[PATCH] Host whitelist using postfix $mynetworks
Diego Woitasen
diegows at xtech.com.ar
Tue Apr 15 01:31:34 CEST 2008
I want to share this patch. It would be useful for somebody else.
The idea is to use the postfix-mynetworks value in LDAP
(k=kolab,dc=foo,dc=bar) as whitelist for kolabfilter.
Steps:
1- /kolab/bin/pear Net_IPv4
2- Apply the patch.
Then, when you add a host or net in Services->Privileged host via Web
admin it gets whitelisted.
--- /tmp/xx/Kolab_Filter-2.2rc120080204/Filter/Content.php 2008-02-04
14:51:45.000000000 +0000
+++ lib/php/Kolab/Filter/Content.php 2008-04-14 22:54:38.976551441 +0000
@@ -34,6 +34,7 @@
/* Load the basic filter definition */
require_once 'Kolab/Filter/Filter.php';
+require_once('Net/IPv4.php');
define('RM_STATE_READING_HEADER', 1 );
define('RM_STATE_READING_FROM', 2 );
@@ -390,6 +391,39 @@
return sprintf($fmt, $sender);
}
+
+
+function permited_host($host){
+
+ global $conf;
+
+ $ldapconn = ldap_connect($conf['filter']['ldap_uri']);
+ if(!$ldapconn)
+ return false;
+
+ if(!ldap_bind($ldapconn, $conf['filter']['bind_dn'],
+ $conf['filter']['bind_pw']))
+ return false;
+
+ $attrs[0] = "postfix-mynetworks";
+ $result = ldap_search($ldapconn, $conf['filter']['base_dn'],
+ "k=kolab", $attrs);
+ if(!$result)
+ return false;
+
+ $info = ldap_get_entries($ldapconn, $result);
+ if($info['count'] != 1 || !array_key_exists($attrs[0], $info[0]))
+ return false;
+ $addrs = $info[0]['postfix-mynetworks'];
+ foreach($addrs as $addr){
+ if($host == $addr or Net_IPv4::ipInNetwork($host, $addr))
+ return true;
+ }
+
+ return false;
+
+}
+
/** Check that the From header is not trying
to impersonate a valid user that is not
$sasluser. Returns one of:
@@ -438,6 +472,12 @@
$kolabhosts = 'localhost';
}
+ /*
+ * Allow Postfix $mynetworks
+ */
+ if(permited_host($client_addr))
+ return true;
+
/* Allow anything from localhost and
* fellow Kolab-hosts
*/
--
Diego Woitasen
XTECH - Soluciones Linux para empresas
(54) 011 5219-0678
More information about the users
mailing list