add mail conf task

.github/workflows/build-mariadb.yml

@@ -1,5 +1,5 @@
 name: Froxlor-CI-MariaDB
-on: [ 'push', 'pull_request', 'create' ]
+on: [ 'push', 'pull_request', 'create', 'workflow_dispatch' ]
 
 jobs:
   froxlor:
@@ -118,12 +118,9 @@ jobs:
           mv froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip dist/
           mv froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip.sha256 dist/
 
-      - name: Deploy nightly to server
-        uses: easingthemes/ssh-deploy@main
-        env:
-          ARGS: "-rltDzvO --chown=${{ secrets.WEB_USER }}:${{ secrets.WEB_USER }}"
-          SOURCE: "dist/"
-          SSH_PRIVATE_KEY: ${{ secrets.SERVER_SSH_KEY }}
-          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
-          REMOTE_USER: ${{ secrets.REMOTE_USER }}
-          TARGET: "${{ secrets.REMOTE_TARGET }}"
+      - name: 'Upload Artifact'
+        uses: actions/upload-artifact@v4
+        with:
+          name: froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip
+          path: dist/froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip
+          retention-days: 5

actions/admin/settings/150.mail.php

@@ -115,6 +115,14 @@
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
 				],
+				'system_mail_sni_enabled' => [
+					'label' => lng('serversettings.mail_sni_enabled'),
+					'settinggroup' => 'system',
+					'varname' => 'mail_sni_enabled',
+					'type' => 'checkbox',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+				],
 				'system_mdaserver' => [
 					'label' => lng('serversettings.mdaserver'),
 					'settinggroup' => 'system',
@@ -139,6 +147,25 @@
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
 				],
+                'system_mda_conf_dir' => [
+                    'label' => lng('serversettings.mda_conf_dir'),
+                    'settinggroup' => 'system',
+                    'varname' => 'mda_conf_dir',
+                    'type' => 'text',
+                    'string_type' => 'confdir',
+                    'default' => '/etc/dovecot/conf.d/',
+                    'save_method' => 'storeSettingField'
+                ],
+                'system_mda_reload_command' => [
+                    'label' => lng('serversettings.mda_reload_command'),
+                    'settinggroup' => 'system',
+                    'varname' => 'mda_reload_command',
+                    'type' => 'text',
+                    'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
+                    'default' => 'service dovecot restart',
+                    'save_method' => 'storeSettingField',
+                    'required_otp' => true
+                ],
 				'system_mtaserver' => [
 					'label' => lng('serversettings.mtaserver'),
 					'settinggroup' => 'system',
@@ -162,7 +189,26 @@
 					'string_emptyallowed' => true,
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
-				]
+				],
+                'system_mta_conf_dir' => [
+                    'label' => lng('serversettings.mta_conf_dir'),
+                    'settinggroup' => 'system',
+                    'varname' => 'mta_conf_dir',
+                    'type' => 'text',
+                    'string_type' => 'confdir',
+                    'default' => '/etc/postfix/',
+                    'save_method' => 'storeSettingField'
+                ],
+                'system_mta_reload_command' => [
+                    'label' => lng('serversettings.mta_reload_command'),
+                    'settinggroup' => 'system',
+                    'varname' => 'mta_reload_command',
+                    'type' => 'text',
+                    'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
+                    'default' => 'service postfix restart',
+                    'save_method' => 'storeSettingField',
+                    'required_otp' => true
+                ],
 			]
 		]
 	]

install/froxlor.sql.php

@@ -613,7 +613,12 @@
 	('system', 'mdalog', '/var/log/mail.log'),
 	('system', 'mtalog', '/var/log/mail.log'),
 	('system', 'mdaserver', 'dovecot'),
+	('system', 'mda_conf_dir', '/etc/dovecot/conf.d/'),
+	('system', 'mda_reload_command', 'service dovecot restart'),
 	('system', 'mtaserver', 'postfix'),
+	('system', 'mta_conf_dir', '/etc/postfix/'),
+	('system', 'mta_reload_command', 'service postfix restart'),
+	('system', 'mail_sni_enabled', '0'),
 	('system', 'mailtraffic_enabled', '1'),
 	('system', 'cronconfig', '/etc/cron.d/froxlor'),
 	('system', 'crondreload', 'service cron reload'),
@@ -731,7 +736,7 @@
 	('panel', 'settings_mode', '0'),
 	('panel', 'menu_collapsed', '1'),
 	('panel', 'version', '2.2.0-dev1'),
-	('panel', 'db_version', '202401090');
+	('panel', 'db_version', '202402190');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/updates/froxlor/update_2.2.inc.php

@@ -105,3 +105,16 @@
 
 	Froxlor::updateToDbVersion('202401090');
 }
+
+if (Froxlor::isDatabaseVersion('202401090')) {
+
+	Update::showUpdateStep("Adding new settings");
+	Settings::AddNew("system.mda_reload_command", "service dovecot reload");
+	Settings::AddNew("system.mda_conf_dir", "/etc/dovecot/conf.d/");
+	Settings::AddNew("system.mta_reload_command", "service postfix reload");
+	Settings::AddNew("system.mta_conf_dir", "/etc/postfix/");
+	Settings::AddNew("system.mail_sni_enabled", "0");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202402190');
+}

lib/Froxlor/Cli/MasterCron.php

@@ -96,7 +96,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 		if ($input->getOption('run-task')) {
 			$tasks_to_run = $input->getOption('run-task');
 			foreach ($tasks_to_run as $ttr) {
-				if (in_array($ttr, [TaskId::REBUILD_VHOST, TaskId::REBUILD_DNS, TaskId::REBUILD_RSPAMD, TaskId::CREATE_QUOTA, TaskId::REBUILD_CRON])) {
+				if (in_array($ttr, [TaskId::REBUILD_VHOST, TaskId::REBUILD_DNS, TaskId::REBUILD_RSPAMD, TaskId::CREATE_QUOTA, TaskId::REBUILD_CRON, TaskId::REBUILD_MAIL_CONF])) {
 					Cronjob::inserttask($ttr);
 					$jobs[] = 'tasks';
 				} else {

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -85,6 +85,7 @@ public static function run(bool $internal = false)
 			if ($issue_froxlor || !empty($issue_domains) || !empty($renew_froxlor) || $renew_domains) {
 				// insert task to generate certificates and vhost-configs
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
+				Cronjob::inserttask(TaskId::REBUILD_MAIL_CONF);
 			}
 			return 0;
 		}
@@ -205,6 +206,7 @@ public static function run(bool $internal = false)
 		if ($changedetected) {
 			if (self::$no_inserttask == false) {
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
+				Cronjob::inserttask(TaskId::REBUILD_MAIL_CONF);
 			}
 			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
 		} else {
@@ -634,7 +636,7 @@ private static function runAcmeSh(array $certrow, array $domains, &$cronlog = nu
 					}
 					if (Settings::IsInList('system.le_renew_services', 'dovecot')) {
 						// custom config for dovecot
-						$dovecot_conf = '/etc/dovecot/conf.d/99-froxlor.ssl.conf'; // @fixme setting?
+						$dovecot_conf = FileDir::makeCorrectFile(Settings::Get('system.mda_conf_dir') . '99-froxlor.ssl.conf');
 						$ssl_content = <<<EOSSL
 # Autogenerated configuration by froxlor.
 # Do not manually edit this file as it will be overwritten.

lib/Froxlor/Cron/Mail/Dovecot.php

@@ -0,0 +1,111 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <[email protected]>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+namespace Froxlor\Cron\Mail;
+
+use Froxlor\Cron\Http\DomainSSL;
+use Froxlor\Cron\Http\WebserverBase;
+use Froxlor\Database\Database;
+use Froxlor\FileDir;
+use Froxlor\FroxlorLogger;
+use Froxlor\Settings;
+use PDO;
+
+class Dovecot
+{
+	private $content = "";
+
+	public function createVirtualSSLHost()
+	{
+		$domains = WebserverBase::getVhostsToCreate();
+		foreach ($domains as $domain) {
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'dovecot::createVirtualHosts: creating vhost container for domain ' . $domain['id'] . ', customer ' . $domain['loginname']);
+			if ($domain['deactivated'] == '0' && $domain['customer_deactivated'] == '0' && $domain['isemaildomain'] == '1'
+				&& $domain['ssl_enabled'] == '1' && $domain['ssl'] == '1') {
+				$this->content .= $this->getSSLConf($domain);
+			}
+		}
+	}
+
+	private function getSSLConf($domain)
+	{
+		$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
+			WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;";
+
+		$result_stmt = Database::prepare($query);
+		Database::pexecute($result_stmt, [
+			'domainid' => $domain['id']
+		]);
+		$content = "";
+		while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
+			$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
+			$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
+			$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
+
+			// SSL STUFF
+			$dssl = new DomainSSL();
+			// this sets the ssl-related array-indices in the $domain array
+			// if the domain has customer-defined ssl-certificates
+			$dssl->setDomainSSLFilesArray($domain);
+
+			if($domain['ssl_cert_file'] != '') {
+				$content .= 'local_name ' . $domain['domain'] . " {\n";
+				$content .= '  ssl_cert = <' . FileDir::makeCorrectFile($domain['ssl_cert_file']) . "\n";
+
+				if ($domain['ssl_key_file'] != '') {
+					$content .= '  ssl_key = <' . FileDir::makeCorrectFile($domain['ssl_key_file']) . "\n";
+				}
+				$content .="}\n";
+
+			}
+		}
+
+		return $content;
+	}
+
+	public function writeConfigs()
+	{
+		if($this->content !== "") {
+			$vhosts_filename = FileDir::makeCorrectFile(Settings::Get('system.mda_conf_dir') . '99-froxlor-vhost.ssl.conf');
+			$vhosts_file = '# ' . basename($vhosts_filename) . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n" . "\n" . $this->content;
+			$vhosts_file_handler = fopen($vhosts_filename, 'w');
+			fwrite($vhosts_file_handler, $vhosts_file);
+			fclose($vhosts_file_handler);
+		}
+	}
+
+	public function reload()
+	{
+		if($this->content !== "") {
+			FileDir::safe_exec(escapeshellcmd(Settings::Get('system.mda_reload_command')));
+		}
+	}
+
+	public function init()
+	{
+
+	}
+}

lib/Froxlor/Cron/Mail/Postfix.php

@@ -0,0 +1,108 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <[email protected]>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+namespace Froxlor\Cron\Mail;
+
+use Froxlor\Cron\Http\DomainSSL;
+use Froxlor\Cron\Http\WebserverBase;
+use Froxlor\Database\Database;
+use Froxlor\FileDir;
+use Froxlor\FroxlorLogger;
+use Froxlor\Settings;
+use PDO;
+
+class Postfix
+{
+	private $content = "";
+
+	private $postFixMapFile = "99-froxlor.map";
+
+	public function createVirtualSSLHost()
+	{
+		$domains = WebserverBase::getVhostsToCreate();
+		foreach ($domains as $domain) {
+			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'dovecot::createVirtualHosts: creating vhost container for domain ' . $domain['id'] . ', customer ' . $domain['loginname']);
+			if ($domain['deactivated'] == '0' && $domain['customer_deactivated'] == '0' && $domain['isemaildomain'] == '1'
+				&& $domain['ssl_enabled'] == '1' && $domain['ssl'] == '1') {
+				$this->content .= $this->getSSLConf($domain);
+			}
+		}
+	}
+
+	private function getSSLConf($domain)
+	{
+		$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
+			WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports AND i.ssl = '1' ORDER BY i.ssl_cert_file ASC;";
+
+		$result_stmt = Database::prepare($query);
+		Database::pexecute($result_stmt, [
+			'domainid' => $domain['id']
+		]);
+		$content = "";
+		while ($ipandport = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$domain['ssl_cert_file'] = $ipandport['ssl_cert_file'];
+			$domain['ssl_key_file'] = $ipandport['ssl_key_file'];
+			$domain['ssl_ca_file'] = $ipandport['ssl_ca_file'];
+			$domain['ssl_cert_chainfile'] = $ipandport['ssl_cert_chainfile'];
+
+			// SSL STUFF
+			$dssl = new DomainSSL();
+			// this sets the ssl-related array-indices in the $domain array
+			// if the domain has customer-defined ssl-certificates
+			$dssl->setDomainSSLFilesArray($domain);
+
+			if($domain['ssl_cert_file'] != '' && $domain['ssl_key_file'] != '') {
+				$content .= $domain['domain'].'  ' . FileDir::makeCorrectFile($domain['ssl_key_file']) . " " . FileDir::makeCorrectFile($domain['ssl_cert_file']). "\n";
+			}
+		}
+
+		return $content;
+	}
+
+	public function writeConfigs()
+	{
+		if($this->content !== "") {
+			$vhosts_filename = FileDir::makeCorrectFile(Settings::Get('system.mta_conf_dir') . $this->postFixMapFile);
+			FileDir::safe_exec('postconf -e tls_server_sni_maps=hash:'.$vhosts_filename);
+			$vhosts_file = '# ' . basename($vhosts_filename) . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n" . "\n" . $this->content;
+			$vhosts_file_handler = fopen($vhosts_filename, 'w');
+			fwrite($vhosts_file_handler, $vhosts_file);
+			fclose($vhosts_file_handler);
+			FileDir::safe_exec('postmap -F hash:'.$vhosts_filename);
+		}
+	}
+
+	public function reload()
+	{
+		if($this->content !== "") {
+			FileDir::safe_exec(escapeshellcmd(Settings::Get('system.mta_reload_command')));
+		}
+	}
+
+	public function init()
+	{
+
+	}
+}