From 581ba6fd9e40e913051e61c5fc6ad18f7e39c647 Mon Sep 17 00:00:00 2001 From: Sebastian Marsching <sebastian.marsching-git-2016@aquenos.com> Date: Fri, 13 Oct 2023 13:11:10 +0200 Subject: [PATCH] Allow explicitly disabling ports for autoconfig / mobileconfig. --- data/web/autoconfig.php | 52 ++++++++++++++++++++++++++++++++++++--- data/web/inc/vars.inc.php | 3 +++ data/web/mobileconfig.php | 22 +++++++++++++++-- 3 files changed, 71 insertions(+), 6 deletions(-) diff --git a/data/web/autoconfig.php b/data/web/autoconfig.php index 901a245d6..5520f2efd 100644 --- a/data/web/autoconfig.php +++ b/data/web/autoconfig.php @@ -30,6 +30,40 @@ if (isset($_GET['emailaddress'])) { } } +function autoconfig_service_enabled($_service_type) { + global $autodiscover_config; + global $domain; + $_disabled = FALSE; + switch ($_service_type) { + // TODO Check autodiscover_config + case 'imap': + $_disabled = isset($autodiscover_config['imap']['tlsportDisabled']) && $autodiscover_config['imap']['tlsportDisabled'] === TRUE; + break; + case 'imaps': + $_disabled = isset($autodiscover_config['imap']['portDisabled']) && $autodiscover_config['imap']['portDisabled'] === TRUE; + break; + case 'pop3': + $_disabled = isset($autodiscover_config['pop3']['tlsportDisabled']) && $autodiscover_config['pop3']['tlsportDisabled'] === TRUE; + break; + case 'pop3s': + $_disabled = isset($autodiscover_config['pop3']['portDisabled']) && $autodiscover_config['pop3']['portDisabled'] === TRUE; + break; + case 'smtps': + $_disabled = isset($autodiscover_config['smtp']['portDisabled']) && $autodiscover_config['smtp']['portDisabled'] === TRUE; + break; + case 'submission': + $_disabled = isset($autodiscover_config['smtp']['tlsportDisabled']) && $autodiscover_config['smtp']['tlsportDisabled'] === TRUE; + break; + } + // If the port is disabled in the config, do not even bother to check the DNS records. + if ($_disabled === TRUE) { + return FALSE; + } + // Check whether the service is announced as "not provided" via a SRV record. + $_records = dns_get_record('_' . $_service_type .'._tcp.' . $domain, DNS_SRV); + return $_records === FALSE || count($_records) == 0 || $_records[0]['target'] != ''; +} + header('Content-Type: application/xml'); ?> <?= '<?xml version="1.0"?>'; ?> @@ -39,6 +73,8 @@ header('Content-Type: application/xml'); <displayName>A mailcow mail server</displayName> <displayShortName>mail server</displayShortName> +<?php +if (autoconfig_service_enabled('imaps')) { ?> <incomingServer type="imap"> <hostname><?=$autodiscover_config['imap']['server']; ?></hostname> <port><?=$autodiscover_config['imap']['port']; ?></port> @@ -46,6 +82,9 @@ header('Content-Type: application/xml'); <username>%EMAILADDRESS%</username> <authentication>password-cleartext</authentication> </incomingServer> +<?php } ?> +<?php +if (autoconfig_service_enabled('imap')) { ?> <incomingServer type="imap"> <hostname><?=$autodiscover_config['imap']['server']; ?></hostname> <port><?=$autodiscover_config['imap']['tlsport']; ?></port> @@ -53,10 +92,10 @@ header('Content-Type: application/xml'); <username>%EMAILADDRESS%</username> <authentication>password-cleartext</authentication> </incomingServer> +<?php } ?> <?php -$records = dns_get_record('_pop3s._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record -if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { ?> +if (autoconfig_service_enabled('pop3s')) { ?> <incomingServer type="pop3"> <hostname><?=$autodiscover_config['pop3']['server']; ?></hostname> <port><?=$autodiscover_config['pop3']['port']; ?></port> @@ -66,8 +105,7 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { </incomingServer> <?php } ?> <?php -$records = dns_get_record('_pop3._tcp.' . $domain, DNS_SRV); // check if POP3 is announced as "not provided" via SRV record -if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { ?> +if (autoconfig_service_enabled('pop3')) { ?> <incomingServer type="pop3"> <hostname><?=$autodiscover_config['pop3']['server']; ?></hostname> <port><?=$autodiscover_config['pop3']['tlsport']; ?></port> @@ -77,6 +115,8 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { </incomingServer> <?php } ?> +<?php +if (autoconfig_service_enabled('smtps')) { ?> <outgoingServer type="smtp"> <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname> <port><?=$autodiscover_config['smtp']['port']; ?></port> @@ -84,6 +124,9 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { <username>%EMAILADDRESS%</username> <authentication>password-cleartext</authentication> </outgoingServer> +<?php } ?> +<?php +if (autoconfig_service_enabled('submission')) { ?> <outgoingServer type="smtp"> <hostname><?=$autodiscover_config['smtp']['server']; ?></hostname> <port><?=$autodiscover_config['smtp']['tlsport']; ?></port> @@ -91,6 +134,7 @@ if ($records === FALSE || count($records) == 0 || $records[0]['target'] != '') { <username>%EMAILADDRESS%</username> <authentication>password-cleartext</authentication> </outgoingServer> +<?php } ?> <enable visiturl="https://<?=$mailcow_hostname; ?><?php if ($port != 443) echo ':'.$port; ?>/admin.php"> <instruction>If you didn't change the password given to you by the administrator or if you didn't change it in a long time, please consider doing that now.</instruction> diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php index 392b0d49e..7c05ab0a2 100644 --- a/data/web/inc/vars.inc.php +++ b/data/web/inc/vars.inc.php @@ -43,6 +43,9 @@ $autodiscover_config = array( // Please don't use STARTTLS-enabled service ports in the "port" variable. // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services). // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable. + // In order to disable one of the ports from being presented in the autodiscovery procss, set portDisabled or tlsPortDisabled to true. + // For example, in vars.local.inc.php add: + // $autodiscover_config['pop3']['tlsportDisabled'] = true; 'imap' => array( 'server' => $mailcow_hostname, 'port' => (int)filter_var(substr(getenv('IMAPS_PORT'), strrpos(getenv('IMAPS_PORT'), ':')), FILTER_SANITIZE_NUMBER_INT), diff --git a/data/web/mobileconfig.php b/data/web/mobileconfig.php index 44aaa30ae..8ffd8893c 100644 --- a/data/web/mobileconfig.php +++ b/data/web/mobileconfig.php @@ -68,6 +68,24 @@ if (isset($_GET['app_password'])) { $app_password = false; } +if (isset($autodiscover_config['imap']['portDisabled']) + && $autodiscover_config['imap']['portDisabled'] === TRUE + && !isset($autodiscover_config['imap']['tlsportDisabled']) + || $autodiscover_config['imap']['tlsportDisabled'] !== TRUE) { + $imap_port = $autodiscover_config['imap']['tlsport']; +} else { + $imap_port = $autodiscover_config['imap']['port']; +} + +if (isset($autodiscover_config['smtp']['portDisabled']) + && $autodiscover_config['smtp']['portDisabled'] === TRUE + && !isset($autodiscover_config['smtp']['tlsportDisabled']) + || $autodiscover_config['smtp']['tlsportDisabled'] !== TRUE) { + $smtp_port = $autodiscover_config['smtp']['tlsport']; +} else { + $smtp_port = $autodiscover_config['smtp']['port']; +} + echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; ?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> @@ -89,7 +107,7 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; <key>IncomingMailServerHostName</key> <string><?=$autodiscover_config['imap']['server']?></string> <key>IncomingMailServerPortNumber</key> - <integer><?=$autodiscover_config['imap']['port']?></integer> + <integer><?=$imap_port?></integer> <key>IncomingMailServerUseSSL</key> <true/> <key>IncomingMailServerUsername</key> @@ -103,7 +121,7 @@ echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; <key>OutgoingMailServerHostName</key> <string><?=$autodiscover_config['smtp']['server']?></string> <key>OutgoingMailServerPortNumber</key> - <integer><?=$autodiscover_config['smtp']['port']?></integer> + <integer><?=$smtp_port?></integer> <key>OutgoingMailServerUseSSL</key> <true/> <key>OutgoingMailServerUsername</key>