# # SPDX-FileCopyrightText: 2023 Afnic # # SPDX-License-Identifier: GPL-3.0-or-later # package Email::SpoofingDemo::PostfixConfig; use strict; use warnings; use v5.10; use utf8; use Exporter 'import'; our @EXPORT_OK = qw(spf_dkim_dmarc_status set_spf_dkim_dmarc_status); my $CHECK_SPF_POLICY = 'check_policy_service unix:private/policy'; my $DKIM_MILTER = 'inet:127.0.0.1:8891'; my $DMARC_MILTER = 'inet:127.0.0.1:8893'; my $POSTCONF = '/usr/sbin/postconf'; sub safe_system { system @_; my $exit_status = ($? >> 8); die "$_[0] exited with status $exit_status" unless $exit_status == 0; return; } sub reload_postfix { safe_system(qw(postfix reload)); } sub postconf_read { my ($variable) = @_; my $output = ''; open (my $fh, '-|', $POSTCONF, '-h', $variable) or die "postconf: $!"; while (<$fh>) { chomp; $output .= $_; } close($fh); my $exit_status = ($? >> 8); die "postconf failed" unless $exit_status == 0; if (wantarray) { return split(/,\s*/, $output); } else { return $output; } } sub postconf_set { die "Need an even number of parameters" if scalar(@_) % 2 != 0; my @vars_to_set; while (@_) { my $parameter = shift; my $value = shift; push(@vars_to_set, "$parameter=$value"); } my ($parameter, $value) = @_; safe_system($POSTCONF, '-e', @vars_to_set); } sub smtpd_recipient_restrictions { my ($enabled) = @_; return ($enabled) ? $CHECK_SPF_POLICY : ''; } sub spf_dkim_dmarc_status { my @smtpd_recipient_restrictions = postconf_read('smtpd_recipient_restrictions'); my @smtpd_milters = postconf_read('smtpd_milters'); return { spf => scalar(grep { $_ eq $CHECK_SPF_POLICY } @smtpd_recipient_restrictions), dkim => scalar(grep { $_ eq $DKIM_MILTER } @smtpd_milters), dmarc => scalar(grep { $_ eq $DMARC_MILTER } @smtpd_milters) }; } sub smtpd_milters { my ($dkim_enabled, $dmarc_enabled) = @_; my @milters; push @milters, $DKIM_MILTER if $dkim_enabled; push @milters, $DMARC_MILTER if $dmarc_enabled; return join(', ', @milters); } sub set_spf_dkim_dmarc_status { my ($spf_enabled, $dkim_enabled, $dmarc_enabled) = @_; say STDERR "Setting configuration"; postconf_set( smtpd_recipient_restrictions => smtpd_recipient_restrictions($spf_enabled), smtpd_milters => smtpd_milters($dkim_enabled, $dmarc_enabled) ); say STDERR "Reloading Postfix"; reload_postfix(); say STDERR "Done"; } 1;