Ticket #270: send-quarantine-digests.pl

#!/usr/bin/perl -T

# $Id$

########################################################################
# MAIA MAILGUARD LICENSE v.1.0
#
# Copyright 2005 by Robert LeBlanc <rjl@renaissoft.com>
#                and David Morton  <mortonda@dgrmm.net>
# All rights reserved.
#
# PREAMBLE
#
# This License is designed for users of Maia Mailguard
# ("the Software") who wish to support the Maia Mailguard project by
# leaving "Maia Mailguard" branding information in the HTML output
# of the pages generated by the Software, and providing links back
# to the Maia Mailguard home page.  Users who wish to remove this
# branding information should contact the copyright owner to obtain
# a Rebranding License.
#
# DEFINITION OF TERMS
#
# The "Software" refers to Maia Mailguard, including all of the
# associated PHP, Perl, and SQL scripts, documentation files, graphic
# icons and logo images.
#
# GRANT OF LICENSE
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# 3. The end-user documentation included with the redistribution, if
#    any, must include the following acknowledgment:
#
#    "This product includes software developed by Robert LeBlanc
#    <rjl@renaissoft.com>."
#
#    Alternately, this acknowledgment may appear in the software itself,
#    if and wherever such third-party acknowledgments normally appear.
#
# 4. At least one of the following branding conventions must be used:
#
#    a. The Maia Mailguard logo appears in the page-top banner of
#       all HTML output pages in an unmodified form, and links
#       directly to the Maia Mailguard home page; or
#
#    b. The "Powered by Maia Mailguard" graphic appears in the HTML
#       output of all gateway pages that lead to this software,
#       linking directly to the Maia Mailguard home page; or
#
#    c. A separate Rebranding License is obtained from the copyright
#       owner, exempting the Licensee from 4(a) and 4(b), subject to
#       the additional conditions laid out in that license document.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
# TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
########################################################################

use strict;
use DBI;
use POSIX;
use Net::SMTP;
use Template;
use Data::UUID;

# CONFIGURE THIS: Location of your database.cfg file
my $cfg = "/var/amavisd/maia/scripts/database.cfg";

# CONFIGURE THIS: Base URL to maia scripts
my $base_url = "http://example.com/";

# CONFIGURE THIS: template directory
my $template_dir = "/var/amavisd/maia/templates/";

# CONFIGURE THIS: How you want the sorted (choose one per cache type)
#               (note: non spam/ham caches don't have score to sort by)
#  options are:
#  *_sort = "score DIRECTION"
#           = "received_date DIRECTION"
#           = "recipient_id DIRECTION"
# Where DIRECTION is ASC or DESC
my %sort = (
            ham         => "score DESC",  # puts the high scores at the top
            spam        => "score ASC",   # puts the low scroes at the top
            virus       => "received_date DESC",
            banned_file => "received_date DESC",
            bad_header  => "received_date DESC",
           );

my $titles = {  'spam'        =>  "Spam Quarantine",
                'virus'       =>  "Virus Quarantine",
                'banned_file' =>  "Banned File Attachments",
                'bad_header'  =>  "Invalid Email Headers",
                'ham'         =>  "Delivered Email"
             };
# The order of the sections of the digest report
# Valid elements are 'spam', 'ham', 'virus', banned_file', and 'bad_header'
# Omit any of these elements to leave them out of the report

my @report_order = ('spam','ham','virus','banned_file','bad_header');

########################################################################
# End of user-configurable portion.  There should be no need to modify #
# anything below this point.                                           #
########################################################################
sub get_string_key($$);
sub get_config_value($$);
sub phrase_generate();
sub generate_confirm_token($$);

# Read the database configuration file into memory once
open DB_CFG, "<" . $cfg
    or die ("Maia: [send-quarantine-reminders] Unable to open $cfg\n");
my($db_cfg) = "";
my $line;
while ($line = <DB_CFG>) {
    $db_cfg .= $line;
}
close DB_CFG;

# Connect to the database
my $dsn = get_string_key($db_cfg, "dsn");
# The organization of this file makes this a bit obtuse
my $isPg = $dsn =~ /^dbi:Pg/;
my $username = get_string_key($db_cfg, "username");
my $password = get_string_key($db_cfg, "password");
my $dbh = DBI->connect($dsn, $username, $password)
    or die("Can't connect to SQL database");

my($query, $sth, @row, %config_value_cache);
my($admin_email, $smtp_server, $smtp_port);

$query = <<"endSQL;";
  SELECT admin_email, smtp_server, smtp_port
  FROM   maia_config
  WHERE  id = 0
endSQL;

$sth = $dbh->prepare($query)
    or die (sprintf("Maia: [send-quarantine-digests] Couldn't prepare query: %s", $dbh->errstr));
$sth->execute()
    or die (sprintf("Maia: [send-quarantine-digests] Couldn't execute query: %s", $dbh->errstr));

if (@row = $sth->fetchrow_array()) {
    $admin_email = $1 if $row[0] =~ /^(.+@.+\..+)$/si;  # untaint
    $smtp_server = $1 if $row[1] =~ /^(.+)$/si;         # untaint
    $smtp_port = $1 if $row[2] =~ /^([1-9]+[0-9]*)$/si; # untaint
}
$sth->finish();

my $bgcolor;
my $at_least_one = 0;
my $timestamp = time();
my ($secs, $mins, $hours, $day, $mon, $year) = localtime($timestamp);
my $dbtimestamp = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $year+1900, $mon+1, $day, $hours, $mins, $secs);

my $unixTime = $isPg ? "( ROUND(DATE_PART('epoch', NOW())) - ROUND(DATE_PART('epoch', maia_users.last_digest_sent)))"
                     : "(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(maia_users.last_digest_sent)";

$query = <<"endSQL;";
  SELECT   maia_users.id, users.email
  FROM     maia_users, users
  WHERE    maia_users.primary_email_id = users.id
           AND maia_users.quarantine_digest_interval > 0
           AND (maia_users.quarantine_digest_interval <= ($unixTime / 60)
                OR maia_users.last_digest_sent IS NULL)
  ORDER BY maia_users.id ASC
endSQL;

my $users_sth = $dbh->prepare($query)
    or die (sprintf("Maia: [send-quarantine-digests] Couldn't prepare query: %s", $dbh->errstr));
$users_sth->execute()
    or die (sprintf("Maia: [send-quarantine-digests] Couldn't execute query: %s", $dbh->errstr));

# Preparing the same statement over & over is wasteful. Granted,
# performance doesn't really matter in this application, but there is no
# sense in wasting db resources (which COULD be at a premium).

my %report_statements;
while (my($element, $sort) = each(%sort)) {
    next if exists $report_statements{$sort};

    $query = <<"endSQL;";
  SELECT   mmr.token, mm.received_date, mm.score,
           mm.sender_email, mm.subject
  FROM     maia_mail AS mm, maia_mail_recipients AS mmr
  WHERE    mm.id = mmr.mail_id
           AND mmr.type = ?
           AND mmr.recipient_id = ?
  ORDER BY mm.$sort
endSQL;

    $report_statements{$sort} = $dbh->prepare($query)
        or die (sprintf("Maia: [send-quarantine-digests] Couldn't prepare query: %s", $dbh->errstr));
}

$query = <<"endSQL;";
  UPDATE maia_users SET last_digest_sent = ? WHERE id = ?
endSQL;
my $update_sth = $dbh->prepare($query)
    or die (sprintf("Maia: [send-quarantine-digests] Couldn't prepare query: %s", $dbh->errstr));

my $date_add = $isPg ? "NOW() + INTERVAL ? DAY"
                     : "DATE_ADD(NOW(), INTERVAL ? DAY)";
$query = <<"endSQL;";
  INSERT INTO maia_tokens (token_system, token, data, expires)
  VALUES ('digest', ?, ?, $date_add)
endSQL;

my $confirm_sth = $dbh->prepare($query);

while (my @row3 = $users_sth->fetchrow_array()) {
    my $user_id = $1 if $row3[0] =~ /^(\d+)$/si; # untaint
    my $user_email = $1 if $row3[1] =~ /^(.+@.+\..+)$/si; # untaint

    #regenerate template vars for every user, to minimize memory usage
    my %vars = (
                'admin_email'     => $admin_email,
                'date'            => $dbtimestamp,
                'maia_user_id'    => $user_id,
                'recipient'       => $user_email,
                'titles'          => $titles,
                'baseurl'         => $base_url
               );
    my %report_type = (
                       ham         => 'H',
                       spam        => 'S',
                       virus       => 'V',
                       banned_file => 'F',
                       bad_header  => 'B',
                      );

    # We need to use an array to Separate Report Elements, since hashes can't keep reliable ordering
    my $report_count = 0;
    $at_least_one = 0;
    for my $report_element (@report_order) {
        $sth = $report_statements{$sort{$report_element}};
        
        $sth->execute($report_type{$report_element}, $user_id)
            or die (sprintf("Maia: [send-quarantine-digests] Couldn't execute query: %s", $dbh->errstr));
        if ($sth->rows > 0) {
            $at_least_one = 1;
            my $rowcount = 0;
            while (@row = $sth->fetchrow_array()) {
                my $token = $1 if $row[0] =~  /^([a-zA-Z0-9]+)$/si; # untaint
                my $received_date = $1 if $row[1] =~ /^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})$/si; # untaint
                my $score = $1 if $row[2] =~ /^(-?\d+\.\d+)$/si; # untaint
                my $sender = $1 if $row[3] =~ /^(.+\@.+\..+)$/si; # untaint
                my $subject = $1 if $row[4] =~ /^(.*)$/si; # untaint
                if ($subject eq "") {
                    $subject = "(no subject)";
                }

                $vars{'list'}[$report_count]{$report_element}[$rowcount]{'token'} =  $token;
                $vars{'list'}[$report_count]{$report_element}[$rowcount]{'received_date'} =  $received_date;
                if ($report_element eq 'ham' || $report_element eq 'spam') {
                    $vars{'list'}[$report_count]{$report_element}[$rowcount]{'score'} =  $score;
                }

                $vars{'list'}[$report_count]{$report_element}[$rowcount]{'sender'} =  $sender;
                $vars{'list'}[$report_count]{$report_element}[$rowcount]{'subject'} =  $subject;

                $rowcount++;
            }
            $report_count++
        }
        $sth->finish();
    }

    # Send out the e-mail
    if ($at_least_one) {
        $vars{'confirm_token'} = generate_confirm_token($dbh, $user_id);
        my $output = '';
        my $template = Template->new({INCLUDE_PATH => $template_dir,
                                      OUTPUT => \$output });
        $template->process("digest.tpl", \%vars)
            || die "Template process failed: ", $template->error(), "\n";

        print "Sending quarantine digest to <" . $user_email . ">\n";

        my($smtp) = Net::SMTP->new($smtp_server, Port => $smtp_port);
        die "Couldn't connect to SMTP server" unless $smtp;
        $smtp->mail($admin_email);
        $smtp->to($user_email);
        $smtp->data();
        $smtp->datasend($output);
        $smtp->dataend();
        $smtp->quit();

        $update_sth->execute($dbtimestamp, $user_id)
            or die (sprintf("Maia: [send-quarantine-digests] Couldn't execute query: %s", $dbh->errstr));
        $update_sth->finish();

    }
}

# not strictly necessary, since we're about to disconnect, but good
# policy on the whole.
$users_sth->finish();

# Disconnect from the database
$dbh->disconnect;

# We're done.
exit;

# Retrieve the string value associated with a key in the database.cfg file.
sub get_string_key($$) {
    my ($file, $key) = @_;

    if ($file =~ /\n[ \t]*$key[ \t]*=[ \t]*\"(.*)\"/) {
        return ($1);
    } else {
        die ("Maia: [get_db_string_key] Unable to find $key value in $file\n");
    }
}

# Read a single value from Maia's configuration table.
sub get_config_value($$) {
    my($dbh, $key) = @_;
    my($sth, @row, $select);
    my $value = undef;

    return $config_value_cache{$key} if (exists $config_value_cache{$key});

    $select = "SELECT " . $key . " FROM maia_config WHERE id = 0";
    $select = $1 if $select =~ /^(.*)$/si; # untaint
    $sth = $dbh->prepare($select)
        or die (sprintf("Maia: [get_config_value] Couldn't prepare query: %s", $dbh->errstr));
    $sth->execute()
        or die (sprintf("Maia: [get_config_value] Couldn't execute query: %s", $dbh->errstr));
    if (@row = $sth->fetchrow_array()) {
        $value = $row[0];
    }
    $sth->finish;
    $config_value_cache{$key} = $value;
    return $value;
}

#random phrase generated from password generator
#credit: http://web.uconn.edu/~cdavid/cgi-bin/book/make_password_html.pl
sub phrase_generate() {
    my $ug    = new Data::UUID;
    my $uuid = $ug->create_hex();
    $uuid =~ s/0x(.*)/$1/;

    my (@passset,$rnd_passwd,$randum_num);
    @passset = ('A'..'Z','0'..'9');
    $rnd_passwd = "";
    for (my $i = 0; $i<32;$i++) {
        $randum_num = int(rand($#passset+1));
        $rnd_passwd .= $passset[$randum_num];
    }

    return $uuid . $rnd_passwd ;
}

sub generate_confirm_token($$) {
    my ($dbh, $maia_user_id) = @_;
    my $spamexpiry = get_config_value($dbh, "expiry_period");
    my $hamexpiry = get_config_value($dbh, "ham_cache_expiry_period");
    my $days = $spamexpiry > $hamexpiry ? $spamexpiry : $hamexpiry;

    my $unique_string = phrase_generate();

    $confirm_sth->execute($unique_string, $maia_user_id,$days) or die (sprintf("Maia: [send-quarantine-reminders] Couldn't execute query: %s", $dbh->errstr));;
    $confirm_sth->finish();
    return $unique_string;
}