1 package PMG
::Config
::Base
;
8 use PVE
::JSONSchema
qw(get_standard_option);
9 use PVE
::SectionConfig
;
11 use base
qw(PVE::SectionConfig);
15 type
=> { description
=> "Section type." },
17 description
=> "Secion ID.",
18 type
=> 'string', format
=> 'pve-configid',
27 sub format_section_header
{
28 my ($class, $type, $sectionId) = @_;
30 if ($type eq 'ldap') {
31 $sectionId =~ s/^ldap_//;
32 return "$type: $sectionId\n";
34 return "section: $type\n";
39 sub parse_section_header
{
40 my ($class, $line) = @_;
42 if ($line =~ m/^(ldap|section):\s*(\S+)\s*$/) {
43 my ($raw_type, $raw_id) = (lc($1), $2);
44 my $type = $raw_type eq 'section' ?
$raw_id : $raw_type;
45 my $section_id = "${raw_type}_${raw_id}";
46 my $errmsg = undef; # set if you want to skip whole section
47 eval { PVE
::JSONSchema
::pve_verify_configid
($raw_id); };
49 my $config = {}; # to return additional attributes
50 return ($type, $section_id, $errmsg, $config);
55 package PMG
::Config
::Admin
;
60 use base
qw(PMG::Config::Base);
69 description
=> "Send daily reports.",
74 description
=> "Demo mode - do not start SMTP filter.",
79 description
=> "Administrator E-Mail address.",
80 type
=> 'string', format
=> 'email',
81 default => 'admin@domain.tld',
84 description
=> "HTTP proxy port.",
90 description
=> "HTTP proxy server address.",
94 description
=> "HTTP proxy user name.",
98 description
=> "HTTP proxy password.",
106 dailyreport
=> { optional
=> 1 },
107 demo
=> { optional
=> 1 },
108 proxyport
=> { optional
=> 1 },
109 proxyserver
=> { optional
=> 1 },
110 proxyuser
=> { optional
=> 1 },
111 proxypassword
=> { optional
=> 1 },
115 package PMG
::Config
::Spam
;
120 use base
qw(PMG::Config::Base);
129 description
=> "This option is used to specify which languages are considered OK for incoming mail.",
131 pattern
=> '(all|([a-z][a-z])+( ([a-z][a-z])+)*)',
135 description
=> "Whether to use the naive-Bayesian-style classifier.",
140 description
=> "Use the Auto-Whitelist plugin.",
145 description
=> "Whether to use Razor2, if it is available.",
150 description
=> "Enable OCR to scan pictures.",
154 wl_bounce_relays
=> {
155 description
=> "Whitelist legitimate bounce relays.",
159 description
=> "Additional score for bounce mails.",
166 description
=> "Enable real time blacklists (RBL) checks.",
171 description
=> "Maximum size of spam messages in bytes.",
181 use_awl
=> { optional
=> 1 },
182 use_razor
=> { optional
=> 1 },
183 use_ocr
=> { optional
=> 1 },
184 wl_bounce_relays
=> { optional
=> 1 },
185 languages
=> { optional
=> 1 },
186 use_bayes
=> { optional
=> 1 },
187 bounce_score
=> { optional
=> 1 },
188 rbl_checks
=> { optional
=> 1 },
189 maxspamsize
=> { optional
=> 1 },
193 package PMG
::Config
::ClamAV
;
198 use base
qw(PMG::Config::Base);
207 description
=> "ClamAV database mirror server.",
209 default => 'database.clamav.net',
211 archiveblockencrypted
=> {
212 description
=> "Wether to block encrypted archives. Mark encrypted archives as viruses.",
217 description
=> "Nested archives are scanned recursively, e.g. if a ZIP archive contains a TAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: setting this limit too high may result in severe damage to the system.",
222 description
=> "Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.",
228 description
=> "Files larger than this limit won't be scanned.",
234 description
=> "Sets the maximum amount of data to be scanned for each input file.",
237 default => 100000000,
240 description
=> "This option sets the lowest number of Credit Card or Social Security numbers found in a file to generate a detect.",
250 archiveblockencrypted
=> { optional
=> 1 },
251 archivemaxrec
=> { optional
=> 1 },
252 archivemaxfiles
=> { optional
=> 1 },
253 archivemaxsize
=> { optional
=> 1 },
254 maxscansize
=> { optional
=> 1 },
255 dbmirror
=> { optional
=> 1 },
256 maxcccount
=> { optional
=> 1 },
260 package PMG
::Config
::LDAP
;
265 use base
qw(PMG::Config::Base);
274 description
=> "LDAP protocol mode ('ldap' or 'ldaps').",
276 enum
=> ['ldap', 'ldaps'],
284 mode
=> { optional
=> 1 },
288 package PMG
::Config
::Mail
;
293 use PVE
::ProcFSTools
;
295 use base
qw(PMG::Config::Base);
302 sub physical_memory
{
304 return $physicalmem if $physicalmem;
306 my $info = PVE
::ProcFSTools
::read_meminfo
();
307 my $total = int($info->{memtotal
} / (1024*1024));
312 sub get_max_filters
{
313 # estimate optimal number of filter servers
317 my $memory = physical_memory
();
318 my $add_servers = int(($memory - 512)/$servermem);
319 $max_servers += $add_servers if $add_servers > 0;
320 $max_servers = 40 if $max_servers > 40;
322 return $max_servers - 2;
326 # estimate optimal number of smtpd daemons
328 my $max_servers = 25;
330 my $memory = physical_memory
();
331 my $add_servers = int(($memory - 512)/$servermem);
332 $max_servers += $add_servers if $add_servers > 0;
333 $max_servers = 100 if $max_servers > 100;
341 description
=> "The default mail delivery transport (incoming mails).",
345 description
=> "SMTP port number for relay host.",
352 description
=> "Disable MX lookups for default relay.",
357 description
=> "When set, all outgoing mails are deliverd to the specified smarthost.",
361 description
=> "ESMTP banner.",
364 default => 'ESMTP Proxmox',
367 description
=> "Maximum number of filter processes.",
371 default => get_max_filters
(),
374 description
=> "Maximum number of SMTP daemon processes (in).",
378 default => get_max_smtpd
(),
381 description
=> "Maximum number of SMTP daemon processes (out).",
385 default => get_max_smtpd
(),
387 conn_count_limit
=> {
388 description
=> "How many simultaneous connections any client is allowed to make to this service. To disable this feature, specify a limit of 0.",
394 description
=> "The maximal number of connection attempts any client is allowed to make to this service per minute. To disable this feature, specify a limit of 0.",
399 message_rate_limit
=> {
400 description
=> "The maximal number of message delivery requests that any client is allowed to make to this service per minute.To disable this feature, specify a limit of 0.",
406 description
=> "Hide received header in outgoing mails.",
411 description
=> "Maximum email size. Larger mails are rejected.",
414 default => 1024*1024*10,
417 description
=> "SMTP delay warning time (in hours).",
423 descriptions
=> "Use Realtime Blacklists.",
428 descriptions
=> "Use TLS.",
433 descriptions
=> "Use Sender Policy Framework.",
438 descriptions
=> "Use Greylisting.",
443 descriptions
=> "Use SMTP HELO tests.",
448 descriptions
=> "Reject unknown clients.",
452 rejectunknownsender
=> {
453 descriptions
=> "Reject unknown senders.",
458 description
=> "Enable receiver verification. The value (if greater than 0) spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address (450 or 550).",
465 description
=> "Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).",
473 relay
=> { optional
=> 1 },
474 relayport
=> { optional
=> 1 },
475 relaynomx
=> { optional
=> 1 },
476 dwarning
=> { optional
=> 1 },
477 max_smtpd_in
=> { optional
=> 1 },
478 max_smtpd_out
=> { optional
=> 1 },
479 greylist
=> { optional
=> 1 },
480 helotests
=> { optional
=> 1 },
481 use_rbl
=> { optional
=> 1 },
482 tls
=> { optional
=> 1 },
483 spf
=> { optional
=> 1 },
484 maxsize
=> { optional
=> 1 },
485 banner
=> { optional
=> 1 },
486 max_filters
=> { optional
=> 1 },
487 hide_received
=> { optional
=> 1 },
488 rejectunknown
=> { optional
=> 1 },
489 rejectunknownsender
=> { optional
=> 1 },
490 conn_count_limit
=> { optional
=> 1 },
491 conn_rate_limit
=> { optional
=> 1 },
492 message_rate_limit
=> { optional
=> 1 },
493 verifyreceivers
=> { optional
=> 1 },
494 dnsbl_sites
=> { optional
=> 1 },
511 PMG
::Config
::Admin-
>register();
512 PMG
::Config
::Mail-
>register();
513 PMG
::Config
::Spam-
>register();
514 PMG
::Config
::LDAP-
>register();
515 PMG
::Config
::ClamAV-
>register();
517 # initialize all plugins
518 PMG
::Config
::Base-
>init();
524 my $class = ref($type) || $type;
526 my $cfg = PVE
::INotify
::read_file
("pmg.conf");
528 return bless $cfg, $class;
532 # this does not work for ldap entries
534 my ($self, $section, $key, $value) = @_;
536 my $pdata = PMG
::Config
::Base-
>private();
538 die "internal error" if $section eq 'ldap';
540 my $plugin = $pdata->{plugins
}->{$section};
541 die "no such section '$section'" if !$plugin;
543 my $configid = "section_$section";
544 if (defined($value)) {
545 my $tmp = PMG
::Config
::Base-
>check_value($section, $key, $value, $section, 0);
546 print Dumper
($self->{ids
});
547 $self->{ids
}->{$configid} = { type
=> $section } if !defined($self->{ids
}->{$configid});
548 $self->{ids
}->{$configid}->{$key} = PMG
::Config
::Base-
>decode_value($section, $key, $tmp);
550 if (defined($self->{ids
}->{$configid})) {
551 delete $self->{ids
}->{$configid}->{$key};
558 # get section value or default
559 # this does not work for ldap entries
561 my ($self, $section, $key) = @_;
563 my $pdata = PMG
::Config
::Base-
>private();
564 return undef if !defined($pdata->{options
}->{$section});
565 return undef if !defined($pdata->{options
}->{$section}->{$key});
566 my $pdesc = $pdata->{propertyList
}->{$key};
567 return undef if !defined($pdesc);
569 my $configid = "section_$section";
570 if (defined($self->{ids
}->{$configid}) &&
571 defined(my $value = $self->{ids
}->{$configid}->{$key})) {
575 return $pdesc->{default};
578 # get a whole section with default value
579 # this does not work for ldap entries
581 my ($self, $section) = @_;
583 my $pdata = PMG
::Config
::Base-
>private();
584 return undef if !defined($pdata->{options
}->{$section});
588 foreach my $key (keys %{$pdata->{options
}->{$section}}) {
590 my $pdesc = $pdata->{propertyList
}->{$key};
592 my $configid = "section_$section";
593 if (defined($self->{ids
}->{$configid}) &&
594 defined(my $value = $self->{ids
}->{$configid}->{$key})) {
595 $res->{$key} = $value;
598 $res->{$key} = $pdesc->{default};
604 # get a whole config with default values
605 # this does not work for ldap entries
609 my $pdata = PMG
::Config
::Base-
>private();
613 foreach my $type (keys %{$pdata->{plugins
}}) {
614 next if $type eq 'ldap';
615 my $plugin = $pdata->{plugins
}->{$type};
616 $res->{$type} = $self->get_section($type);
623 my ($filename, $fh) = @_;
625 local $/ = undef; # slurp mode
629 return PMG
::Config
::Base-
>parse_config($filename, $raw);
633 my ($filename, $fh, $cfg) = @_;
635 my $raw = PMG
::Config
::Base-
>write_config($filename, $cfg);
637 PVE
::Tools
::safe_print
($filename, $fh, $raw);
640 PVE
::INotify
::register_file
('pmg.conf', "/etc/proxmox/pmg.conf",
644 # parsers/writers for other files
646 my $domainsfilename = "/etc/proxmox/domains";
648 sub read_pmg_domains
{
649 my ($filename, $fh) = @_;
654 while (defined(my $line = <$fh>)) {
655 if ($line =~ m/^\s*(\S+)\s*$/) {
657 push @$domains, $domain;
665 sub write_pmg_domains
{
666 my ($filename, $fh, $domain) = @_;
668 foreach my $domain (sort @$domain) {
669 PVE
::Tools
::safe_print
($filename, $fh, "$domain\n");
673 PVE
::INotify
::register_file
('domains', $domainsfilename,
676 undef, always_call_parser
=> 1);
679 # config file generation using templates
681 sub rewrite_config_file
{
682 my ($self, $tmplname, $dstfn) = @_;
684 my $demo = $self->get('admin', 'demo');
686 my $srcfn = ($tmplname =~ m
|^.?
/|) ?
687 $tmplname : "/var/lib/pmg/templates/$tmplname";
690 my $demosrc = "$srcfn.demo";
691 $srcfn = $demosrc if -f
$demosrc;
694 my $srcfd = IO
::File-
>new ($srcfn, "r")
695 || die "cant read template '$srcfn' - $!: ERROR";
696 my $dstfd = PMG
::AtomicFile-
>open ($dstfn, "w")
697 || die "cant open config file '$dstfn' - $!: ERROR";
699 if ($dstfn eq '/etc/fetchmailrc') {
700 my ($login, $pass, $uid, $gid) = getpwnam('fetchmail');
702 chown($uid, $gid, ${*$dstfd}{'io_atomicfile_temp'});
704 chmod (0600, ${*$dstfd}{'io_atomicfile_temp'});
705 } elsif ($dstfn eq '/etc/clamav/freshclam.conf') {
706 # needed if file contains a HTTPProxyPasswort
708 my $uid = getpwnam('clamav');
709 my $gid = getgrnam('adm');
712 chown ($uid, $gid, ${*$dstfd}{'io_atomicfile_temp'});
714 chmod (0600, ${*$dstfd}{'io_atomicfile_temp'});
717 my $template = Template-
>new({});
719 my $vars = { pmg
=> $self->get_config() };
721 my $nodename = PVE
::INotify
::nodename
();
722 my $int_ip = PMG
::Cluster
::remote_node_ip
($nodename);
723 my $int_net_cidr = PMG
::Utils
::find_local_network_for_ip
($int_ip);
725 $vars->{ipconfig
}->{int_ip
} = $int_ip;
726 # $vars->{ipconfig}->{int_net_cidr} = $int_net_cidr;
727 $vars->{ipconfig
}->{int_port
} = 26;
728 $vars->{ipconfig
}->{ext_port
} = 25;
730 my $transportnets = []; # fixme
731 $vars->{postfix
}->{transportnets
} = join(' ', @$transportnets);
733 my $mynetworks = [ '127.0.0.0/8', '[::1]/128' ];
734 push @$mynetworks, @$transportnets;
735 push @$mynetworks, $int_net_cidr;
737 # add default relay to mynetworks
738 if (my $relay = $self->get('mail', 'relay')) {
739 if (Net
::IP
::ip_is_ipv4
($relay)) {
740 push @$mynetworks, "$relay/32";
741 } elsif (Net
::IP
::ip_is_ipv6
($relay)) {
742 push @$mynetworks, "[$relay]/128";
744 warn "unable to detect IP version of relay '$relay'";
748 $vars->{postfix
}->{mynetworks
} = join(' ', @$mynetworks);
751 $usepolicy = 1 if $self->get('mail', 'greylist') ||
752 $self->get('mail', 'spf') || $self->get('mail', 'use_rbl');
753 $vars->{postfix
}->{usepolicy
} = $usepolicy;
755 my $resolv = PVE
::INotify
::read_file
('resolvconf');
756 $vars->{dns
}->{hostname
} = $nodename;
757 $vars->{dns
}->{domain
} = $resolv->{search
};
759 $template->process($srcfd, $vars, $dstfd) ||
760 die $template->error();
766 sub rewrite_config_script
{
767 my ($self, $tmplname, $dstfn) = @_;
769 $self->rewrite_config_file($tmplname, $dstfn);
770 system("chmod +x $dstfn");
773 # rewrite spam configuration
774 sub rewrite_config_spam
{
777 my $use_awl = $self->get('spam', 'use_awl');
778 my $use_bayes = $self->get('spam', 'use_bayes');
779 my $use_razor = $self->get('spam', 'use_razor');
781 # delete AW and bayes databases if those features are disabled
782 unlink '/root/.spamassassin/auto-whitelist' if !$use_awl;
784 unlink '/root/.spamassassin/bayes_journal';
785 unlink '/root/.spamassassin/bayes_seen';
786 unlink '/root/.spamassassin/bayes_toks';
789 # make sure we have a custom.cf file (else cluster sync fails)
790 IO
::File-
>new('/etc/mail/spamassassin/custom.cf', 'a', 0644);
792 $self->rewrite_config_file('local.cf.in', '/etc/mail/spamassassin/local.cf');
793 $self->rewrite_config_file('init.pre.in', '/etc/mail/spamassassin/init.pre');
794 $self->rewrite_config_file('v310.pre.in', '/etc/mail/spamassassin/v310.pre');
795 $self->rewrite_config_file('v320.pre.in', '/etc/mail/spamassassin/v320.pre');
798 mkdir "/root/.razor";
799 $self->rewrite_config_file('razor-agent.conf.in', '/root/.razor/razor-agent.conf');
800 if (! -e
'/root/.razor/identity') {
803 PVE
::Tools
::run_command
(['razor-admin', '-discover'], timeout
=> $timeout);
804 PVE
::Tools
::run_command
(['razor-admin', '-register'], timeout
=> $timeout);
807 syslog
('info', msgquote
("registering razor failed: $err")) if $err;
812 # rewrite ClamAV configuration
813 sub rewrite_config_clam
{
816 $self->rewrite_config_file('clamd.conf.in', '/etc/clamav/clamd.conf');
817 $self->rewrite_config_file('freshclam.conf.in', '/etc/clamav/freshclam.conf');
820 sub rewrite_config_postgres
{
823 my $pgconfdir = "/etc/postgresql/9.6/main";
825 $self->rewrite_config_file('pg_hba.conf.in', "$pgconfdir/pg_hba.conf");
826 $self->rewrite_config_file('postgresql.conf.in', "$pgconfdir/postgresql.conf");
829 # rewrite /root/.forward
830 sub rewrite_dot_forward
{
833 my $fname = '/root/.forward';
835 my $email = $self->get('administration', 'email');
836 open(TMP
, ">$fname");
837 if ($email && $email =~ m/\s*(\S+)\s*/) {
840 # empty .forward does not forward mails (see man local)
845 # rewrite /etc/postfix/*
846 sub rewrite_config_postfix
{
849 # make sure we have a domains file (else postfix start fails)
850 IO
::File-
>new($domainsfilename, 'a', 0644);
852 if ($self->get('mail', 'tls')) {
854 my $resolv = PVE
::INotify
::read_file
('resolvconf');
855 my $domain = $resolv->{search
};
857 my $company = $domain; # what else ?
858 my $cn = "*.$domain";
859 PMG
::Utils
::gen_proxmox_tls_cert
(0, $company, $cn);
861 syslog
('info', msgquote
("generating certificate failed: $@")) if $@;
864 $self->rewrite_config_file('main.cf.in', '/etc/postfix/main.cf');
865 $self->rewrite_config_file('master.cf.in', '/etc/postfix/master.cf');
866 #rewrite_config_transports ($class);
867 #rewrite_config_whitelist ($class);
868 #rewrite_config_tls_policy ($class);
870 # make sure aliases.db is up to date
871 system('/usr/bin/newaliases');
877 $self->rewrite_config_postfix();
878 $self->rewrite_dot_forward();
879 $self->rewrite_config_postgres();
880 $self->rewrite_config_spam();
881 $self->rewrite_config_clam();