From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/plugins-available/postfix_server_plugin.inc.php |   51 ++++++++++++++++++++++++++++++++++++++++-----------
 1 files changed, 40 insertions(+), 11 deletions(-)

diff --git a/server/plugins-available/postfix_server_plugin.inc.php b/server/plugins-available/postfix_server_plugin.inc.php
index 474d10d..87ae500 100644
--- a/server/plugins-available/postfix_server_plugin.inc.php
+++ b/server/plugins-available/postfix_server_plugin.inc.php
@@ -85,27 +85,29 @@
 
 		copy('/etc/postfix/main.cf', '/etc/postfix/main.cf~');
 		
-		if($mail_config['relayhost'] != '') {
-			exec("postconf -e 'relayhost = ".$mail_config['relayhost']."'");
-			if($mail_config['relayhost_user'] != '' && $mail_config['relayhost_password'] != '') {
+		if ($mail_config['relayhost'].$mail_config['relayhost_user'].$mail_config['relayhost_password'] != $old_ini_data['mail']['relayhost'].$old_ini_data['mail']['relayhost_user'].$old_ini_data['mail']['relayhost_password']) {
+			$content = file_exists('/etc/postfix/sasl_passwd') ? file_get_contents('/etc/postfix/sasl_passwd') : '';
+			$content = preg_replace('/^'.preg_quote($old_ini_data['email']['relayhost']).'\s+[^\n]*(:?\n|)/m','',$content);
+
+			if (!empty($mail_config['relayhost']) || !empty($mail_config['relayhost_user']) || !empty($mail_config['relayhost_password'])) {
+				$content .= "\n".$mail_config['relayhost'].'   '.$mail_config['relayhost_user'].':'.$mail_config['relayhost_password'];
+			}
+			
+			if (preg_replace('/^(#[^\n]*|\s+)(:?\n+|)/m','',$content) != '') {
 				exec("postconf -e 'smtp_sasl_auth_enable = yes'");
 			} else {
 				exec("postconf -e 'smtp_sasl_auth_enable = no'");
 			}
-			exec("postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'");
-			exec("postconf -e 'smtp_sasl_security_options ='");
-
-			// Store the sasl passwd
-			$content = $mail_config['relayhost'].'   '.$mail_config['relayhost_user'].':'.$mail_config['relayhost_password'];
+			
+			exec("postconf -e 'relayhost = ".$mail_config['relayhost']."'");
 			file_put_contents('/etc/postfix/sasl_passwd', $content);
 			chmod('/etc/postfix/sasl_passwd', 0600);
 			chown('/etc/postfix/sasl_passwd', 'root');
 			chgrp('/etc/postfix/sasl_passwd', 'root');
+			exec("postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'");
+			exec("postconf -e 'smtp_sasl_security_options ='");
 			exec('postmap /etc/postfix/sasl_passwd');
 			exec($conf['init_scripts'] . '/' . 'postfix restart');
-
-		} else {
-			exec("postconf -e 'relayhost ='");
 		}
 
 		if($mail_config['realtime_blackhole_list'] != $old_ini_data['mail']['realtime_blackhole_list']) {
@@ -115,6 +117,7 @@
 				$rbl_hosts = explode(",", $rbl_hosts);
 			}
 			$options = explode(", ", exec("postconf -h smtpd_recipient_restrictions"));
+			$new_options = array();
 			foreach ($options as $key => $value) {
 				if (!preg_match('/reject_rbl_client/', $value)) {
 					$new_options[] = $value;
@@ -136,18 +139,44 @@
 				}
 			}
 			exec("postconf -e 'smtpd_recipient_restrictions = ".implode(", ", $new_options)."'");
+			exec('postfix reload');
 		}
+		
+		if($mail_config['reject_sender_login_mismatch'] != $old_ini_data['mail']['reject_sender_login_mismatch']) {
+			$options = explode(", ", exec("postconf -h smtpd_sender_restrictions"));
+			$new_options = array();
+			foreach ($options as $key => $value) {
+				if (!preg_match('/reject_authenticated_sender_login_mismatch/', $value)) {
+					$new_options[] = $value;
+				}
+			}
+				
+			if ($mail_config['reject_sender_login_mismatch'] == 'y') {
+				reset($new_options); $i = 0;
+				// insert after check_sender_access but before permit_...
+				while (isset($new_options[$i]) && substr($new_options[$i], 0, 19) == 'check_sender_access') ++$i;
+				array_splice($new_options, $i, 0, array('reject_authenticated_sender_login_mismatch'));
+			}
+			exec("postconf -e 'smtpd_sender_restrictions = ".implode(", ", $new_options)."'");
+			exec('postfix reload');
+		}		
 		
 		if ($mail_config["mailbox_virtual_uidgid_maps"] == 'y') {
 			// If dovecot switch to lmtp
 			if($app->system->is_installed('dovecot')) {
 				exec("postconf -e 'virtual_transport = lmtp:unix:private/dovecot-lmtp'");
+				exec('postfix reload');
+				$app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3", "protocols = imap pop3 lmtp");
+				exec($conf['init_scripts'] . '/' . 'dovecot restart');
 			}
 		}
 		else {
 			// If dovecot switch to dovecot
 			if($app->system->is_installed('dovecot')) {
 				exec("postconf -e 'virtual_transport = dovecot'");
+				exec('postfix reload');
+				$app->system->replaceLine("/etc/dovecot/dovecot.conf", "protocols = imap pop3 lmtp", "protocols = imap pop3");
+				exec($conf['init_scripts'] . '/' . 'dovecot restart');
 			}
 		}
 

--
Gitblit v1.9.1