GitHub/iRedAdmin-Pro-SQL
1
0
Fork 0
mirror of https://github.com/marcus-alicia/iRedAdmin-Pro-SQL.git synced 2026-05-28 16:09:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Harold Finch
2023-04-10 07:20:22 +02:00
committed by GitHub
parent 65875d8fef
commit 82d4ef7fa9
100 changed files with 20541 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
controllers/amavisd/__init__.py Normal file
View File

200
controllers/amavisd/api_wblist.py Normal file
View File

@@ -0,0 +1,200 @@
import web
from controllers.utils import api_render
from libs import iredutils, form_utils
from libs.amavisd import wblist as lib_wblist
import settings
session = web.config.get('_session')
if settings.backend == 'ldap':
from libs.ldaplib.general import is_domain_admin
else:
from libs.sqllib.general import is_domain_admin
def verify_permission(account):
account = str(account).lower()
if account == 'global':
if not session.get('is_global_admin'):
return False, 'PERMISSION_DENIED'
wblist_account = '@.'
else:
if iredutils.is_domain(account):
domain = account
wblist_account = '@' + account
elif iredutils.is_email(account):
domain = account.split('@', 1)[-1]
wblist_account = account
else:
return False, 'INVALID_ACCOUNT'
if not is_domain_admin(domain=domain, admin=session.get('username'), conn=None):
return False, 'PERMISSION_DENIED'
return True, wblist_account
def get_inout_wb(inout, wb):
_is_in_wl = False
_is_in_bl = False
_is_out_wl = False
_is_out_bl = False
if inout == 'inbound':
if wb == 'whitelist':
_is_in_wl = True
else:
_is_in_bl = True
else:
if wb == 'whitelist':
_is_out_wl = True
else:
_is_out_bl = True
return {'is_in_wl': _is_in_wl,
'is_in_bl': _is_in_bl,
'is_out_wl': _is_out_wl,
'is_out_bl': _is_out_bl}
class APIWBList:
def GET(self, inout, wb, account):
"""Get existing wblist.
curl -X GET -i -b cookie.txt https://<server>/api/wblist/inbound/whitelist/global
curl -X GET -i -b cookie.txt https://<server>/api/wblist/inbound/blacklist/global
curl -X GET -i -b cookie.txt https://<server>/api/wblist/outbound/whitelist/global
curl -X GET -i -b cookie.txt https://<server>/api/wblist/outbound/blacklist/global
"""
_qr = verify_permission(account)
if not _qr[0]:
return api_render(_qr)
wblist_account = _qr[1]
inout_wb = get_inout_wb(inout=inout, wb=wb)
qr = lib_wblist.get_wblist(
account=wblist_account,
whitelist=inout_wb['is_in_wl'],
blacklist=inout_wb['is_in_bl'],
outbound_whitelist=inout_wb['is_out_wl'],
outbound_blacklist=inout_wb['is_out_bl'],
)
if not qr[0]:
return api_render(qr)
result = qr[1]
if inout_wb['is_in_wl']:
addresses = result['inbound_whitelists']
elif inout_wb['is_in_bl']:
addresses = result['inbound_blacklists']
elif inout_wb['is_out_wl']:
addresses = result['outbound_whitelists']
else:
# inout_wb['is_out_bl']
addresses = result['outbound_blacklists']
return api_render((True, addresses))
def POST(self, inout, wb, account):
"""Create new wblist.
curl -X POST ... \
-d "addresses=user@domain.com,user2@domain.com" \
https://<server>/api/wblist/inbound/whitelist/global
curl -X POST ... \
-d "addresses=user@domain.com,user2@domain.com" \
https://<server>/api/wblist/inbound/blacklist/global
curl -X POST ... \
-d "addresses=user@domain.com,user2@domain.com" \
https://<server>/api/wblist/outbound/whitelist/global
curl -X POST ... \
-d "addresses=user@domain.com,user2@domain.com" \
https://<server>/api/wblist/outbound/blacklist/global
"""
_qr = verify_permission(account)
if not _qr[0]:
return api_render(_qr)
wblist_account = _qr[1]
inout_wb = get_inout_wb(inout=inout, wb=wb)
form = web.input(_unicode=False)
_addresses = form_utils.get_multi_values_from_api(form=form, input_name='addresses')
_addresses = [i for i in _addresses if iredutils.is_valid_amavisd_address(i)]
d = {}
for (k, v) in list(inout_wb.items()):
_name = k.replace("is_", "")
if v is True:
d[_name] = _addresses
else:
d[_name] = None
qr = lib_wblist.add_wblist(
account=wblist_account,
wl_senders=d["in_wl"],
bl_senders=d["in_bl"],
wl_rcpts=d["out_wl"],
bl_rcpts=d["out_bl"],
flush_before_import=False,
)
return api_render(qr)
def PUT(self, inout, wb, account):
# Delete addresses
_qr = verify_permission(account)
if not _qr[0]:
return api_render(_qr)
wblist_account = _qr[1]
inout_wb = get_inout_wb(inout=inout, wb=wb)
form = web.input(_unicode=False)
_addresses = form_utils.get_multi_values_from_api(form=form, input_name='addresses')
_addresses = [i for i in _addresses if iredutils.is_valid_amavisd_address(i)]
d = {}
for (k, v) in list(inout_wb.items()):
_name = k.replace("is_", "")
if v is True:
d[_name] = _addresses
else:
d[_name] = None
qr = lib_wblist.delete_wblist(
account=wblist_account,
wl_senders=d["in_wl"],
bl_senders=d["in_bl"],
wl_rcpts=d["out_wl"],
bl_rcpts=d["out_bl"],
)
return api_render(qr)
def DELETE(self, inout, wb, account):
_qr = verify_permission(account)
if not _qr[0]:
return api_render(_qr)
wblist_account = _qr[1]
inout_wb = get_inout_wb(inout=inout, wb=wb)
qr = lib_wblist.delete_all_wblist(
account=wblist_account,
wl_senders=inout_wb['is_in_wl'],
bl_senders=inout_wb['is_in_bl'],
wl_rcpts=inout_wb['is_out_wl'],
bl_rcpts=inout_wb['is_out_bl'],
)
return api_render(qr)

591
controllers/amavisd/log.py Normal file
View File

@@ -0,0 +1,591 @@
# Author: Zhang Huangbin <zhb@iredmail.org>
import web
import settings
from controllers import decorators
from libs import iredutils
from libs.mailparser import parse_raw_message
from libs.amavisd import QUARANTINE_TYPES
from libs.amavisd import log as lib_log
from libs.amavisd import quarantine as lib_quarantine
from libs.amavisd import wblist as lib_wblist
session = web.config.get('_session')
DELETE_ACTION_MSGS = {
'release': 'RELEASED',
'release_whitelist_sender': 'RELEASED_WL_SENDER',
'release_whitelist_sender_domain': 'RELEASED_WL_SENDER_DOMAIN',
'release_whitelist_sender_subdomain': 'RELEASED_WL_SENDER_SUBDOMAIN',
'delete': 'DELETED',
'deleteAll': 'DELETED',
# log_type == 'received'
'delete_whitelist_sender': 'DELETED_WL_SENDER',
'delete_whitelist_sender_domain': 'DELETED_WL_SENDER_DOMAIN',
'delete_whitelist_sender_subdomain': 'DELETED_WL_SENDER_SUBDOMAIN',
'delete_blacklist_sender': 'DELETED_BL_SENDER',
'delete_blacklist_sender_domain': 'DELETED_BL_SENDER_DOMAIN',
'delete_blacklist_sender_subdomain': 'DELETED_BL_SENDER_SUBDOMAIN',
# log_type == 'sent'
'delete_whitelist_rcpt': 'DELETED_WL_RCPT',
'delete_whitelist_rcpt_domain': 'DELETED_WL_RCPT_DOMAIN',
'delete_whitelist_rcpt_subdomain': 'DELETED_WL_RCPT_SUBDOMAIN',
'delete_blacklist_rcpt': 'DELETED_BL_RCPT',
'delete_blacklist_rcpt_domain': 'DELETED_BL_RCPT_DOMAIN',
'delete_blacklist_rcpt_subdomain': 'DELETED_BL_RCPT_SUBDOMAIN',
}
class InOutMails:
@decorators.require_permission_in_session(perm='disable_viewing_mail_log', not_present=True)
@decorators.require_admin_login
def GET(self, log_type='sent', page=1):
log_type = str(log_type)
# Get current page.
page = int(page) or 1
qr = lib_log.get_in_out_mails(log_type=log_type, cur_page=page)
if qr[0]:
total = qr[1]['count']
records = qr[1]['records']
else:
raise web.seeother('/domains?msg=%s' % web.urlquote(qr[1]))
return web.render(
'amavisd/inout.html',
log_type=log_type,
cur_page=page,
account_type=None,
account=None,
total=total,
records=records,
removeLogsInDays=settings.AMAVISD_REMOVE_MAILLOG_IN_DAYS,
msg=web.input().get('msg'),
)
@decorators.csrf_protected
@decorators.require_permission_in_session(perm='disable_viewing_mail_log', not_present=True)
@decorators.require_admin_login
def POST(self, log_type='sent', page=1):
# Get current page.
page = int(page) or 1
redirect_url = '/activities/%s/page/%d' % (log_type, page)
form = web.input(record=[], _unicode=False)
action = form.get('action', 'delete')
if not action.startswith('delete'):
raise web.seeother(redirect_url + '?msg=INVALID_ACTION')
mailids = []
addresses = []
for r in form.get('record', []):
# record format: mail_id + \r\n + sender
tmp = r.split(r'\r\n')
if len(tmp) == 2:
(mid, addr) = tmp
mailids.append(mid)
if iredutils.is_email(addr):
if action.endswith('_sender') or action.endswith('_rcpt'):
addresses.append(addr)
elif action.endswith('_domain'):
addresses.append('@' + addr.split('@', 1)[-1])
elif action.endswith('_subdomain'):
addresses.append('@.' + addr.split('@', 1)[-1])
if (not mailids) and (action != 'deleteAll'):
raise web.seeother(redirect_url + '?msg=INVALID_MAILID')
if action == 'deleteAll':
qr_del = lib_log.delete_all_records(log_type=log_type, account=None)
else:
# delete records by mailids
qr_del = lib_log.delete_records_by_mail_id(log_type=log_type, mail_ids=mailids)
if not qr_del[0]:
raise web.seeother(redirect_url + '?msg=' + web.urlquote(qr_del[1]))
# Add server-wide white/blacklists.
# Note: if admin is a normal admin, we don't know which domain he
# manages, so cannot add per-domain white/blacklists here.
if session.get('is_global_admin') and addresses:
wblist_account = '@.'
# whitelist recipients
if action.startswith('delete_whitelist'):
qr_wblist = lib_wblist.add_wblist(account=wblist_account, wl_senders=addresses)
elif action.startswith('delete_blacklist'):
qr_wblist = lib_wblist.add_wblist(account=wblist_account, bl_senders=addresses)
else:
qr_wblist = (False, 'INVALID_ACTION')
if not qr_wblist[0]:
raise web.seeother(redirect_url + '?msg=' + web.urlquote(qr_wblist[1]))
raise web.seeother(redirect_url + '?msg=' + DELETE_ACTION_MSGS[action])
class InOutMailsPerAccount:
@decorators.require_permission_in_session(perm='disable_viewing_mail_log', not_present=True)
@decorators.require_login
def GET(self, log_type, account_type, account, page=1):
log_type = str(log_type)
account_type = str(account_type)
account = str(account)
page = int(page) or 1
# Verify account syntax
if account_type == 'domain':
if not iredutils.is_domain(account):
raise web.seeother('/activities/%s?msg=INVALID_DOMAIN_NAME' % log_type)
elif account_type == 'user':
if not iredutils.is_email(account):
raise web.seeother('/activities/%s?msg=INVALID_MAIL' % log_type)
qr = lib_log.get_in_out_mails(log_type=log_type,
cur_page=page,
account_type=account_type,
account=account)
if qr[0]:
total = qr[1]['count']
records = qr[1]['records']
else:
raise web.seeother('/activities/{}?msg={}'.format(log_type, web.urlquote(qr[1])))
return web.render(
'amavisd/inout.html',
log_type=log_type,
cur_page=page,
account_type=account_type,
account=account,
total=total,
records=records,
removeLogsInDays=settings.AMAVISD_REMOVE_MAILLOG_IN_DAYS,
msg=web.input().get('msg'),
)
@decorators.csrf_protected
@decorators.require_permission_in_session(perm='disable_viewing_mail_log', not_present=True)
@decorators.require_login
def POST(self, log_type, account_type, account, page=1):
log_type = str(log_type).lower()
account_type = str(account_type).lower()
account = str(account).lower()
page = int(page) or 1
redirect_url = '/activities/{}/{}/{}/page/{}'.format(log_type, account_type, account, page)
form = web.input(record=[], _unicode=False)
action = str(form.get('action', ''))
if not action.startswith('delete'):
raise web.seeother(redirect_url + '?msg=INVALID_ACTION')
mailids = []
addresses = []
for r in form.get('record', []):
# record format: mail_id + \r\n + sender
tmp = r.split(r'\r\n')
if len(tmp) == 2:
(mid, addr) = tmp
mailids.append(mid)
if iredutils.is_email(addr):
if action.endswith('_sender') or action.endswith('_rcpt'):
addresses.append(addr)
elif action.endswith('_domain'):
addresses.append('@' + addr.split('@', 1)[-1])
elif action.endswith('_subdomain'):
addresses.append('@.' + addr.split('@', 1)[-1])
if (not mailids) and (action != 'deleteAll'):
raise web.seeother(redirect_url + '?msg=INVALID_MAILID')
if action == 'deleteAll':
qr_del = lib_log.delete_all_records(log_type=log_type, account=account)
else:
# delete records by mailids
qr_del = lib_log.delete_records_by_mail_id(log_type=log_type, mail_ids=mailids)
if not qr_del[0]:
raise web.seeother(redirect_url + '?msg=' + web.urlquote(qr_del[1]))
# Add server-wide white/blacklists.
# Note: if admin is a normal admin, we don't know which domain he
# manages, so cannot add per-domain white/blacklists here.
if addresses and \
(action.startswith('delete_whitelist') or action.startswith('delete_blacklist')):
wblist_account = None
_do_wb = False
if session.get('is_global_admin'):
# Global wblist
wblist_account = account
_do_wb = True
elif session.get('account_is_mail_user'):
# per-account wblist
wblist_account = session['username']
_do_wb = True
if _do_wb:
# whitelist recipients
if action.startswith('delete_whitelist'):
qr_wblist = lib_wblist.add_wblist(account=wblist_account, wl_senders=addresses)
elif action.startswith('delete_blacklist'):
qr_wblist = lib_wblist.add_wblist(account=wblist_account, bl_senders=addresses)
else:
qr_wblist = (False, 'INVALID_ACTION')
if not qr_wblist[0]:
raise web.seeother(redirect_url + '?msg=' + web.urlquote(qr_wblist[1]))
raise web.seeother(redirect_url + '?msg=' + DELETE_ACTION_MSGS[action])
class QuarantinedMails:
@decorators.require_permission_in_session(perm='disable_managing_quarantined_mails', not_present=True)
@decorators.require_admin_login
def GET(self, quarantined_type=None, page=1):
form = web.input()
sort_by_score = 'sort_by_score' in form
# Get current page.
# None means on page 1, e.g. /activities/quarantined
if quarantined_type in QUARANTINE_TYPES or quarantined_type is None:
page = int(page) or 1
else:
page = int(quarantined_type) or 1
quarantined_type = None
qr = lib_quarantine.get_quarantined_mails(quarantined_type=quarantined_type,
page=page,
sort_by_score=sort_by_score)
if qr[0]:
(total, records) = qr[1]
else:
raise web.seeother('/domains?msg=%s' % web.urlquote(qr[1]))
return web.render(
'amavisd/quarantined.html',
account_type=None,
account=None,
quarantined_type=quarantined_type,
cur_page=page,
total=total,
records=records,
removeQuarantinedInDays=settings.AMAVISD_REMOVE_QUARANTINED_IN_DAYS,
sort_by_score=sort_by_score,
msg=form.get('msg'),
)
@decorators.csrf_protected
@decorators.require_permission_in_session(perm='disable_managing_quarantined_mails', not_present=True)
@decorators.require_admin_login
def POST(self, quarantined_type=None, page=1):
form = web.input(record=[], _unicode=False)
action = form.get('action', None)
if quarantined_type not in QUARANTINE_TYPES:
quarantined_type = None
redirect_url = '/activities/quarantined'
if quarantined_type:
redirect_url = redirect_url + '/' + quarantined_type
redirect_url += '/page/{}'.format(page)
if action == 'deleteAll':
if session.get('is_global_admin'):
lib_quarantine.delete_all_quarantined(quarantined_type=quarantined_type)
raise web.seeother(redirect_url + '?msg=%s' % DELETE_ACTION_MSGS[action])
# Get necessary information from web form.
records = []
mailids = []
senders = set()
for r in form.get('record', []):
# record format: mail_id + \r\n + secret_id + \r\n + sender
tmp = r.split(r'\r\n')
if len(tmp) == 3:
records += [{'mail_id': tmp[0], 'secret_id': tmp[1]}]
mailids.append(tmp[0])
if iredutils.is_email(tmp[2]):
senders.add(tmp[2])
if not mailids:
if not (action == 'deleteAll' and session.get('is_global_admin')):
raise web.seeother(redirect_url + '?msg=INVALID_MAILID')
if action != 'deleteAll' and not mailids:
raise web.seeother(redirect_url + '?msg=%s' % DELETE_ACTION_MSGS[action])
wb_senders = set()
if action in ['release_whitelist_sender', 'delete_blacklist_sender']:
wb_senders = senders
elif action in ['release_whitelist_sender_domain', 'delete_blacklist_sender_domain']:
for s in senders:
wb_senders.add('@' + s.split('@', 1)[-1])
elif action in ['release_whitelist_sender_subdomain', 'delete_blacklist_sender_subdomain']:
for s in senders:
wb_senders.add('@.' + s.split('@', 1)[-1])
wblist_account = '@.'
if session.get('is_global_admin'):
# Add as global wblist
wblist_account = '@.'
elif session.get('is_normal_admin'):
# Add as per-domain wblist
wblist_account = '@' + session['username'].split('@', 1)[-1]
if action.startswith('release'):
result = lib_quarantine.release_quarantined_mails(records=records)
if action in ['release_whitelist_sender',
'release_whitelist_sender_domain',
'release_whitelist_sender_subdomain']:
# whitelist senders or sender_domains
if wb_senders:
qr = lib_wblist.add_wblist(account=wblist_account, wl_senders=wb_senders)
if not qr[0]:
result = qr
elif action.startswith('delete'):
result = lib_log.delete_records_by_mail_id(log_type='quarantine', mail_ids=mailids)
if action in ['delete_blacklist_sender',
'delete_blacklist_sender_domain',
'delete_blacklist_sender_subdomain']:
if wb_senders:
qr = lib_wblist.add_wblist(account=wblist_account, bl_senders=wb_senders)
if not qr[0]:
result = qr
else:
result = (False, 'INVALID_ACTION')
if result[0]:
raise web.seeother(redirect_url + '?msg=%s' % DELETE_ACTION_MSGS[action])
else:
raise web.seeother(redirect_url + '?msg=%s' % web.urlquote(result[1]))
class QuarantinedMailsPerAccount:
@decorators.require_permission_in_session(perm='disable_managing_quarantined_mails', not_present=True)
@decorators.require_login
def GET(self, account_type, account, quarantined_type=None, page=1):
account_type = str(account_type)
account = str(account)
form = web.input()
sort_by_score = 'sort_by_score' in form
# Normal user login
if session['account_is_mail_user'] and account_type == 'user':
if session['username'] != account:
# Accessing other's quarantined mails
raise web.seeother('/activities/quarantined/user/%s?msg=PERMISSION_DENIED' % session['username'])
if 'quarantine' in session.get('disabled_user_preferences', []):
raise web.seeother('/preferences?msg=PERMISSION_DENIED')
if quarantined_type:
# Get current page.
if str(quarantined_type).isdigit():
# According to URL mapping, quarantined_type could be page number.
page = int(quarantined_type) or 1
else:
page = int(page) or 1
if quarantined_type not in QUARANTINE_TYPES:
quarantined_type = None
qr = lib_quarantine.get_quarantined_mails(account_type=account_type,
account=account,
quarantined_type=quarantined_type,
page=page,
sort_by_score=sort_by_score)
if qr[0]:
(total, records) = qr[1]
else:
if session['account_is_mail_user']:
raise web.seeother('/preferences?msg=%s' % web.urlquote(qr[1]))
else:
raise web.seeother('/domains?msg=%s' % web.urlquote(qr[1]))
template_file = 'amavisd/quarantined.html'
if session['account_is_mail_user']:
template_file = 'amavisd/quarantined_user.html'
return web.render(
template_file,
account_type=account_type,
account=account,
quarantined_type=quarantined_type,
cur_page=page,
total=total,
records=records,
removeQuarantinedInDays=settings.AMAVISD_REMOVE_QUARANTINED_IN_DAYS,
sort_by_score=sort_by_score,
msg=form.get('msg'),
)
@decorators.csrf_protected
@decorators.require_permission_in_session(perm='disable_managing_quarantined_mails', not_present=True)
@decorators.require_login
def POST(self, account_type, account, quarantined_type=None, page=1):
form = web.input(record=[], _unicode=False)
if quarantined_type:
# Get current page.
if str(quarantined_type).isdigit():
# According to URL mapping, quarantined_type could be page number.
page = int(quarantined_type) or 1
else:
page = int(page) or 1
if quarantined_type not in QUARANTINE_TYPES:
quarantined_type = None
redirect_url = '/activities/quarantined'
if account_type and account:
redirect_url = redirect_url + '/{}/{}'.format(account_type, account)
if quarantined_type:
redirect_url = redirect_url + '/' + quarantined_type
redirect_url += '/page/{}'.format(page)
action = form.get('action', None)
# Get necessary information from web form.
records = []
mailids = []
senders = set()
# Get `msgs.mail_id` and `msgs.secret_id`
for r in form.get('record', []):
# record format: mail_id + \r\n + secret_id + \r\n + sender
tmp = r.split(r'\r\n')
if len(tmp) == 3:
records += [{'mail_id': tmp[0], 'secret_id': tmp[1]}]
mailids.append(tmp[0])
if iredutils.is_email(tmp[2]):
senders.add(tmp[2])
if not mailids:
raise web.seeother(redirect_url + '?msg=INVALID_MAILID')
wb_senders = set()
if action in ['release_whitelist_sender', 'delete_blacklist_sender']:
wb_senders = senders
elif action in ['release_whitelist_sender_domain', 'delete_blacklist_sender_domain']:
for s in senders:
wb_senders.add('@' + s.split('@', 1)[-1])
elif action in ['release_whitelist_sender_subdomain', 'delete_blacklist_sender_subdomain']:
for s in senders:
wb_senders.add('@.' + s.split('@', 1)[-1])
wblist_account = account
if session.get('is_global_admin'):
# Add as global wblist
wblist_account = '@.'
elif session.get('is_normal_admin'):
# Add as per-domain wblist
wblist_account = '@' + account.split('@', 1)[-1]
if action.startswith('release'):
result = lib_quarantine.release_quarantined_mails(records=records)
if action in ['release_whitelist_sender',
'release_whitelist_sender_domain',
'release_whitelist_sender_subdomain']:
# whitelist senders or sender_domains
if wb_senders:
qr = lib_wblist.add_wblist(account=wblist_account, wl_senders=wb_senders)
if not qr[0]:
result = qr
elif action.startswith('delete'):
result = lib_log.delete_records_by_mail_id(log_type='quarantine', mail_ids=mailids)
if action in ['delete_blacklist_sender',
'delete_blacklist_sender_domain',
'delete_blacklist_sender_subdomain']:
# Don't add account domain in blacklist
try:
wb_senders.remove(account.split('@', 1)[-1])
except:
pass
if wb_senders:
qr = lib_wblist.add_wblist(account=wblist_account, bl_senders=wb_senders)
if not qr[0]:
result = qr
else:
result = (False, 'INVALID_ACTION')
if result[0]:
msg = DELETE_ACTION_MSGS[action]
else:
msg = web.urlquote(result[1])
raise web.seeother(redirect_url + '?msg=%s' % msg)
class GetRawMessageOfQuarantinedMail:
@decorators.require_login
def GET(self, mail_id):
qr = lib_quarantine.get_raw_message(mail_id=mail_id)
if not qr[0]:
raise web.seeother('/activities/quarantined?msg=%s' % web.urlquote(qr[1]))
# Parse mail and convert to HTML.
try:
(headers, bodies, attachments) = parse_raw_message(qr[1])
except Exception as e:
raise web.seeother('/activities/quarantined?msg=%s' % web.urlquote(repr(e)))
return web.render('amavisd/quarantined_raw.html',
mail_id=mail_id,
headers=headers,
bodies=bodies,
attachments=attachments)
class SearchLog:
@decorators.require_admin_login
def GET(self):
raise web.seeother('/activities/sent')
@decorators.csrf_protected
@decorators.require_admin_login
def POST(self):
form = web.input(_unicode=False)
account = form.get('account', '')
log_type = 'sent'
if 'received' in form:
log_type = 'received'
elif 'sent' in form:
log_type = 'sent'
elif 'quarantined' in form:
log_type = 'quarantined'
if iredutils.is_email(account):
account_type = 'user'
elif iredutils.is_domain(account):
account_type = 'domain'
else:
raise web.seeother('/activities/%s?msg=INVALID_ACCOUNT' % log_type)
raise web.seeother('/activities/{}/{}/{}'.format(log_type, account_type, account))

182
controllers/amavisd/spampolicy.py Normal file
View File

@@ -0,0 +1,182 @@
# Author: Zhang Huangbin <zhb@iredmail.org>
import web
import settings
from libs import iredutils
from controllers import decorators
from libs.amavisd import spampolicy as spampolicylib
# API
from controllers.utils import api_render
if settings.backend == 'ldap':
from libs.ldaplib.general import is_domain_admin
else:
from libs.sqllib.general import is_domain_admin
session = web.config.get('_session')
def _check_privilege(admin, account_type, account):
"""Check whether current admin has privilege to update account spam policy.
Return (True, {'account': xx, 'account_type': xx}) if has required privilege.
Return (False, <reason>) if no required privilege.
"""
if account_type == 'global':
account = '@.'
# Check privilege
if not session.get('is_global_admin'):
return False, 'PERMISSION_DENIED'
elif account_type == 'domain':
domain = account
account = '@' + domain
elif account_type == 'user':
domain = account.split('@', 1)[-1]
else:
return False, 'INVALID_ACCOUNT'
if account_type in ['domain', 'user']:
# Check whether it's managed by admin
if not is_domain_admin(domain=domain, admin=admin):
return False, 'PERMISSION_DENIED'
return True, {'account': account, 'account_type': account_type}
class SpamPolicy:
def _get_account_and_type(self):
# account, type:
# - @.: global
# - domain.com: domain
# - user@domain.com: user, user_preference
current_url = web.ctx.environ['PATH_INFO']
if current_url == '/system/spampolicy':
# Global policy
account = '@.'
account_type = 'global'
elif current_url.startswith('/profile/domain'):
# Per-domain policy
account = '@' + current_url.split('/')[-1]
account_type = 'domain'
elif current_url.startswith('/profile/user'):
# per-user policy, modifying by admin.
account = current_url.split('/')[-1]
account_type = 'user'
else:
# per-user preferences
# web.ctx.PATH_INFO == '/preferences/spampolicy'
account = session['username']
account_type = 'user_preference'
return {'account': account,
'account_type': account_type,
'url': current_url}
@decorators.require_preference_access('spampolicy')
@decorators.require_login
def GET(self, account=None):
d = self._get_account_and_type()
account = d['account']
account_type = d['account_type']
current_url = d['url']
if account_type == 'global':
# Check privilege
if not session.get('is_global_admin'):
raise web.seeother('/domains?msg=PERMISSION_DENIED')
elif account_type in ['domain', 'user']:
domain = account.split('@', 1)[-1]
# Check whether it's managed by admin
if not is_domain_admin(domain=domain, admin=session.get('username')):
raise web.seeother('/domains?msg=PERMISSION_DENIED')
(success, policy) = spampolicylib.get_spam_policy(account=account)
if not success:
if account_type == 'user_preference':
raise web.seeother('/preferences?msg=%s' % web.urlquote(policy))
else:
raise web.seeother('/domains?msg=%s' % web.urlquote(policy))
global_spam_score = spampolicylib.get_global_spam_score()
return web.render(
'amavisd/spampolicy.html',
account_type=account_type,
spampolicy=policy,
global_spam_score=global_spam_score,
custom_ban_rules=settings.AMAVISD_BAN_RULES,
current_url=current_url,
msg=web.input().get('msg'),
)
@decorators.require_preference_access('spampolicy')
@decorators.require_login
def POST(self, account=None):
if account:
if iredutils.is_domain(account):
policy_account = '@' + account
current_url = '/profile/domain/spampolicy/' + account
elif iredutils.is_email(account):
policy_account = str(account)
current_url = '/profile/user/spampolicy/' + policy_account
else:
d = self._get_account_and_type()
policy_account = d['account']
current_url = d['url']
form = web.input(banned_rulenames=[])
qr = spampolicylib.update_spam_policy(account=policy_account, form=form)
if qr[0]:
raise web.seeother(current_url + '?msg=UPDATED')
else:
raise web.seeother(current_url + '?msg=%s' % web.urlquote(qr[1]))
class APISpamPolicy:
@decorators.require_preference_access('spampolicy')
@decorators.require_login
def GET(self, account_type, account=None):
qr = _check_privilege(admin=session.get('username'),
account_type=account_type,
account=account)
if not qr[0]:
return api_render(qr)
account = qr[1]['account']
qr = spampolicylib.get_spam_policy(account=account)
return api_render(qr)
@decorators.require_preference_access('spampolicy')
@decorators.require_login
def PUT(self, account_type, account=None):
qr = _check_privilege(admin=session.get('username'),
account_type=account_type,
account=account)
if not qr[0]:
return api_render(qr)
form = web.input(_unicode=False)
account = qr[1]['account']
qr = spampolicylib.api_update_spam_policy(account=account, form=form)
return api_render(qr)
@decorators.require_preference_access('spampolicy')
@decorators.require_login
def DELETE(self, account_type, account=None):
qr = _check_privilege(admin=session.get('username'),
account_type=account_type,
account=account)
if not qr[0]:
return api_render(qr)
account = qr[1]['account']
qr = spampolicylib.delete_spam_policy(account=account)
return api_render(qr)

73
controllers/amavisd/urls.py Normal file
View File

@@ -0,0 +1,73 @@
# Author: Zhang Huangbin <zhb@iredmail.org>
import settings
from libs.regxes import email as e, domain as d
# fmt: off
urls = [
# Search activity logs.
'/activities/search', 'controllers.amavisd.log.SearchLog',
# View log of sent/received mails
'/activities/(received|sent)', 'controllers.amavisd.log.InOutMails',
r'/activities/(received|sent)/page/(\d+)', 'controllers.amavisd.log.InOutMails',
# Per-user activities
'/activities/(received|sent)/(user)/(%s)' % e, 'controllers.amavisd.log.InOutMailsPerAccount',
r'/activities/(received|sent)/(user)/(%s)/page/(\d+)' % e, 'controllers.amavisd.log.InOutMailsPerAccount',
# Per-domain activities
'/activities/(received|sent)/(domain)/(%s)' % d, 'controllers.amavisd.log.InOutMailsPerAccount',
r'/activities/(received|sent)/(domain)/(%s)/page/(\d+)' % d, 'controllers.amavisd.log.InOutMailsPerAccount',
# Quarantined mails
'/activities/quarantined', 'controllers.amavisd.log.QuarantinedMails',
r'/activities/quarantined/page/(\d+)', 'controllers.amavisd.log.QuarantinedMails',
'/activities/quarantined/(spam|virus|banned|badheader|badmime|clean)', 'controllers.amavisd.log.QuarantinedMails',
r'/activities/quarantined/(spam|virus|banned|badheader|badmime|clean)/page/(\d+)', 'controllers.amavisd.log.QuarantinedMails',
# Per-user quarantined mails
r'/activities/quarantined/(user)/(%s)' % e, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
r'/activities/quarantined/(user)/(%s)/page/(\d+)' % e, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
'/activities/quarantined/(user)/(%s)/(spam|virus|banned|badheader|badmime|clean)' % e, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
r'/activities/quarantined/(user)/(%s)/(spam|virus|banned|badheader|badmime|clean)/page/(\d+)' % e, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
# Per-domain quarantined mails
'/activities/quarantined/(domain)/(%s)' % d, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
r'/activities/quarantined/(domain)/(%s)/page/(\d+)' % d, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
'/activities/quarantined/(domain)/(%s)/(spam|virus|banned|badheader|badmime|clean)' % d, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
r'/activities/quarantined/(domain)/(%s)/(spam|virus|banned|badheader|badmime|clean)/page/(\d+)' % d, 'controllers.amavisd.log.QuarantinedMailsPerAccount',
# Get RAW message of quarantined mail by mail_id.
'/activities/quarantined/raw/(.*)', 'controllers.amavisd.log.GetRawMessageOfQuarantinedMail',
# Activity management
'/activities/sender/(%s)' % e, 'controllers.amavisd.log.ActivityManagement',
# Spam policies.
# Global spam policy (recipient = '@.')
'/system/spampolicy', 'controllers.amavisd.spampolicy.SpamPolicy',
# per-domain spam policy (recipient = '@domain.com')
'/system/spampolicy/(%s$)' % d, 'controllers.amavisd.spampolicy.SpamPolicy',
# per-user spam policy (recipient = '@domain.com')
'/system/spampolicy/(%s$)' % e, 'controllers.amavisd.spampolicy.SpamPolicy',
# global wblist
'/create/wblist', 'controllers.amavisd.wblist.Create',
'/system/wblist', 'controllers.amavisd.wblist.GlobalWBList',
# Per-user preferences: wblist, spam control
'/preferences/wblist', 'controllers.amavisd.wblist.UserWBList',
'/preferences/spampolicy', 'controllers.amavisd.spampolicy.SpamPolicy',
]
# API Interfaces
if settings.ENABLE_RESTFUL_API:
urls += [
# Global, per-domain, per-user spam policy
'/api/spampolicy/(global)', 'controllers.amavisd.spampolicy.APISpamPolicy',
'/api/spampolicy/(domain)/(%s$)' % d, 'controllers.amavisd.spampolicy.APISpamPolicy',
'/api/spampolicy/(user)/(%s$)' % e, 'controllers.amavisd.spampolicy.APISpamPolicy',
'/api/wblist/(inbound|outbound)/(whitelist|blacklist)/(global)', 'controllers.amavisd.api_wblist.APIWBList',
'/api/wblist/(inbound|outbound)/(whitelist|blacklist)/(%s$)' % d, 'controllers.amavisd.api_wblist.APIWBList',
'/api/wblist/(inbound|outbound)/(whitelist|blacklist)/(%s$)' % e, 'controllers.amavisd.api_wblist.APIWBList',
]
# fmt: on

104
controllers/amavisd/wblist.py Normal file
View File

@@ -0,0 +1,104 @@
# Author: Zhang Huangbin <zhb@iredmail.org>
import web
from controllers import decorators
from libs.amavisd import get_wblist_from_form, wblist as lib_wblist
session = web.config.get('_session')
def render_wblist(account, template):
whitelists = []
blacklists = []
outbound_whitelists = []
outbound_blacklists = []
qr = lib_wblist.get_wblist(account=account)
if qr[0]:
whitelists = qr[1]['inbound_whitelists']
blacklists = qr[1]['inbound_blacklists']
outbound_whitelists = qr[1]['outbound_whitelists']
outbound_blacklists = qr[1]['outbound_blacklists']
return web.render(template,
whitelists=whitelists,
blacklists=blacklists,
outbound_whitelists=outbound_whitelists,
outbound_blacklists=outbound_blacklists,
msg=web.input().get('msg'))
def update_wblist_from_form(form,
account,
post_url,
success_msg,
flush_before_import=False):
wl_senders = get_wblist_from_form(form, 'wl_sender')
bl_senders = get_wblist_from_form(form, 'bl_sender')
wl_rcpts = get_wblist_from_form(form, 'wl_rcpt')
bl_rcpts = get_wblist_from_form(form, 'bl_rcpt')
qr = lib_wblist.add_wblist(account=account,
wl_senders=wl_senders,
bl_senders=bl_senders,
wl_rcpts=wl_rcpts,
bl_rcpts=bl_rcpts,
flush_before_import=flush_before_import)
if qr[0]:
raise web.seeother(post_url + '?msg=' + success_msg)
else:
raise web.seeother(post_url + '?msg=%s' % web.urlquote(qr[1]))
# Add global white/blacklists
class Create:
@decorators.require_global_admin
def GET(self):
return web.render('amavisd/wblist/create.html',
msg=web.input().get('msg'))
@decorators.require_global_admin
def POST(self):
form = web.input()
return update_wblist_from_form(form=form,
account='@.',
post_url='/create/wblist',
success_msg='WBLIST_CREATED',
flush_before_import=False)
class GlobalWBList:
@decorators.require_global_admin
def GET(self):
return render_wblist(account='@.', template='amavisd/wblist/global.html')
@decorators.require_global_admin
def POST(self):
form = web.input()
return update_wblist_from_form(form=form,
account='@.',
post_url='/system/wblist',
success_msg='WBLIST_UPDATED',
flush_before_import=True)
class UserWBList:
@decorators.require_preference_access('wblist')
@decorators.require_login
def GET(self):
account = session['username']
return render_wblist(account=account,
template='amavisd/wblist/user.html')
@decorators.require_preference_access('wblist')
@decorators.require_login
def POST(self):
account = session['username']
form = web.input()
return update_wblist_from_form(form=form,
account=account,
post_url='/preferences/wblist',
success_msg='WBLIST_UPDATED',
flush_before_import=True)