def create_sign_clean(): "Generate the sign clean ruleset" usersql = """SELECT users.email, '' as address FROM users, user_signatures WHERE users.active = 't' AND users.id=user_signatures.user_id AND user_signatures.enabled='t' AND user_signatures.signature_type = 1 UNION SELECT users.email, addresses.address FROM users,addresses, user_signatures WHERE users.id=addresses.user_id AND users.id=user_signatures.user_id AND addresses.enabled='t' AND user_signatures.enabled='t' AND user_signatures.signature_type = 1 """ domainsql = """SELECT name FROM alldomains, domain_signatures WHERE alldomains.id = domain_signatures.domain_id AND alldomains.status='t' AND domain_signatures.enabled='t' AND domain_signatures.signature_type = 1 """ users = Session.execute(usersql) domains = Session.execute(domainsql) kwargs = dict(users=users, domains=domains) write_ruleset('sign.clean.msgs.rules', kwargs) Session.close()
def create_av_disabled(): """Create AV checks disabled domains""" sql = """SELECT name AS key, '1' AS value FROM alldomains WHERE virus_checks='f'""" domains = Session.execute(sql) generate_cdb_file(domains, 'avdisabled.cdb') Session.close()
def command(self): "run command" self.init() if self.options.index_name is None: print "\nProvide an index to update\n" print self.parser.print_help() sys.exit(2) if self.options.index_name not in ['messages', 'archive']: print "\nProvide a valid index to update\n" print self.parser.print_help() sys.exit(2) if not os.path.exists('/usr/bin/indexer'): print "\nSphinx indexer is not installed\n" sys.exit(2) try: lockfile = os.path.join(self.conf['baruwa.locks.dir'], 'updatedelta.lock') with open(lockfile, 'w+') as lock: fcntl.lockf(lock, fcntl.LOCK_EX | fcntl.LOCK_NB) update_index(self.conf['sphinx.url'], self.options.index_name, self.options.index_has_rt) except IOError: print >> sys.stderr, "Another instance is running." sys.exit(2) finally: Session.close()
def create_ldap_domains(): """Generate LDAP domains""" sql = """SELECT name AS key, name AS value FROM mtasettings WHERE ldap_callout='t'""" domains = Session.execute(sql) generate_cdb_file(domains, 'ldapdomains.cdb') Session.close()
def command(self): "command" self.init() if acquire_lock('dbclean', self.conf): try: if self.options.days > 0: days = self.options.days else: days = int(self.conf.get('baruwa.messages.keep.days', 30)) if self.options.adays > 0: adays = self.options.adays else: adays = int(self.conf.get('baruwa.archive.keep.days', 90)) interval = datetime.timedelta(days=days) archive_interval = datetime.timedelta(days=adays) current_date = arrow.utcnow().datetime msgs_date = current_date - interval last_achive_date = current_date - archive_interval releases_date = current_date - datetime.timedelta(days=2) # process messages table process_messages(msgs_date) # process archive table prune_archive(last_achive_date) # process message status table prune_table('messagestatus', last_achive_date) # process releases table prune_table('releases', releases_date) # process awl table prune_table('awl', msgs_date) finally: Session.close() release_lock('dbclean', self.conf)
def command(self): "run command" self.init() if self.options.username is None: print >> sys.stderr, "\nProvide an username\n" print self.parser.print_help() sys.exit(126) try: user = Session\ .query(User)\ .filter(User.username == self.options.username)\ .filter(User.local == true())\ .one() if user.validate_password(os.environ['BARUWA_ADMIN_PASSWD']): print >> sys.stderr, "The account password is valid" sys.exit(0) else: print >> sys.stderr, "The account password is invalid" sys.exit(2) except KeyError: print >> sys.stderr, "BARUWA_ADMIN_PASSWD env variable not set" sys.exit(126) except NoResultFound: print >> sys.stderr, ("No local user found with username %s" % self.options.username) sys.exit(126) finally: Session.close()
def create_language_based(): "Generate file base language ruleset" domains = Session.query(Domain).filter(Domain.language != u'en').all() kwargs = dict(domains=domains) write_ruleset('languages.rules', kwargs) write_ruleset('rejectionreport.rules', kwargs) write_ruleset('deletedcontentmessage.rules', kwargs) write_ruleset('deletedfilenamemessage.rules', kwargs) write_ruleset('deletedvirusmessage.rules', kwargs) write_ruleset('deletedsizemessage.rules', kwargs) write_ruleset('storedcontentmessage.rules', kwargs) write_ruleset('storedfilenamemessage.rules', kwargs) write_ruleset('storedvirusmessage.rules', kwargs) write_ruleset('storedsizemessage.rules', kwargs) write_ruleset('disinfectedreport.rules', kwargs) write_ruleset('inlinewarninghtml.rules', kwargs) write_ruleset('inlinewarningtxt.rules', kwargs) write_ruleset('sendercontentreport.rules', kwargs) write_ruleset('sendererrorreport.rules', kwargs) write_ruleset('senderfilenamereport.rules', kwargs) write_ruleset('sendervirusreport.rules', kwargs) write_ruleset('sendersizereport.rules', kwargs) write_ruleset('senderspamreport.rules', kwargs) write_ruleset('senderspamrblreport.rules', kwargs) write_ruleset('senderspamsareport.rules', kwargs) write_ruleset('inlinespamwarning.rules', kwargs) write_ruleset('recipientspamreport.rules', kwargs) Session.close()
def create_post_smtp_av(): """Create post smtp av domains""" sql = """SELECT name AS key, '1' AS value FROM alldomains WHERE virus_checks_at_smtp='f'""" domains = Session.execute(sql) generate_cdb_file(domains, 'postsmtpav.cdb') Session.close()
def create_callback_domains(): """Generate SMTP callback domains""" sql = """SELECT name AS key, name AS value FROM mtasettings WHERE smtp_callout='t'""" domains = Session.execute(sql) generate_cdb_file(domains, 'cbdomains.cdb') Session.close()
def create_ldap_data(): """Generate ldap data""" sql = """SELECT ldapmaps.name AS key, url AS value FROM ldaplookup, ldapmaps WHERE ldaplookup.name=ldapmaps.parent""" items = Session.execute(sql) generate_cdb_file(items, 'ldapdata.cdb') Session.close()
def create_auth_data(): """Create auth data""" sql = """SELECT username AS key, password AS value FROM relaysettings WHERE username !='' AND password !=''""" recs = Session.execute(sql) generate_cdb_file(recs, 'auth.cdb') Session.close()
def create_spam_checks(): "Generate file based spam checks ruleset" users_q = Session.query(User).filter(User.spam_checks == false()) users = windowed_query(users_q, User.id, 100) domains = Session.query(Domain).filter(Domain.spam_checks == false()).all() kwargs = dict(users=users, domains=domains) write_ruleset('spam.checks.rules', kwargs) Session.close()
def create_route_data(): """Generate route data""" sql = """SELECT name AS key, '"<+ ' || array_to_string(array_agg(address), ' + ' ) || '"' AS value FROM routedata WHERE enabled='t' GROUP BY name""" addrs = Session.execute(sql) generate_cdb_file(addrs, 'routedata.cdb') Session.close()
def create_local_scores(): """Create local scores""" scores_q = Session.query(SARule)\ .filter(SARule.local_score != 0)\ .filter(SARule.local_score != SARule.score) scores = windowed_query(scores_q, SARule.id, 50) kwargs = dict(scores=scores) write_ruleset('local.scores', kwargs, 'localscores.rules') Session.close()
def save_dom_sig(sigid): "Save domain signature" logger = save_dom_sig.get_logger() try: logger.info('Processing domain signature: %s' % sigid) sign = Session.query(DomSignature)\ .filter(DomSignature.id == sigid).one() domain = Session.query(Domain)\ .filter(Domain.id == sign.domain_id).one() basedir = config.get('ms.signatures.base', '/etc/MailScanner/baruwa/signatures') def mksigdir(sigfile): "create directory" logger.info('Creating signature directory for: %s' % domain.name) os.mkdir(os.path.dirname(sigfile)) logger.info('Created: %s' % os.path.dirname(sigfile)) def mksymlinks(domname): "Create symlinked directories" domdr = os.path.join(basedir, 'domains', domname.name) for alias in domname.aliases: linkdr = os.path.join(basedir, 'domains', alias.name) if not os.path.exists(linkdr): os.symlink(domdr, linkdr) logger.info('Created symlink: %s' % linkdr) if not sign.enabled: logger.info('Signature disabled, notifying scanner') update_ms_serial(logger) return if sign.signature_type == 1: # text sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.txt') print sigfile print os.path.dirname(sigfile) if not os.path.exists(os.path.dirname(sigfile)): mksigdir(sigfile) with open(sigfile, 'w') as handle: if not sign.signature_content.startswith('--'): handle.write("\n--\n") handle.write(sign.signature_content) logger.info('Signature written to file: %s' % sigfile) mksymlinks(domain) else: # html sigfile = os.path.join(basedir, 'domains', domain.name, 'sig.html') if not os.path.exists(os.path.dirname(sigfile)): mksigdir(sigfile) write_html_sig(sigfile, sign, True, logger) mksymlinks(domain) update_ms_serial(logger) except NoResultFound: pass finally: Session.close()
def create_virus_checks(): "Generate file based virus checks ruleset" domains = Session.query(Domain)\ .filter(and_(Domain.virus_checks == true(), Domain.virus_checks_at_smtp == false()))\ .all() kwargs = dict(domains=domains) write_ruleset('virus.checks.rules', kwargs) Session.close()
def save_user_sig(sigid): "Save a user signature and associated images to filesystem" logger = save_user_sig.get_logger() try: logger.info('Processing user signature: %s' % sigid) sign = Session.query(UserSignature)\ .filter(UserSignature.id == sigid).one() user = Session.query(User)\ .filter(User.id == sign.user_id).one() basedir = config.get('ms.signatures.base', '/etc/MailScanner/baruwa/signatures') def mksigdir(sigfile): "make directory" logger.info('Creating signature directory for: %s' % user.username) os.mkdir(os.path.dirname(sigfile)) logger.info('Created: %s' % os.path.dirname(sigfile)) def mksymlinks(usrname): "Create symlinked directories" usrdir = os.path.join(basedir, 'users', usrname.username) for addr in usrname.addresses: linkdr = os.path.join(basedir, 'users', addr.address) if not os.path.exists(linkdr): os.symlink(usrdir, linkdr) logger.info('Created symlink: %s' % linkdr) if not sign.enabled: logger.info('Signature disabled, notifying scanner') update_ms_serial(logger) return if sign.signature_type == 1: # text sigfile = os.path.join(basedir, 'users', user.username, 'sig.txt') if not os.path.exists(os.path.dirname(sigfile)): mksigdir(sigfile) with open(sigfile, 'w') as handle: if not sign.signature_content.startswith('--'): handle.write("\n--\n") handle.write(sign.signature_content) # os.write(handle, os.linesep) logger.info('Signature written to file: %s' % sigfile) mksymlinks(user) else: # html sigfile = os.path.join(basedir, 'users', user.username, 'sig.html') if not os.path.exists(os.path.dirname(sigfile)): mksigdir(sigfile) write_html_sig(sigfile, sign, False, logger) mksymlinks(user) update_ms_serial(logger) except NoResultFound: pass finally: Session.close()
def create_highspam_actions(): "Generate file based highspam actions ruleset" hosts = Session.query(Relay.address, Relay.highspam_actions)\ .filter(Relay.address != u'')\ .filter(Relay.highspam_actions != 2)\ .distinct(Relay.address).all() domains = Session.query(Domain).filter(Domain.highspam_actions != 2).all() kwargs = dict(domains=domains, hosts=hosts) write_ruleset('highspam.actions.rules', kwargs) Session.close()
def create_ratelimit(): """Create Ratelimit""" sql = """SELECT CASE WHEN address != '' THEN address ELSE username END AS key, CAST(ratelimit AS text) AS value FROM relaysettings WHERE enabled='t' """ items = Session.execute(sql) generate_cdb_file(items, 'ratelimit.cdb') Session.close()
def create_lists(list_type): "Generate Approved and banned lists" if list_type == 1: # create approve kwargs = get_list_data(1) write_ruleset('approved.senders.rules', kwargs) if list_type == 2: # create banned kwargs = get_list_data(2) write_ruleset('banned.senders.rules', kwargs) Session.close()
def exportaccounts(domainid, userid, orgid): "Export Accounts" logger = exportaccounts.get_logger() results = dict(f=None, global_error='') try: logger.info('Starting export of accounts for userid: %s' % userid) user = Session.query(User).get(userid) if user.is_peleb: results['global_error'] = \ 'You are not authorized to export accounts' return results if user.is_domain_admin and orgid: results['global_error'] = \ 'You are not authorized to export organization accounts' return results users = Session.query(User)\ .options(joinedload('addresses'))\ .order_by(User.id) if user.is_domain_admin: users = users.join(domain_users, (domain_owners, domain_users.c.domain_id == domain_owners.c.domain_id), (oa, domain_owners.c.organization_id == oa.c.organization_id))\ .filter(oa.c.user_id == user.id) if domainid: users = users.filter( and_(domain_users.c.domain_id == domainid, domain_users.c.user_id == User.id)) if orgid: users = users.filter( and_(domain_users.c.user_id == User.id, domain_users.c.domain_id == domain_owners.c.domain_id, domain_owners.c.organization_id == orgid)) rows = [] for account in users.all(): row = account.to_csv() if account.addresses: row.update(account.addresses[0].to_csv()) rows.append(row) if rows: keys = tuple(ACCOUNTFIELDS + ADDRESSFIELDS) results['f'] = build_csv(rows, keys) logger.info('Export complete, returning csv file') else: results['global_error'] = 'No accounts found' logger.info('Export failed: %s' % results['global_error']) except (NoResultFound, ProgrammingError): results['global_error'] = 'User account does not exist' logger.info('Export failed: %s' % results['global_error']) finally: Session.close() return results
def create_mta_settings(setting_type): """Create MTA settings""" sql = """SELECT address AS key, address AS value FROM mta_settings WHERE address_type=%d AND enabled='t' """ % int(setting_type) items = Session.execute(sql) if int(setting_type) == 2: generate_text_file(items, SETTINGS_MAP[int(setting_type)]) else: generate_cdb_file(items, SETTINGS_MAP[int(setting_type)]) Session.close()
def exportaccounts(domainid, userid, orgid): "Export Accounts" logger = exportaccounts.get_logger() results = dict(f=None, global_error='') try: logger.info('Starting export of accounts for userid: %s' % userid) user = Session.query(User).get(userid) if user.is_peleb: results['global_error'] = \ 'You are not authorized to export accounts' return results if user.is_domain_admin and orgid: results['global_error'] = \ 'You are not authorized to export organization accounts' return results users = Session.query(User)\ .options(joinedload('addresses'))\ .order_by(User.id) if user.is_domain_admin: users = users.join(domain_users, (domain_owners, domain_users.c.domain_id == domain_owners.c.domain_id), (oa, domain_owners.c.organization_id == oa.c.organization_id))\ .filter(oa.c.user_id == user.id) if domainid: users = users.filter(and_(domain_users.c.domain_id == domainid, domain_users.c.user_id == User.id)) if orgid: users = users.filter(and_(domain_users.c.user_id == User.id, domain_users.c.domain_id == domain_owners.c.domain_id, domain_owners.c.organization_id == orgid)) rows = [] for account in users.all(): row = account.to_csv() if account.addresses: row.update(account.addresses[0].to_csv()) rows.append(row) if rows: keys = tuple(ACCOUNTFIELDS + ADDRESSFIELDS) results['f'] = build_csv(rows, keys) logger.info('Export complete, returning csv file') else: results['global_error'] = 'No accounts found' logger.info('Export failed: %s' % results['global_error']) except (NoResultFound, ProgrammingError): results['global_error'] = 'User account does not exist' logger.info('Export failed: %s' % results['global_error']) finally: Session.close() return results
def create_highspam_scores(): "Generate file based highspam scores ruleset" users_q = Session.query(User).filter(User.high_score > 0) users = windowed_query(users_q, User.id, 100) domains = Session.query(Domain).filter(Domain.high_score > 0).all() hosts = Session.query(Relay.address, Relay.high_score)\ .filter(Relay.high_score > 0)\ .filter(Relay.address != u'')\ .distinct(Relay.address).all() kwargs = dict(domains=domains, users=users, hosts=hosts) write_ruleset('highspam.score.rules', kwargs) Session.close()
def update_autorelease(msg_uuid): "Update the autorelease link record" logger = update_autorelease.get_logger() try: record = Session.query(Release).filter(Release.uuid == msg_uuid).one() record.released = True Session.add(record) Session.commit() logger.info("Auto Release record: %s updated" % msg_uuid) except NoResultFound: logger.info("Release Record: %s not found" % msg_uuid) finally: Session.close()
def create_relay_proto_domains(protocol): """Generate relay domains cdb""" if protocol == 1: sql = """SELECT name AS key, name AS value FROM mtasettings WHERE protocol=1""" filename = 'relaysmtpdomains.cdb' else: sql = """SELECT name AS key, name AS value FROM mtasettings WHERE protocol=2""" filename = 'relaylmtpdomains.cdb' domains = Session.execute(sql) generate_cdb_file(domains, filename) Session.close()
def create_domain_lists(list_type): """Approved list""" if list_type == 1: sql = """SELECT from_address AS key, from_address AS value FROM lists WHERE to_address='any' AND list_type=1""" filename = 'approvedlists.cdb' else: sql = """SELECT from_address AS key, from_address AS value FROM lists WHERE to_address='any' AND list_type=2""" filename = 'bannedlists.cdb' addrs = Session.execute(sql) generate_cdb_file(addrs, filename) Session.close()
def exportdomains(userid, orgid=None): "Export domains" logger = exportdomains.get_logger() results = dict(f=None, global_error='') try: logger.info('Starting export of domains for userid: %s' % userid) user = Session.query(User).get(userid) if user.is_peleb: results['global_error'] = \ 'You are not authorized to export domains' return results if user.is_domain_admin and orgid: results['global_error'] = \ 'You are not authorized to export organization domains' return results domains = Session.query(Domain) if orgid: domains = domains.join(domain_owners).filter( domain_owners.c.organization_id == orgid) if user.is_domain_admin: domains = domains.join(domain_owners, (oa, domain_owners.c.organization_id == oa.c.organization_id))\ .filter(oa.c.user_id == user.id) rows = [] for domain in domains.all(): row = domain.to_csv() if domain.servers: row.update(domain.servers[0].to_csv()) if domain.authservers: row.update(domain.authservers[0].to_csv()) if domain.aliases: row.update(domain.aliases[0].to_csv()) rows.append(row) if rows: keys = tuple(DOMAINFIELDS + DAFIELDS + DSFIELDS + ASFIELDS) results['f'] = build_csv(rows, keys) logger.info('Export complete, returning csv file') else: results['global_error'] = 'No domains found' logger.info('Export failed: %s' % results['global_error']) except NoResultFound: results['global_error'] = 'User account does not exist' logger.info('Export failed: %s' % results['global_error']) except TypeError: results['global_error'] = 'Internal error occured' logger.info('Export failed: %s' % results['global_error']) finally: Session.close() return results
def savemodel(model, form, domainid=None): "save form data" for field in form: if field.name != 'csrf_token': setattr(model, field.name, field.data) if domainid: model.domain_id = domainid try: Session.add(model) Session.commit() except IntegrityError: Session.rollback() finally: Session.close()
def create_lmtp(delivery_mode): """Create LMTP domains""" if delivery_mode == 1: sql = """SELECT name AS key, name AS value FROM mtasettings WHERE delivery_mode=1 AND protocol=2""" filename = 'lmtprand.cdb' else: sql = """SELECT name AS key, name AS value FROM mtasettings WHERE delivery_mode=2 AND protocol=2""" filename = 'lmtpnonrand.cdb' domains = Session.execute(sql) generate_cdb_file(domains, filename) Session.close()
def command(self): "run command" self.init() try: lockfile = os.path.join(self.conf['baruwa.locks.dir'], 'queuestats.lock') with open(lockfile, 'w+') as lock: fcntl.lockf(lock, fcntl.LOCK_EX | fcntl.LOCK_NB) hostname = system_hostname() update_queue_stats(hostname) except IOError: warnings.warn("Queuestats already running !") sys.exit(2) finally: Session.close()
def update_autorelease(msg_uuid): "Update the autorelease link record" logger = update_autorelease.get_logger() try: record = Session.query(Release)\ .filter(Release.uuid == msg_uuid)\ .one() record.released = True Session.add(record) Session.commit() logger.info("Auto Release record: %s updated" % msg_uuid) except NoResultFound: logger.info("Release Record: %s not found" % msg_uuid) finally: Session.close()