First prototype of logmail endpoint

Author: endelwar

.gitattributes

@@ -5,6 +5,6 @@ tests/ export-ignore
 composer.json export-ignore
 composer.lock export-ignore
 docker-compose.yaml export-ignore
-phpstan.neon.dist export-ignore
+phpstan.dist.neon export-ignore
 rector.php export-ignore
 phpunit.xml export-ignore

.gitignore

@@ -10,4 +10,5 @@
 /composer.lock
 /.php-cs-fixer.cache
 /.phpunit.cache
-/phpstan.neon
+/.phpstan-cache
+/phpstan.neon

MailScanner_perl_scripts/MailWatch.pm

@@ -63,7 +63,7 @@ use File::Basename;
 my $dirname = dirname(__FILE__);
 require $dirname . '/MailWatchConf.pm';
 my $api_base_url = mailwatch_get_api_base_url();
-my $api_endpoint = $api_base_url . '/api/mailscanner.php';
+my $api_endpoint = $api_base_url . '/api/logmail.php';
 my $api_key = mailwatch_get_api_key();
 my $api_max_retries = mailwatch_get_api_max_retries();
 my $api_retry_delay = mailwatch_get_api_retry_delay();

composer.json

@@ -14,7 +14,7 @@
         "php-parallel-lint/php-console-highlighter": "^1.0.0",
         "rector/rector": "^2",
         "phpunit/phpunit": "^10.5",
-        "symfony/var-dumper": "^6|^7"
+        "symfony/var-dumper": "^6|^7|^8"
     },
     "suggest": {
         "ext-ldap": "For LDAP support",

mailscanner/api/MailLogEntry.php

@@ -0,0 +1,103 @@
+<?php
+
+class MailLogEntry
+{
+    public $timestamp;
+    public $id;
+    public $size;
+    public $from;
+    public $from_domain;
+    public $to;
+    public $to_domain;
+    public $subject;
+    public $clientip;
+    public $archiveplaces;
+    public $isspam;
+    public $ishigh;
+    public $issaspam;
+    public $isrblspam;
+    public $spamwhitelisted;
+    public $spamblacklisted;
+    public $sascore;
+    public $spamreport;
+    public $virusinfected;
+    public $nameinfected;
+    public $otherinfected;
+    public $reports;
+    public $ismcp;
+    public $ishighmcp;
+    public $issamcp;
+    public $mcpwhitelisted;
+    public $mcpblacklisted;
+    public $mcpsascore;
+    public $mcpreport;
+    public $hostname;
+    public $date;
+    public $time;
+    public $headers;
+    public $quarantined;
+    public $rblspamreport;
+    public $token;
+    public $messageid;
+
+    public function __construct($data)
+    {
+        $this->timestamp = $data['timestamp'] ?? null;
+        $this->id = $data['id'] ?? null;
+        $this->size = $data['size'] ?? null;
+        $this->from = $data['from'] ?? null;
+        $this->from_domain = $data['from_domain'] ?? null;
+        $this->to = $data['to'] ?? null;
+        $this->to_domain = $data['to_domain'] ?? null;
+        $this->subject = $data['subject'] ?? null;
+        $this->clientip = $data['clientip'] ?? null;
+        $this->archiveplaces = $data['archiveplaces'] ?? null;
+        $this->isspam = $data['isspam'] ?? 0;
+        $this->ishigh = $data['ishigh'] ?? 0;
+        $this->issaspam = $data['issaspam'] ?? 0;
+        $this->isrblspam = $data['isrblspam'] ?? 0;
+        $this->spamwhitelisted = $data['spamwhitelisted'] ?? 0;
+        $this->spamblacklisted = $data['spamblacklisted'] ?? 0;
+        $this->sascore = $data['sascore'] ?? 0.00;
+        $this->spamreport = $data['spamreport'] ?? '';
+        $this->virusinfected = $data['virusinfected'] ?? 0;
+        $this->nameinfected = $data['nameinfected'] ?? 0;
+        $this->otherinfected = $data['otherinfected'] ?? 0;
+        $this->reports = $data['reports'] ?? '';
+        $this->ismcp = $data['ismcp'] ?? 0;
+        $this->ishighmcp = $data['ishighmcp'] ?? 0;
+        $this->issamcp = $data['issamcp'] ?? 0;
+        $this->mcpwhitelisted = $data['mcpwhitelisted'] ?? 0;
+        $this->mcpblacklisted = $data['mcpblacklisted'] ?? 0;
+        $this->mcpsascore = $data['mcpsascore'] ?? 0.00;
+        $this->mcpreport = $data['mcpreport'] ?? '';
+        $this->hostname = $data['hostname'] ?? '';
+        $this->date = $data['date'] ?? null;
+        $this->time = $data['time'] ?? null;
+        $this->headers = $data['headers'] ?? '';
+        $this->quarantined = $data['quarantined'] ?? 0;
+        $this->rblspamreport = $data['rblspamreport'] ?? '';
+        $this->token = $data['token'] ?? '';
+        $this->messageid = $data['messageid'] ?? '';
+    }
+
+    /**
+     * @return bool
+     */
+    public function isValid()
+    {
+        if (
+            empty($this->timestamp)
+            || empty($this->id)
+            || empty($this->size)
+            || empty($this->from)
+            || empty($this->to)
+            || empty($this->subject)
+            || empty($this->clientip)
+        ) {
+            return false;
+        }
+
+        return true;
+    }
+}

mailscanner/api/logmail.php

@@ -0,0 +1,140 @@
+<?php
+
+// all response are JSON encoded
+header('Content-Type: application/json; charset=UTF-8');
+
+require_once __DIR__ . '/../conf.php';
+
+if (!defined('API_KEY')) {
+    http_response_code(401); // Unauthorized
+    echo json_encode(['error' => 'Unauthorized - Set an API KEY to use this API']);
+    exit;
+}
+
+require_once __DIR__ . '/../database.php';
+require_once __DIR__ . '/MailLogEntry.php';
+
+/**
+ * @param ?string $apiKey
+ *
+ * @return bool
+ */
+function isValidApiKey($apiKey)
+{
+    if (null === $apiKey) {
+        return false;
+    }
+
+    if (!defined('API_KEY')) {
+        return false;
+    }
+
+    return API_KEY === $apiKey;
+}
+
+/**
+ * @return ?string
+ */
+function getApiKeyToken()
+{
+    if (isset($_SERVER['HTTP_X_MAILWATCH_API_KEY'])) {
+        return $_SERVER['HTTP_X_MAILWATCH_API_KEY'];
+    }
+
+    return null;
+}
+
+// Check if is POST request
+if ('POST' !== $_SERVER['REQUEST_METHOD']) {
+    http_response_code(405); // Method Not Allowed
+    echo json_encode(['error' => 'Method Not Allowed']);
+    exit;
+}
+
+// Verify API key
+$apiKeyToken = getApiKeyToken();
+if (null === $apiKeyToken || !isValidApiKey($apiKeyToken)) {
+    http_response_code(401); // Unauthorized
+    echo json_encode(['error' => 'Unauthorized']);
+    exit;
+}
+
+// Get JSON payload
+$json = file_get_contents('php://input');
+$data = json_decode($json, true);
+
+if (JSON_ERROR_NONE !== json_last_error()) {
+    http_response_code(400); // Bad Request
+    echo json_encode(['error' => 'Invalid JSON']);
+    exit;
+}
+$mailLogEntry = new MailLogEntry($data);
+if (!$mailLogEntry->isValid()) {
+    http_response_code(400); // Bad Request
+    echo json_encode(['error' => 'Invalid data']);
+    exit;
+}
+
+// Prepare insert query
+$dbLink = Database::connect(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT);
+
+$query = 'INSERT INTO maillog (timestamp, id, size, from_address, from_domain, to_address, to_domain, subject, clientip, archive, isspam, ishighspam, issaspam, isrblspam, spamwhitelisted, spamblacklisted, sascore, spamreport, virusinfected, nameinfected, otherinfected, report, ismcp, ishighmcp, issamcp, mcpwhitelisted, mcpblacklisted, mcpsascore, mcpreport, hostname, date, time, headers, quarantined, rblspamreport, token, messageid)
+          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
+
+$stmt = $dbLink->prepare($query);
+if (!$stmt) {
+    http_response_code(500); // Internal Server Error
+    echo json_encode(['error' => 'Failed to prepare statement']);
+    exit;
+}
+$stmt->bind_param(
+    'ssisssssssiiiiiiiiiiiissiiiissssssss',
+    $mailLogEntry->timestamp,
+    $mailLogEntry->id,
+    $mailLogEntry->size,
+    $mailLogEntry->from,
+    $mailLogEntry->from_domain,
+    $mailLogEntry->to,
+    $mailLogEntry->to_domain,
+    $mailLogEntry->subject,
+    $mailLogEntry->clientip,
+    $mailLogEntry->archiveplaces,
+    $mailLogEntry->isspam,
+    $mailLogEntry->ishigh,
+    $mailLogEntry->issaspam,
+    $mailLogEntry->isrblspam,
+    $mailLogEntry->spamwhitelisted,
+    $mailLogEntry->spamblacklisted,
+    $mailLogEntry->sascore,
+    $mailLogEntry->spamreport,
+    $mailLogEntry->virusinfected,
+    $mailLogEntry->nameinfected,
+    $mailLogEntry->otherinfected,
+    $mailLogEntry->reports,
+    $mailLogEntry->ismcp,
+    $mailLogEntry->ishighmcp,
+    $mailLogEntry->issamcp,
+    $mailLogEntry->mcpwhitelisted,
+    $mailLogEntry->mcpblacklisted,
+    $mailLogEntry->mcpsascore,
+    $mailLogEntry->mcpreport,
+    $mailLogEntry->hostname,
+    $mailLogEntry->date,
+    $mailLogEntry->time,
+    $mailLogEntry->headers,
+    $mailLogEntry->quarantined,
+    $mailLogEntry->rblspamreport,
+    $mailLogEntry->token,
+    $mailLogEntry->messageid
+);
+
+if ($stmt->execute()) {
+    http_response_code(201); // Created
+    echo json_encode(['success' => 'Data inserted successfully']);
+} else {
+    http_response_code(500); // Internal Server Error
+    echo json_encode(['error' => 'Failed to insert data']);
+}
+
+$stmt->close();
+$dbLink->close();

mailscanner/conf.php.example

@@ -55,6 +55,10 @@ define('SESSION_TIMEOUT', 600);
 // define('MAXMIND_LICENSE_KEY', 'mylicensekey');
 // define('MAXMIND_ACCOUNT_ID', 'myaccountid');
 
+// API KEY - Allow autentication for MailScanner perl module
+// generate a secure unique key, like an UUID or a complex password
+// define('API_KEY', 'change-me-api-key');
+
 // Database settings
 //
 // As this file might be publically readable. It might be very userful to
@@ -327,6 +331,6 @@ define('RESET_LINK_EXPIRE', 1);
 define('STATUSGRAPH_INTERVAL', 60);
 
 //Allow domain admins to create/edit/delete other domain admins from the same domain (not recommended, only for backward compatibility)
-//define('ENABLE_SUPER_DOMAIN_ADMINS',true);
+//define('ENABLE_SUPER_DOMAIN_ADMINS', true);
 //Allow the username of domain admins and normal users to not be in mail format (not recommended, only for backward compatibility)
-//define('ALLOW_NO_USER_DOMAIN',true);
+//define('ALLOW_NO_USER_DOMAIN', true);

mailscanner/functions.php

@@ -83,7 +83,7 @@
     }
 }
 
-// Load the lang file or en if the spicified language is not available
+// Load the lang file or en if the specified language is not available
 if (!is_file(__DIR__ . '/languages/' . $langCode . '.php')) {
     $lang = require __DIR__ . '/languages/en.php';
 } else {

phpstan.dist.neon

@@ -4,6 +4,7 @@ includes:
 parameters:
 	level: 5
 	phpVersion: 80100
+	tmpDir: %currentWorkingDirectory%/.phpstan-cache
 	paths:
 	    - mailscanner
 	    - tools