Compare commits
4 Commits
greylistin
...
upgrade-2.
| Author | SHA1 | Date | |
|---|---|---|---|
| d7a3568506 | |||
| 10c13bc5b1 | |||
| dcb3f6f568 | |||
| 7566def0d1 |
@@ -132,18 +132,16 @@ abstract class DnsBase
|
|||||||
");
|
");
|
||||||
|
|
||||||
while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
|
while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$privkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . Settings::Get('dkim.privkeysuffix'));
|
$privkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/mx.' . $domain['domain'] . '.' . Settings::Get('dkim.privkeysuffix'));
|
||||||
$pubkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.public');
|
$pubkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/mx.' . $domain['domain'] . '.public');
|
||||||
|
|
||||||
if ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {
|
if ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {
|
||||||
$max_dkim_id_stmt = Database::query("SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `" . TABLE_PANEL_DOMAINS . "`");
|
$max_dkim_id_stmt = Database::query("SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `" . TABLE_PANEL_DOMAINS . "`");
|
||||||
$max_dkim_id = $max_dkim_id_stmt->fetch(PDO::FETCH_ASSOC);
|
$max_dkim_id = $max_dkim_id_stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
$domain['dkim_id'] = (int)$max_dkim_id['max_dkim_id'] + 1;
|
$domain['dkim_id'] = (int)$max_dkim_id['max_dkim_id'] + 1;
|
||||||
$privkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . Settings::Get('dkim.privkeysuffix'));
|
|
||||||
FileDir::safe_exec('openssl genrsa -out ' . escapeshellarg($privkey_filename) . ' ' . Settings::Get('dkim.dkim_keylength'));
|
FileDir::safe_exec('openssl genrsa -out ' . escapeshellarg($privkey_filename) . ' ' . Settings::Get('dkim.dkim_keylength'));
|
||||||
$domain['dkim_privkey'] = file_get_contents($privkey_filename);
|
$domain['dkim_privkey'] = file_get_contents($privkey_filename);
|
||||||
FileDir::safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
|
FileDir::safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
|
||||||
$pubkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.public');
|
|
||||||
FileDir::safe_exec('openssl rsa -in ' . escapeshellarg($privkey_filename) . ' -pubout -outform pem -out ' . escapeshellarg($pubkey_filename));
|
FileDir::safe_exec('openssl rsa -in ' . escapeshellarg($privkey_filename) . ' -pubout -outform pem -out ' . escapeshellarg($pubkey_filename));
|
||||||
$domain['dkim_pubkey'] = file_get_contents($pubkey_filename);
|
$domain['dkim_pubkey'] = file_get_contents($pubkey_filename);
|
||||||
FileDir::safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
|
FileDir::safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
|
||||||
@@ -217,7 +215,7 @@ abstract class DnsBase
|
|||||||
`" . TABLE_PANEL_DOMAINS . "` `d`
|
`" . TABLE_PANEL_DOMAINS . "` `d`
|
||||||
LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
|
LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
|
||||||
WHERE
|
WHERE
|
||||||
`d`.`isbinddomain` = '1'
|
`d`.`isbinddomain` = '1' aND `d`.`deactivated` = '0'
|
||||||
ORDER BY
|
ORDER BY
|
||||||
`d`.`domain` ASC
|
`d`.`domain` ASC
|
||||||
");
|
");
|
||||||
|
|||||||
@@ -22,7 +22,6 @@
|
|||||||
* @author Froxlor team <team@froxlor.org>
|
* @author Froxlor team <team@froxlor.org>
|
||||||
* @license https://files.froxlor.org/misc/COPYING.txt GPLv2
|
* @license https://files.froxlor.org/misc/COPYING.txt GPLv2
|
||||||
*/
|
*/
|
||||||
|
|
||||||
namespace Froxlor\Dns;
|
namespace Froxlor\Dns;
|
||||||
|
|
||||||
use Froxlor\Database\Database;
|
use Froxlor\Database\Database;
|
||||||
@@ -183,7 +182,10 @@ class Dns
|
|||||||
}
|
}
|
||||||
if (Settings::Get('dkim.use_dkim') == '1') {
|
if (Settings::Get('dkim.use_dkim') == '1') {
|
||||||
// check for DKIM content later
|
// check for DKIM content later
|
||||||
self::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey.' . $sub_record, 'TXT', $required_entries);
|
//self::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey.' . $sub_record, 'TXT', $required_entries);
|
||||||
|
self::addRequiredEntry('mx._domainkey.' . $sub_record, 'TXT', $required_entries);
|
||||||
|
//Also add dmarc
|
||||||
|
self::addRequiredEntry('_dmarc' . $sub_record, 'TXT', $required_entries);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -220,7 +222,10 @@ class Dns
|
|||||||
}
|
}
|
||||||
if (Settings::Get('dkim.use_dkim') == '1') {
|
if (Settings::Get('dkim.use_dkim') == '1') {
|
||||||
// check for DKIM content later
|
// check for DKIM content later
|
||||||
self::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey', 'TXT', $required_entries);
|
//self::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey', 'TXT', $required_entries);
|
||||||
|
self::addRequiredEntry('mx._domainkey', 'TXT', $required_entries);
|
||||||
|
//Also add dmarc
|
||||||
|
self::addRequiredEntry('_dmarc', 'TXT', $required_entries);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -378,10 +383,13 @@ class Dns
|
|||||||
if (array_key_exists("TXT", $required_entries)) {
|
if (array_key_exists("TXT", $required_entries)) {
|
||||||
if (Settings::Get('dkim.use_dkim') == '1') {
|
if (Settings::Get('dkim.use_dkim') == '1') {
|
||||||
$dkim_entries = self::generateDkimEntries($domain);
|
$dkim_entries = self::generateDkimEntries($domain);
|
||||||
|
$dmarc_entries = self::generateDmarcEntries($domain);
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($required_entries as $type => $records) {
|
foreach ($required_entries as $type => $records) {
|
||||||
if ($type == 'TXT') {
|
if ($type == 'TXT') {
|
||||||
|
//$dkim_record = 'dkim' . $domain['dkim_id'] . '._domainkey';
|
||||||
|
$dkim_record = 'mx._domainkey';
|
||||||
foreach ($records as $record) {
|
foreach ($records as $record) {
|
||||||
if ($record == '@SPF@') {
|
if ($record == '@SPF@') {
|
||||||
// spf for main-domain
|
// spf for main-domain
|
||||||
@@ -392,9 +400,8 @@ class Dns
|
|||||||
$txt_content = Settings::Get('spf.spf_entry');
|
$txt_content = Settings::Get('spf.spf_entry');
|
||||||
$sub_record = substr($record, 6);
|
$sub_record = substr($record, 6);
|
||||||
$zonerecords[] = new DnsEntry($sub_record, 'TXT', self::encloseTXTContent($txt_content));
|
$zonerecords[] = new DnsEntry($sub_record, 'TXT', self::encloseTXTContent($txt_content));
|
||||||
} elseif (!empty($dkim_entries)) {
|
} elseif (!empty($dkim_entries) && $record == $dkim_record ) {
|
||||||
// DKIM entries
|
// DKIM entries
|
||||||
$dkim_record = 'dkim' . $domain['dkim_id'] . '._domainkey';
|
|
||||||
if ($record == $dkim_record) {
|
if ($record == $dkim_record) {
|
||||||
// dkim for main-domain
|
// dkim for main-domain
|
||||||
// check for multiline entry
|
// check for multiline entry
|
||||||
@@ -412,7 +419,10 @@ class Dns
|
|||||||
}
|
}
|
||||||
$zonerecords[] = new DnsEntry($record, 'TXT', self::encloseTXTContent($dkim_entries[0], $multiline));
|
$zonerecords[] = new DnsEntry($record, 'TXT', self::encloseTXTContent($dkim_entries[0], $multiline));
|
||||||
}
|
}
|
||||||
|
} elseif ($record == '_dmarc' && !empty($dmarc_entries) && $domain['isemaildomain'] == '1') {
|
||||||
|
$zonerecords[] = new DnsEntry($record, 'TXT', self::encloseTXTContent($dmarc_entries[0]));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -523,7 +533,7 @@ class Dns
|
|||||||
* @param array $domain
|
* @param array $domain
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
private static function generateDkimEntries(array $domain): array
|
/** private static function generateDkimEntries(array $domain): array
|
||||||
{
|
{
|
||||||
$zone_dkim = [];
|
$zone_dkim = [];
|
||||||
|
|
||||||
@@ -569,43 +579,61 @@ class Dns
|
|||||||
}
|
}
|
||||||
|
|
||||||
return $zone_dkim;
|
return $zone_dkim;
|
||||||
}
|
} */
|
||||||
|
private static function generateDkimEntries(array $domain): array
|
||||||
|
{
|
||||||
|
$zone_dkim = [];
|
||||||
|
if (Settings::Get('dkim.use_dkim') == '1' && $domain['dkim'] == '1' && $domain['dkim_pubkey'] != '') {
|
||||||
|
// start
|
||||||
|
$dkim_txt = 'v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosq0CmLqEzJJxIHkQwG1Xwk6CSyHHWSDXL9BHCKzY9lJXH7a23PogVlLvUBYaAgBtFOpsKuUCBl+/g6rOqgVXKg0OpYdpgTxZyz1i4NcubGFLifQGnF8ZKpIEDqIzmLI6SbH+9DKwYA319sXAR6feZI4g5bWqF07t/kzA5LN+2V5QnDQ3th++GPRl5rmWF6uoidIRD85UZVEX4s3J1hce0k6tRb2aEozCJaSXHUwyarmbbX/5rky467QQ+45Uy0q9CNaMMu1IX5eybhLRxYXK1k0TfIRJv4FH1UFLlq2QoGC7d+KvLrUabhzQ5wbdZkWuVgLFZ7CL2NegfzO6YeEcQIDAQAB';
|
||||||
|
$zone_dkim[] = $dkim_txt;
|
||||||
|
}
|
||||||
|
return $zone_dkim;
|
||||||
|
}
|
||||||
|
private static function generateDmarcEntries(array $domain): array
|
||||||
|
{
|
||||||
|
$zone_dmarc = [];
|
||||||
|
if (Settings::Get('dkim.use_dkim') == '1' && $domain['dkim'] == '1' ){
|
||||||
|
$dmarc_txt = 'v=DMARC1; p=reject; ruf=mailto:dmarc@'. $domain['domain'] . '; rua=mailto:dmarc@'. $domain['domain'] . '; fo=1; adkim=r; aspf=r; pct=100; rf=afrf; ri=345600;';
|
||||||
|
$zone_dmarc[] = $dmarc_txt;
|
||||||
|
}
|
||||||
|
return $zone_dmarc;
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* @param string $txt_content
|
* @param string $txt_content
|
||||||
* @param bool $isMultiLine
|
* @param bool $isMultiLine
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
public static function encloseTXTContent(string $txt_content, bool $isMultiLine = false): string
|
public static function encloseTXTContent(string $txt_content, bool $isMultiLine = false): string
|
||||||
{
|
{
|
||||||
// check that TXT content is enclosed in " "
|
// check that TXT content is enclosed in " "
|
||||||
if (!$isMultiLine && Settings::Get('system.dns_server') != 'PowerDNS') {
|
if (! $isMultiLine && Settings::Get('system.dns_server') != 'PowerDNS') {
|
||||||
if (substr($txt_content, 0, 1) != '"') {
|
if (substr($txt_content, 0, 1) != '"') {
|
||||||
$txt_content = '"' . $txt_content;
|
$txt_content = '"' . $txt_content;
|
||||||
}
|
}
|
||||||
if (substr($txt_content, -1) != '"') {
|
if (substr($txt_content, - 1) != '"') {
|
||||||
$txt_content .= '"';
|
$txt_content .= '"';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (Settings::Get('system.dns_server') == 'PowerDNS') {
|
if (Settings::Get('system.dns_server') == 'PowerDNS') {
|
||||||
// no quotation for PowerDNS
|
// no quotation for PowerDNS
|
||||||
if (substr($txt_content, 0, 1) == '"') {
|
if (substr($txt_content, 0, 1) == '"') {
|
||||||
$txt_content = substr($txt_content, 1);
|
$txt_content = substr($txt_content, 1);
|
||||||
}
|
}
|
||||||
if (substr($txt_content, -1) == '"') {
|
if (substr($txt_content, - 1) == '"') {
|
||||||
$txt_content = substr($txt_content, 0, -1);
|
$txt_content = substr($txt_content, 0, - 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $txt_content;
|
return $txt_content;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $email
|
* @param string $email
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
private static function escapeSoaAdminMail(string $email): string
|
private static function escapeSoaAdminMail(string $email): string
|
||||||
{
|
{
|
||||||
$mail_parts = explode("@", $email);
|
$mail_parts = explode("@", $email);
|
||||||
return str_replace(".", "\.", $mail_parts[0]) . "." . $mail_parts[1] . ".";
|
return str_replace(".", "\.", $mail_parts[0]) . "." . $mail_parts[1] . ".";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user