self-hosted/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-11-28 08:52:00 +02:00
Code Issues Releases Activity

Don't expose SMTP/IMAP if announced "not provided" via SRV

Browse Source 
Fixes #5944
This commit is contained in:
Julian Raufelder 2024-07-09 19:52:15 +02:00
parent 70126e1f0c
commit 384e5a2e64
No known key found for this signature in database
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
data/web/autoconfig.php
View File

@ -39,6 +39,9 @@ header('Content-Type: application/xml');
<username>%EMAILADDRESS%</username> <username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication> <authentication>password-cleartext</authentication>
</incomingServer> </incomingServer>
<?php
$records = dns_get_record('_imap._tcp.' . $domain, DNS_SRV); // check if IMAP is announced as "not provided" via SRV record
if (count($records) == 0 || $records[0]['target'] != '') { ?>
<incomingServer type="imap"> <incomingServer type="imap">
<hostname><?=$autodiscover_config['imap']['server']; ?></hostname> <hostname><?=$autodiscover_config['imap']['server']; ?></hostname>
<port><?=$autodiscover_config['imap']['tlsport']; ?></port> <port><?=$autodiscover_config['imap']['tlsport']; ?></port>
@ -46,6 +49,7 @@ header('Content-Type: application/xml');
<username>%EMAILADDRESS%</username> <username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication> <authentication>password-cleartext</authentication>
</incomingServer> </incomingServer>
<?php } ?>
<?php <?php
$records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record $records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record
@ -77,6 +81,9 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
<username>%EMAILADDRESS%</username> <username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication> <authentication>password-cleartext</authentication>
</outgoingServer> </outgoingServer>
<?php
$records = dns_get_record('_smtp._tcp.' . $domain, DNS_SRV); // check if SMTP is announced as "not provided" via SRV record
if (count($records) == 0 || $records[0]['target'] != '') { ?>
<outgoingServer type="smtp"> <outgoingServer type="smtp">
<hostname><?=$autodiscover_config['smtp']['server']; ?></hostname> <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname>
<port><?=$autodiscover_config['smtp']['tlsport']; ?></port> <port><?=$autodiscover_config['smtp']['tlsport']; ?></port>
@ -84,6 +91,7 @@ if (count($records) == 0 || $records[0]['target'] != '') { ?>
<username>%EMAILADDRESS%</username> <username>%EMAILADDRESS%</username>
<authentication>password-cleartext</authentication> <authentication>password-cleartext</authentication>
</outgoingServer> </outgoingServer>
<?php } ?>
<enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php"> <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php">
<instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction> <instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction>