From 581ba6fd9e40e913051e61c5fc6ad18f7e39c647 Mon Sep 17 00:00:00 2001
From: Sebastian Marsching <sebastian.marsching-git-2016@aquenos.com>
Date: Fri, 13 Oct 2023 13:11:10 +0200
Subject: [PATCH] Allow explicitly disabling ports for autoconfig /
 mobileconfig.

---
 data/web/autoconfig.php   | 52 ++++++++++++++++++++++++++++++++++++---
 data/web/inc/vars.inc.php |  3 +++
 data/web/mobileconfig.php | 22 +++++++++++++++--
 3 files changed, 71 insertions(+), 6 deletions(-)

diff --git a/data/web/autoconfig.php b/data/web/autoconfig.php
index 901a245d6..5520f2efd 100644
--- a/data/web/autoconfig.php
+++ b/data/web/autoconfig.php
@@ -30,6 +30,40 @@ if (isset($_GET['emailaddress'])) {
   }
 }
 
+function autoconfig_service_enabled($_service_type) {
+  global $autodiscover_config;
+  global $domain;
+  $_disabled = FALSE;
+  switch ($_service_type) {
+    // TODO Check autodiscover_config
+    case 'imap':
+      $_disabled = isset($autodiscover_config['imap']['tlsportDisabled']) && $autodiscover_config['imap']['tlsportDisabled'] === TRUE;
+      break;
+    case 'imaps':
+      $_disabled = isset($autodiscover_config['imap']['portDisabled']) && $autodiscover_config['imap']['portDisabled'] === TRUE;
+      break;
+    case 'pop3':
+      $_disabled = isset($autodiscover_config['pop3']['tlsportDisabled']) && $autodiscover_config['pop3']['tlsportDisabled'] === TRUE;
+      break;
+    case 'pop3s':
+      $_disabled = isset($autodiscover_config['pop3']['portDisabled']) && $autodiscover_config['pop3']['portDisabled'] === TRUE;
+      break;
+    case 'smtps':
+      $_disabled = isset($autodiscover_config['smtp']['portDisabled']) && $autodiscover_config['smtp']['portDisabled'] === TRUE;
+      break;
+    case 'submission':
+      $_disabled = isset($autodiscover_config['smtp']['tlsportDisabled']) && $autodiscover_config['smtp']['tlsportDisabled'] === TRUE;
+      break;
+  }
+  // If the port is disabled in the config, do not even bother to check the DNS records.
+  if ($_disabled === TRUE) {
+    return FALSE;
+  }
+  // Check whether the service is announced as "not provided" via a SRV record.
+  $_records = dns_get_record('_' . $_service_type .'._tcp.' . $domain, DNS_SRV);
+  return $_records === FALSE || count($_records) == 0 || $_records[0]['target'] != '';
+}
+
 header('Content-Type: application/xml');
 ?>
 <?= '<?xml version="1.0"?>'; ?>
@@ -39,6 +73,8 @@ header('Content-Type: application/xml');
       <displayName>A mailcow mail server</displayName>
       <displayShortName>mail server</displayShortName>
 
+<?php
+if (autoconfig_service_enabled('imaps')) { ?>
       <incomingServer type="imap">
          <hostname><?=$autodiscover_config['imap']['server']; ?></hostname>
          <port><?=$autodiscover_config['imap']['port']; ?></port>
@@ -46,6 +82,9 @@ header('Content-Type: application/xml');
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </incomingServer>
+<?php } ?>
+<?php
+if (autoconfig_service_enabled('imap')) { ?>
       <incomingServer type="imap">
          <hostname><?=$autodiscover_config['imap']['server']; ?></hostname>
          <port><?=$autodiscover_config['imap']['tlsport']; ?></port>
@@ -53,10 +92,10 @@ header('Content-Type: application/xml');
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </incomingServer>
+<?php } ?>
 
 <?php
-$records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record
-if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { ?>
+if (autoconfig_service_enabled('pop3s')) { ?>
       <incomingServer type="pop3">
          <hostname><?=$autodiscover_config['pop3']['server']; ?></hostname>
          <port><?=$autodiscover_config['pop3']['port']; ?></port>
@@ -66,8 +105,7 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') {
       </incomingServer>
 <?php } ?>
 <?php
-$records = dns_get_record('_pop3._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record
-if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { ?>
+if (autoconfig_service_enabled('pop3')) { ?>
       <incomingServer type="pop3">
          <hostname><?=$autodiscover_config['pop3']['server']; ?></hostname>
          <port><?=$autodiscover_config['pop3']['tlsport']; ?></port>
@@ -77,6 +115,8 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') {
       </incomingServer>
 <?php } ?>
 
+<?php
+if (autoconfig_service_enabled('smtps')) { ?>
       <outgoingServer type="smtp">
          <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname>
          <port><?=$autodiscover_config['smtp']['port']; ?></port>
@@ -84,6 +124,9 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') {
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </outgoingServer>
+<?php } ?>
+<?php
+if (autoconfig_service_enabled('submission')) { ?>
       <outgoingServer type="smtp">
          <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname>
          <port><?=$autodiscover_config['smtp']['tlsport']; ?></port>
@@ -91,6 +134,7 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') {
          <username>%EMAILADDRESS%</username>
          <authentication>password-cleartext</authentication>
       </outgoingServer>
+<?php } ?>
 
       <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php">
          <instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction>
diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php
index 392b0d49e..7c05ab0a2 100644
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -43,6 +43,9 @@ $autodiscover_config = array(
   // Please don't use STARTTLS-enabled service ports in the "port" variable.
   // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services).
   // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable.
+  // In order to disable one of the ports from being presented in the autodiscovery procss, set portDisabled or tlsPortDisabled to true.
+  // For example, in vars.local.inc.php add:
+  // $autodiscover_config['pop3']['tlsportDisabled'] = true;
   'imap' => array(
     'server' => $mailcow_hostname,
     'port' => (int)filter_var(substr(getenv('IMAPS_PORT'), strrpos(getenv('IMAPS_PORT'), ':')), FILTER_SANITIZE_NUMBER_INT),
diff --git a/data/web/mobileconfig.php b/data/web/mobileconfig.php
index 44aaa30ae..8ffd8893c 100644
--- a/data/web/mobileconfig.php
+++ b/data/web/mobileconfig.php
@@ -68,6 +68,24 @@ if (isset($_GET['app_password'])) {
   $app_password = false;
 }
 
+if (isset($autodiscover_config['imap']['portDisabled'])
+  && $autodiscover_config['imap']['portDisabled'] === TRUE
+  && !isset($autodiscover_config['imap']['tlsportDisabled'])
+  || $autodiscover_config['imap']['tlsportDisabled'] !== TRUE) {
+  $imap_port = $autodiscover_config['imap']['tlsport'];
+} else {
+  $imap_port = $autodiscover_config['imap']['port'];
+}
+
+if (isset($autodiscover_config['smtp']['portDisabled'])
+  && $autodiscover_config['smtp']['portDisabled'] === TRUE
+  && !isset($autodiscover_config['smtp']['tlsportDisabled'])
+  || $autodiscover_config['smtp']['tlsportDisabled'] !== TRUE) {
+  $smtp_port = $autodiscover_config['smtp']['tlsport'];
+} else {
+  $smtp_port = $autodiscover_config['smtp']['port'];
+}
+
 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
 ?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
@@ -89,7 +107,7 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
         <key>IncomingMailServerHostName</key>
         <string><?=$autodiscover_config['imap']['server']?></string>
         <key>IncomingMailServerPortNumber</key>
-        <integer><?=$autodiscover_config['imap']['port']?></integer>
+        <integer><?=$imap_port?></integer>
         <key>IncomingMailServerUseSSL</key>
         <true/>
         <key>IncomingMailServerUsername</key>
@@ -103,7 +121,7 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
         <key>OutgoingMailServerHostName</key>
         <string><?=$autodiscover_config['smtp']['server']?></string>
         <key>OutgoingMailServerPortNumber</key>
-        <integer><?=$autodiscover_config['smtp']['port']?></integer>
+        <integer><?=$smtp_port?></integer>
         <key>OutgoingMailServerUseSSL</key>
         <true/>
         <key>OutgoingMailServerUsername</key>