From 924d90f4a8fbc5a471982cd1d76dd109eaa0ac04 Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 14:58:11 +0200 Subject: [PATCH 1/8] add autodiscover file --- src/Controller/PolicyFileController.php | 22 ++++++++++++++ templates/policy_file/autodiscover.xml.twig | 32 +++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 templates/policy_file/autodiscover.xml.twig diff --git a/src/Controller/PolicyFileController.php b/src/Controller/PolicyFileController.php index de545be..d90a058 100644 --- a/src/Controller/PolicyFileController.php +++ b/src/Controller/PolicyFileController.php @@ -47,4 +47,26 @@ public function policyfile(Request $request, EntityManagerInterface $em): Respon $response->headers->set('Content-Type', 'text/plain'); return $response; } + + #[Route('/autodiscover/autodiscover.xml', name: 'app_autodiscover_file')] + public function autodiscoverfile(Request $request, EntityManagerInterface $em): Response + { + $repository = $this->em->getRepository(Domains::class); + $domain = $repository->findOneBy(array('fqdn' => $request->getHost())); + + + preg_match("/\(.*?)\<\/EMailAddress\>/", file_get_contents("php://input"), $matches); + if(!array_key_exists('1', $matches)){ + $matches[1] = ""; + } + + $response = $this->render('policy_file/autodiscover.xml.twig', [ + 'loginname' => $matches[1], + 'mailsubdomain' => $domain->getFqdn(), // needs to be mail subdomain, maybe even split imap/smtp/pop subdomains in domain edit page + ]); + + $response->headers->set('Content-Type', 'application/xml'); + + return $response; + } } diff --git a/templates/policy_file/autodiscover.xml.twig b/templates/policy_file/autodiscover.xml.twig new file mode 100644 index 0000000..79f027e --- /dev/null +++ b/templates/policy_file/autodiscover.xml.twig @@ -0,0 +1,32 @@ + + + + + email + settings + + IMAP + {{ mailsubdomain }} + 993 + off + {{ loginname }} + off + on + on + + + SMTP + {{ mailsubdomain }} + 587 + off + {{ loginname }} + off + TLS + on + off + off + + + + +{# https://apache.tutorials24x7.com/blog/outlook-autodiscover-using-apache-virtual-host #} \ No newline at end of file From ed38d0fca90d9424d0d825beb8f577d04e4b9a64 Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 16:18:18 +0200 Subject: [PATCH 2/8] add mailhost --- migrations/Version20231014141450.php | 36 +++++++++++++++ src/Controller/PolicyFileController.php | 28 +++++++----- src/Entity/Domains.php | 15 +++++++ src/Form/DomainFormType.php | 3 ++ templates/domains/edit.html.twig | 60 +++++++++++-------------- templates/domains/index.html.twig | 2 + 6 files changed, 101 insertions(+), 43 deletions(-) create mode 100644 migrations/Version20231014141450.php diff --git a/migrations/Version20231014141450.php b/migrations/Version20231014141450.php new file mode 100644 index 0000000..08e97cd --- /dev/null +++ b/migrations/Version20231014141450.php @@ -0,0 +1,36 @@ +addSql('ALTER TABLE domains ADD mailhost VARCHAR(255) NOT NULL'); + } + + public function down(Schema $schema): void + { + // this down() migration is auto-generated, please modify it to your needs + $this->addSql('ALTER TABLE domains DROP mailhost'); + } +} diff --git a/src/Controller/PolicyFileController.php b/src/Controller/PolicyFileController.php index d90a058..293f59c 100644 --- a/src/Controller/PolicyFileController.php +++ b/src/Controller/PolicyFileController.php @@ -51,19 +51,27 @@ public function policyfile(Request $request, EntityManagerInterface $em): Respon #[Route('/autodiscover/autodiscover.xml', name: 'app_autodiscover_file')] public function autodiscoverfile(Request $request, EntityManagerInterface $em): Response { + $domain = str_replace("autodiscover.", "",$request->getHost()); $repository = $this->em->getRepository(Domains::class); - $domain = $repository->findOneBy(array('fqdn' => $request->getHost())); - - - preg_match("/\(.*?)\<\/EMailAddress\>/", file_get_contents("php://input"), $matches); - if(!array_key_exists('1', $matches)){ - $matches[1] = ""; + $domain = $repository->findOneBy(array('fqdn' => $domain)); + if($domain){ + preg_match("/\(.*?)\<\/EMailAddress\>/", file_get_contents("php://input"), $matches); + if(!array_key_exists('1', $matches)){ + $matches[1] = ""; + } + + $response = $this->render('policy_file/autodiscover.xml.twig', [ + 'loginname' => $matches[1], + 'mailsubdomain' => $domain->getMailhost(), + ]); + } + else { + $response = $this->render('policy_file/autodiscover.xml.twig', [ + 'loginname' => "", + 'mailsubdomain' => "" + ]); } - $response = $this->render('policy_file/autodiscover.xml.twig', [ - 'loginname' => $matches[1], - 'mailsubdomain' => $domain->getFqdn(), // needs to be mail subdomain, maybe even split imap/smtp/pop subdomains in domain edit page - ]); $response->headers->set('Content-Type', 'application/xml'); diff --git a/src/Entity/Domains.php b/src/Entity/Domains.php index 5e102bf..b3fa933 100644 --- a/src/Entity/Domains.php +++ b/src/Entity/Domains.php @@ -36,6 +36,9 @@ class Domains #[ORM\Column(options: ['default' => '86400'])] private ?int $sts_maxage = null; + #[ORM\Column(length: 255)] + private ?string $mailhost = null; + public function __construct() { $this->reports = new ArrayCollection(); @@ -185,4 +188,16 @@ public function setStsMaxage(int $sts_maxage): static return $this; } + + public function getMailhost(): ?string + { + return $this->mailhost; + } + + public function setMailhost(string $mailhost): static + { + $this->mailhost = $mailhost; + + return $this; + } } diff --git a/src/Form/DomainFormType.php b/src/Form/DomainFormType.php index 1526659..77cb8b8 100644 --- a/src/Form/DomainFormType.php +++ b/src/Form/DomainFormType.php @@ -30,6 +30,9 @@ public function buildForm(FormBuilderInterface $builder, array $options): void ->add('fqdn', TextType::class, [ 'label' => 'Domain name', ]) + ->add('mailhost', TextType::class, [ + 'label' => 'Mailhost', + ]) ->add('sts_version', ChoiceType::class, [ 'choices' => [ 'STSv1' => 'STSv1' diff --git a/templates/domains/edit.html.twig b/templates/domains/edit.html.twig index 1eb15de..e1599a5 100644 --- a/templates/domains/edit.html.twig +++ b/templates/domains/edit.html.twig @@ -40,6 +40,7 @@

{{ form_row(form.fqdn) }} + {{ form_row(form.mailhost) }}

@@ -52,45 +53,38 @@
You can not remove MX-Records that are bound to an MTA-TLS report. Trying to do so will result in a 500 error.
+
{{ form_row(form.mx_records.vars.prototype.name)|e('html_attr') }} - - - - - {{ form_row(form.mx_records.vars.prototype.in_sts)|e('html_attr') }} - - - - - - - - - +
+
+ {{ form_row(form.mx_records.vars.prototype.in_sts)|e('html_attr') }} +
+
+ + + + + +
" data-index="{{ form.mx_records|length }}"> {% for mxrecordFrom in form.mx_records %} -
- +
+
{{ form_errors(mxrecordFrom) }} {{ form_row(mxrecordFrom.name) }} - - - - - {{ form_row(mxrecordFrom.in_sts) }} - - - - - - - - - - +
+
+ {{ form_row(mxrecordFrom.in_sts) }} +
+
+ + + + + +
{% endfor %} diff --git a/templates/domains/index.html.twig b/templates/domains/index.html.twig index c92a699..6b452ac 100644 --- a/templates/domains/index.html.twig +++ b/templates/domains/index.html.twig @@ -14,6 +14,7 @@ Id Domain FQDN + Mailhost MX Records Total DMARC reports Total SMTP-TLS policies @@ -25,6 +26,7 @@ {{ domain.id }} {{ domain.fqdn }} + {{ domain.mailhost }} {% for mx in domain.mxrecords %} {{ mx.name }}
From b140e390f4b8f2c09861464bdcc1c96d9423eed6 Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 16:22:41 +0200 Subject: [PATCH 3/8] remove autoconfig as well --- src/Controller/PolicyFileController.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Controller/PolicyFileController.php b/src/Controller/PolicyFileController.php index 293f59c..9eba968 100644 --- a/src/Controller/PolicyFileController.php +++ b/src/Controller/PolicyFileController.php @@ -52,6 +52,7 @@ public function policyfile(Request $request, EntityManagerInterface $em): Respon public function autodiscoverfile(Request $request, EntityManagerInterface $em): Response { $domain = str_replace("autodiscover.", "",$request->getHost()); + $domain = str_replace("autoconfig.", "",$domain); $repository = $this->em->getRepository(Domains::class); $domain = $repository->findOneBy(array('fqdn' => $domain)); if($domain){ From 4f0fd3cef387a30eec4567033472f35c9dce09d0 Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 19:59:30 +0200 Subject: [PATCH 4/8] cleanup --- src/Command/CheckmailboxCommand.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/Command/CheckmailboxCommand.php b/src/Command/CheckmailboxCommand.php index 27365df..56d3fcc 100644 --- a/src/Command/CheckmailboxCommand.php +++ b/src/Command/CheckmailboxCommand.php @@ -68,10 +68,6 @@ protected function execute(InputInterface $input, OutputInterface $output): int $mailresult = $this->open_mailbox($this->imap); $stats['new_emails'] = $mailresult['num_emails']; - // dump($mailresult['reports']['dmarc_reports']); - // dump($mailresult['reports']['smtptls_reports']); - // dd(); - foreach($mailresult['reports']['dmarc_reports'] as $dmarcreport){ $stats['new_dmarc_reports']++; From 86179788e58bcd9d08d2fba72d2de3ef7f48f11f Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 20:00:02 +0200 Subject: [PATCH 5/8] add dns info --- config/services.yaml | 1 + src/Controller/DomainsController.php | 7 +++ templates/domains/edit.html.twig | 68 +++++++++++++++++++++ templates/policy_file/autodiscover.xml.twig | 11 +++- 4 files changed, 86 insertions(+), 1 deletion(-) diff --git a/config/services.yaml b/config/services.yaml index 2d6a76f..a08183f 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -4,6 +4,7 @@ # Put parameters here that don't need to change on each machine where the app is deployed # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration parameters: + app.mailbox_username: '%env(MAILBOX_USERNAME)%' services: # default configuration for services in *this* file diff --git a/src/Controller/DomainsController.php b/src/Controller/DomainsController.php index 06d5e87..803ca40 100644 --- a/src/Controller/DomainsController.php +++ b/src/Controller/DomainsController.php @@ -85,9 +85,16 @@ public function edit(Domains $domain, Request $request): Response } $setup['users_form'] = $form->createView(); + $dns_info = array( + 'now' => new \DateTime('now'), + 'ip' => $request->getClientIp(), + 'email' => $this->getParameter('app.mailbox_username'), + ); + return $this->render('domains/edit.html.twig', [ 'menuactive' => 'domains', 'domain' => $domain, + 'dns_info' => $dns_info, 'form' => $form, 'breadcrumbs' => array( array('name' => $this->translator->trans("Domains"), 'url' => $this->router->generate('app_domains')), diff --git a/templates/domains/edit.html.twig b/templates/domains/edit.html.twig index e1599a5..068423b 100644 --- a/templates/domains/edit.html.twig +++ b/templates/domains/edit.html.twig @@ -111,6 +111,74 @@

+

+
+
DNS Settings
+
+ +
+

+
+ You can create the following DNS Records for this domain:
+ Please note that you need to update the STSv1 with a higher number each time you update the policy.
+ This will enable MTA-STS, TLS-RPT, DMARC and Outlook Autoconfig. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
TypeNameValue
Aautoconfig.{{ domain.fqdn }}{{ dns_info.ip }}
Aautodiscover.{{ domain.fqdn }}{{ dns_info.ip }}
Amta-sts.{{ domain.fqdn }}{{ dns_info.ip }}
A_autodiscover._tcp.{{ domain.fqdn }}{{ dns_info.ip }}
TXT_mta-sts.{{ domain.fqdn }}"v=STSv1; id={{ dns_info.now|date("YmdHis") }};"
TXT_smtp._tls.{{ domain.fqdn }}"v=TLSRPTv1; rua=mailto:{{ dns_info.email }}"
TXT_dmarc.{{ domain.fqdn }}"v=DMARC1; p=reject; rua=mailto:{{ dns_info.email }}; ruf=mailto:{{ dns_info.email }}; fo=1"
TXTdefault._domainkey.{{ domain.fqdn }}[Key from your DKIM installation]
+

+
+
+

diff --git a/templates/policy_file/autodiscover.xml.twig b/templates/policy_file/autodiscover.xml.twig index 79f027e..7bf29de 100644 --- a/templates/policy_file/autodiscover.xml.twig +++ b/templates/policy_file/autodiscover.xml.twig @@ -29,4 +29,13 @@ -{# https://apache.tutorials24x7.com/blog/outlook-autodiscover-using-apache-virtual-host #} \ No newline at end of file +{# https://apache.tutorials24x7.com/blog/outlook-autodiscover-using-apache-virtual-host #} +{# Input is the following + + + user@domain.ext + https://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a + + +source: https://learn.microsoft.com/en-us/exchange/client-developer/web-service-reference/pox-autodiscover-request-for-exchange +#} \ No newline at end of file From b34f5f3288edf536a615b7ad8d6808cabbc559fb Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 20:04:22 +0200 Subject: [PATCH 6/8] REMOTE_ADDR --- src/Controller/DomainsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Controller/DomainsController.php b/src/Controller/DomainsController.php index 803ca40..14cc05f 100644 --- a/src/Controller/DomainsController.php +++ b/src/Controller/DomainsController.php @@ -87,7 +87,7 @@ public function edit(Domains $domain, Request $request): Response $dns_info = array( 'now' => new \DateTime('now'), - 'ip' => $request->getClientIp(), + 'ip' => $request->server->get('REMOTE_ADDR'), 'email' => $this->getParameter('app.mailbox_username'), ); From 9bbae6558493b55746d9524606bf455605de3729 Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 20:07:55 +0200 Subject: [PATCH 7/8] SERVER_ADDR --- src/Controller/DomainsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Controller/DomainsController.php b/src/Controller/DomainsController.php index 14cc05f..13d4382 100644 --- a/src/Controller/DomainsController.php +++ b/src/Controller/DomainsController.php @@ -87,7 +87,7 @@ public function edit(Domains $domain, Request $request): Response $dns_info = array( 'now' => new \DateTime('now'), - 'ip' => $request->server->get('REMOTE_ADDR'), + 'ip' => $request->server->get('SERVER_ADDR'), 'email' => $this->getParameter('app.mailbox_username'), ); From 65c98bcd27f573af1f74eb71b1ed185821a58ba1 Mon Sep 17 00:00:00 2001 From: Ante de Baas Date: Sat, 14 Oct 2023 20:57:32 +0200 Subject: [PATCH 8/8] dont smash it together on small screens --- templates/domains/edit.html.twig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/domains/edit.html.twig b/templates/domains/edit.html.twig index 068423b..7b2f2af 100644 --- a/templates/domains/edit.html.twig +++ b/templates/domains/edit.html.twig @@ -34,7 +34,7 @@ {% block body %} {{ form_start(form) }}
-
+
Edit domain
@@ -100,7 +100,7 @@
-
+
STS Policy