29 @@ function createDomainZone($domain_id, $froxlorhostname = false)
|
||||
unset($required_entries['MX']);
|
||||
}
|
||||
}
|
||||
|
||||
// TXT (SPF and DKIM)
|
||||
if (array_key_exists("TXT", $required_entries)) {
|
||||
|
||||
if (Settings::Get('dkim.use_dkim') == '1') {
|
||||
$dkim_entries = generateDkimEntries($domain);
|
||||
}
|
||||
|
||||
foreach ($required_entries as $type => $records) {
|
||||
if ($type == 'TXT') {
|
||||
foreach ($records as $record) {
|
||||
if ($record == '@SPF@') {
|
||||
$txt_content = Settings::Get('spf.spf_entry');
|
||||
$zonefile .= formatEntry('@', 'TXT', encloseTXTContent($txt_content));
|
||||
} elseif ($record == 'dkim_' . $domain['dkim_id'] . '._domainkey' && ! empty($dkim_entries)) {
|
||||
$zonefile .= formatEntry($record, 'TXT', encloseTXTContent($dkim_entries[0]));
|
||||
} elseif ($record == '_adsp._domainkey' && ! empty($dkim_entries) && isset($dkim_entries[1])) {
|
||||
$zonefile .= formatEntry($record, 'TXT', encloseTXTContent($dkim_entries[1]));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($primary_ns)) {
|
||||
@@ -232,3 +274,86 @@ function addRequiredEntry($record = '@', $type = 'A', &$required)
|
||||
}
|
||||
$required[$type][md5($record)] = $record;
|
||||
}
|
||||
|
||||
function generateDkimEntries($domain)
|
||||
{
|
||||
$zone_dkim = array();
|
||||
|
||||
if (Settings::Get('dkim.use_dkim') == '1' && $domain['dkim'] == '1' && $domain['dkim_pubkey'] != '') {
|
||||
// start
|
||||
$dkim_txt = 'v=DKIM1;';
|
||||
|
||||
// algorithm
|
||||
$algorithm = explode(',', Settings::Get('dkim.dkim_algorithm'));
|
||||
$alg = '';
|
||||
foreach ($algorithm as $a) {
|
||||
if ($a == 'all') {
|
||||
break;
|
||||
} else {
|
||||
$alg .= $a . ':';
|
||||
}
|
||||
}
|
||||
|
||||
if ($alg != '') {
|
||||
$alg = substr($alg, 0, - 1);
|
||||
$dkim_txt .= 'h=' . $alg . ';';
|
||||
}
|
||||
|
||||
// notes
|
||||
if (trim(Settings::Get('dkim.dkim_notes') != '')) {
|
||||
$dkim_txt .= 'n=' . trim(Settings::Get('dkim.dkim_notes')) . ';';
|
||||
}
|
||||
|
||||
// key
|
||||
$dkim_txt .= 'k=rsa;p=' . trim(preg_replace('/-----BEGIN PUBLIC KEY-----(.+)-----END PUBLIC KEY-----/s', '$1', str_replace("\n", '', $domain['dkim_pubkey']))) . ';';
|
||||
|
||||
// service-type
|
||||
if (Settings::Get('dkim.dkim_servicetype') == '1') {
|
||||
$dkim_txt .= 's=email;';
|
||||
}
|
||||
|
||||
// end-part
|
||||
$dkim_txt .= 't=s';
|
||||
|
||||
// split if necessary
|
||||
$txt_record_split = '';
|
||||
$lbr = 50;
|
||||
for ($pos = 0; $pos <= strlen($dkim_txt) - 1; $pos += $lbr) {
|
||||
$txt_record_split .= (($pos == 0) ? '("' : "\t\t\t\t\t \"") . substr($dkim_txt, $pos, $lbr) . (($pos >= strlen($dkim_txt) - $lbr) ? '")' : '"') . "\n";
|
||||
}
|
||||
|
||||
// dkim-entry
|
||||
$zone_dkim[] = $txt_record_split;
|
||||
|
||||
// adsp-entry
|
||||
if (Settings::Get('dkim.dkim_add_adsp') == "1") {
|
||||
$adsp = '"dkim=';
|
||||
switch ((int) Settings::Get('dkim.dkim_add_adsppolicy')) {
|
||||
case 0:
|
||||
$adsp .= 'unknown"';
|
||||
break;
|
||||
case 1:
|
||||
$adsp .= 'all"';
|
||||
break;
|
||||
case 2:
|
||||
$adsp .= 'discardable"';
|
||||
break;
|
||||
}
|
||||
$zone_dkim[] = $adsp;
|
||||
}
|
||||
}
|
||||
|
||||
return $zone_dkim;
|
||||
}
|
||||
|
||||
function encloseTXTContent($txt_content)
|
||||
{
|
||||
// check that TXT content is enclosed in " "
|
||||
if (substr($txt_content, 0, 1) != '"') {
|
||||
$txt_content = '"' . $txt_content;
|
||||
}
|
||||
if (substr($txt_content, - 1) != '"') {
|
||||
$txt_content .= '"';
|
||||
}
|
||||
return $txt_content;
|
||||
}
|
||||
|
||||
@@ -154,6 +154,86 @@ class bind2
|
||||
$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'Bind9 reloaded');
|
||||
}
|
||||
|
||||
public function writeDKIMconfigs()
|
||||
{
|
||||
if (Settings::Get('dkim.use_dkim') == '1') {
|
||||
if (! file_exists(makeCorrectDir(Settings::Get('dkim.dkim_prefix')))) {
|
||||
$this->_logger->logAction(CRON_ACTION, LOG_NOTICE, 'mkdir -p ' . escapeshellarg(makeCorrectDir(Settings::Get('dkim.dkim_prefix'))));
|
||||
safe_exec('mkdir -p ' . escapeshellarg(makeCorrectDir(Settings::Get('dkim.dkim_prefix'))));
|
||||
}
|
||||
|
||||
$dkimdomains = '';
|
||||
$dkimkeys = '';
|
||||
$result_domains_stmt = Database::query("
|
||||
SELECT `id`, `domain`, `dkim`, `dkim_id`, `dkim_pubkey`, `dkim_privkey`
|
||||
FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `dkim` = '1' ORDER BY `id` ASC
|
||||
");
|
||||
|
||||
while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
|
||||
$privkey_filename = makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id']);
|
||||
$pubkey_filename = makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id'] . '.public');
|
||||
|
||||
if ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {
|
||||
$max_dkim_id_stmt = Database::query("SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `" . TABLE_PANEL_DOMAINS . "`");
|
||||
$max_dkim_id = $max_dkim_id_stmt->fetch(PDO::FETCH_ASSOC);
|
||||
$domain['dkim_id'] = (int) $max_dkim_id['max_dkim_id'] + 1;
|
||||
$privkey_filename = makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id']);
|
||||
safe_exec('openssl genrsa -out ' . escapeshellarg($privkey_filename) . ' ' . Settings::Get('dkim.dkim_keylength'));
|
||||
$domain['dkim_privkey'] = file_get_contents($privkey_filename);
|
||||
safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
|
||||
$pubkey_filename = makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim_' . $domain['dkim_id'] . '.public');
|
||||
safe_exec('openssl rsa -in ' . escapeshellarg($privkey_filename) . ' -pubout -outform pem -out ' . escapeshellarg($pubkey_filename));
|
||||
$domain['dkim_pubkey'] = file_get_contents($pubkey_filename);
|
||||
safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
|
||||
$upd_stmt = Database::prepare("
|
||||
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
|
||||
`dkim_id` = :dkimid,
|
||||
`dkim_privkey` = :privkey,
|
||||
`dkim_pubkey` = :pubkey
|
||||
WHERE `id` = :id
|
||||
");
|
||||
$upd_data = array(
|
||||
'dkimid' => $domain['dkim_id'],
|
||||
'privkey' => $domain['dkim_privkey'],
|
||||
'pubkey' => $domain['dkim_pubkey'],
|
||||
'id' => $domain['id']
|
||||
);
|
||||
Database::pexecute($upd_stmt, $upd_data);
|
||||
}
|
||||
|
||||
if (! file_exists($privkey_filename) && $domain['dkim_privkey'] != '') {
|
||||
$privkey_file_handler = fopen($privkey_filename, "w");
|
||||
fwrite($privkey_file_handler, $domain['dkim_privkey']);
|
||||
fclose($privkey_file_handler);
|
||||
safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
|
||||
}
|
||||
|
||||
if (! file_exists($pubkey_filename) && $domain['dkim_pubkey'] != '') {
|
||||
$pubkey_file_handler = fopen($pubkey_filename, "w");
|
||||
fwrite($pubkey_file_handler, $domain['dkim_pubkey']);
|
||||
fclose($pubkey_file_handler);
|
||||
safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
|
||||
}
|
||||
|
||||
$dkimdomains .= $domain['domain'] . "\n";
|
||||
$dkimkeys .= "*@" . $domain['domain'] . ":" . $domain['domain'] . ":" . $privkey_filename . "\n";
|
||||
}
|
||||
|
||||
$dkimdomains_filename = makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/' . Settings::Get('dkim.dkim_domains'));
|
||||
$dkimdomains_file_handler = fopen($dkimdomains_filename, "w");
|
||||
fwrite($dkimdomains_file_handler, $dkimdomains);
|
||||
fclose($dkimdomains_file_handler);
|
||||
$dkimkeys_filename = makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/' . Settings::Get('dkim.dkim_dkimkeys'));
|
||||
$dkimkeys_file_handler = fopen($dkimkeys_filename, "w");
|
||||
fwrite($dkimkeys_file_handler, $dkimkeys);
|
||||
fclose($dkimkeys_file_handler);
|
||||
|
||||
safe_exec(escapeshellcmd(Settings::Get('dkim.dkimrestart_command')));
|
||||
$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'Dkim-milter reloaded');
|
||||
}
|
||||
}
|
||||
|
||||
private function _generateDomainConfig($domain = array())
|
||||
{
|
||||
$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, 'Generating dns config for ' . $domain['domain']);
|
||||
|
||||
@@ -187,7 +187,7 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
$nameserver = new $bindclass($cronlog);
|
||||
}
|
||||
|
||||
if (Settings::Get('dkim.use_dkim') == '1' && $bindclass == 'bind') {
|
||||
if (Settings::Get('dkim.use_dkim') == '1') {
|
||||
$nameserver->writeDKIMconfigs();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user