]> git.proxmox.com Git - pmg-api.git/blob - PMG/Config.pm
projects / pmg-api.git / blob
? search:


a3fa4ace73d59979fd12e057776123ab6717cf93
[pmg-api.git] / PMG / Config.pm
1 package PMG::Config::Base;
2
3 use strict;
4 use warnings;
5 use URI;
6 use Data::Dumper;
7
8 use PVE::Tools;
9 use PVE::JSONSchema qw(get_standard_option);
10 use PVE::SectionConfig;
11
12 use base qw(PVE::SectionConfig);
13
14 my $defaultData = {
15 propertyList => {
16 type => { description => "Section type." },
17 section => {
18 description => "Secion ID.",
19 type => 'string', format => 'pve-configid',
20 },
21 },
22 };
23
24 sub private {
25 return $defaultData;
26 }
27
28 sub format_section_header {
29 my ($class, $type, $sectionId) = @_;
30
31 die "internal error ($type ne $sectionId)" if $type ne $sectionId;
32
33 return "section: $type\n";
34 }
35
36
37 sub parse_section_header {
38 my ($class, $line) = @_;
39
40 if ($line =~ m/^section:\s*(\S+)\s*$/) {
41 my $section = $1;
42 my $errmsg = undef; # set if you want to skip whole section
43 eval { PVE::JSONSchema::pve_verify_configid($section); };
44 $errmsg = $@ if $@;
45 my $config = {}; # to return additional attributes
46 return ($section, $section, $errmsg, $config);
47 }
48 return undef;
49 }
50
51 package PMG::Config::Admin;
52
53 use strict;
54 use warnings;
55
56 use base qw(PMG::Config::Base);
57
58 sub type {
59 return 'admin';
60 }
61
62 sub properties {
63 return {
64 advfilter => {
65 description => "Use advanced filters for statistic.",
66 type => 'boolean',
67 default => 1,
68 },
69 dailyreport => {
70 description => "Send daily reports.",
71 type => 'boolean',
72 default => 1,
73 },
74 statlifetime => {
75 description => "User Statistics Lifetime (days)",
76 type => 'integer',
77 default => 7,
78 minimum => 1,
79 },
80 demo => {
81 description => "Demo mode - do not start SMTP filter.",
82 type => 'boolean',
83 default => 0,
84 },
85 email => {
86 description => "Administrator E-Mail address.",
87 type => 'string', format => 'email',
88 default => 'admin@domain.tld',
89 },
90 http_proxy => {
91 description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
92 type => 'string',
93 pattern => "http://.*",
94 },
95 avast => {
96 description => "Use Avast Virus Scanner (/bin/scan). You need to buy and install 'Avast Core Security' before you can enable this feature.",
97 type => 'boolean',
98 default => 0,
99 },
100 clamav => {
101 description => "Use ClamAV Virus Scanner. This is the default virus scanner and is enabled by default.",
102 type => 'boolean',
103 default => 1,
104 },
105 };
106 }
107
108 sub options {
109 return {
110 advfilter => { optional => 1 },
111 avast => { optional => 1 },
112 clamav => { optional => 1 },
113 statlifetime => { optional => 1 },
114 dailyreport => { optional => 1 },
115 demo => { optional => 1 },
116 email => { optional => 1 },
117 http_proxy => { optional => 1 },
118 };
119 }
120
121 package PMG::Config::Spam;
122
123 use strict;
124 use warnings;
125
126 use base qw(PMG::Config::Base);
127
128 sub type {
129 return 'spam';
130 }
131
132 sub properties {
133 return {
134 languages => {
135 description => "This option is used to specify which languages are considered OK for incoming mail.",
136 type => 'string',
137 pattern => '(all|([a-z][a-z])+( ([a-z][a-z])+)*)',
138 default => 'all',
139 },
140 use_bayes => {
141 description => "Whether to use the naive-Bayesian-style classifier.",
142 type => 'boolean',
143 default => 1,
144 },
145 use_awl => {
146 description => "Use the Auto-Whitelist plugin.",
147 type => 'boolean',
148 default => 1,
149 },
150 use_razor => {
151 description => "Whether to use Razor2, if it is available.",
152 type => 'boolean',
153 default => 1,
154 },
155 wl_bounce_relays => {
156 description => "Whitelist legitimate bounce relays.",
157 type => 'string',
158 },
159 clamav_heuristic_score => {
160 description => "Score for ClamaAV heuristics (Google Safe Browsing database, PhishingScanURLs, ...).",
161 type => 'integer',
162 minimum => 0,
163 maximum => 1000,
164 default => 3,
165 },
166 bounce_score => {
167 description => "Additional score for bounce mails.",
168 type => 'integer',
169 minimum => 0,
170 maximum => 1000,
171 default => 0,
172 },
173 rbl_checks => {
174 description => "Enable real time blacklists (RBL) checks.",
175 type => 'boolean',
176 default => 1,
177 },
178 maxspamsize => {
179 description => "Maximum size of spam messages in bytes.",
180 type => 'integer',
181 minimum => 64,
182 default => 256*1024,
183 },
184 };
185 }
186
187 sub options {
188 return {
189 use_awl => { optional => 1 },
190 use_razor => { optional => 1 },
191 wl_bounce_relays => { optional => 1 },
192 languages => { optional => 1 },
193 use_bayes => { optional => 1 },
194 clamav_heuristic_score => { optional => 1 },
195 bounce_score => { optional => 1 },
196 rbl_checks => { optional => 1 },
197 maxspamsize => { optional => 1 },
198 };
199 }
200
201 package PMG::Config::SpamQuarantine;
202
203 use strict;
204 use warnings;
205
206 use base qw(PMG::Config::Base);
207
208 sub type {
209 return 'spamquar';
210 }
211
212 sub properties {
213 return {
214 lifetime => {
215 description => "Quarantine life time (days)",
216 type => 'integer',
217 minimum => 1,
218 default => 7,
219 },
220 authmode => {
221 description => "Authentication mode to access the quarantine interface. Mode 'ticket' allows login using tickets sent with the daily spam report. Mode 'ldap' requires to login using an LDAP account. Finally, mode 'ldapticket' allows both ways.",
222 type => 'string',
223 enum => [qw(ticket ldap ldapticket)],
224 default => 'ticket',
225 },
226 reportstyle => {
227 description => "Spam report style.",
228 type => 'string',
229 enum => [qw(none short verbose custom)],
230 default => 'verbose',
231 },
232 viewimages => {
233 description => "Allow to view images.",
234 type => 'boolean',
235 default => 1,
236 },
237 allowhrefs => {
238 description => "Allow to view hyperlinks.",
239 type => 'boolean',
240 default => 1,
241 },
242 hostname => {
243 description => "Quarantine Host. Useful if you run a Cluster and want users to connect to a specific host.",
244 type => 'string', format => 'address',
245 },
246 port => {
247 description => "Quarantine Port. Useful if you have a reverse proxy or port forwarding for the webinterface. Only used for the generated Spam report.",
248 type => 'integer',
249 minimum => 1,
250 maximum => 65535,
251 default => 8006,
252 },
253 protocol => {
254 description => "Quarantine Webinterface Protocol. Useful if you have a reverse proxy for the webinterface. Only used for the generated Spam report.",
255 type => 'string',
256 enum => [qw(http https)],
257 default => 'https',
258 },
259 mailfrom => {
260 description => "Text for 'From' header in daily spam report mails.",
261 type => 'string',
262 },
263 };
264 }
265
266 sub options {
267 return {
268 mailfrom => { optional => 1 },
269 hostname => { optional => 1 },
270 lifetime => { optional => 1 },
271 authmode => { optional => 1 },
272 reportstyle => { optional => 1 },
273 viewimages => { optional => 1 },
274 allowhrefs => { optional => 1 },
275 port => { optional => 1 },
276 protocol => { optional => 1 },
277 };
278 }
279
280 package PMG::Config::VirusQuarantine;
281
282 use strict;
283 use warnings;
284
285 use base qw(PMG::Config::Base);
286
287 sub type {
288 return 'virusquar';
289 }
290
291 sub properties {
292 return {};
293 }
294
295 sub options {
296 return {
297 lifetime => { optional => 1 },
298 viewimages => { optional => 1 },
299 allowhrefs => { optional => 1 },
300 };
301 }
302
303 package PMG::Config::ClamAV;
304
305 use strict;
306 use warnings;
307
308 use base qw(PMG::Config::Base);
309
310 sub type {
311 return 'clamav';
312 }
313
314 sub properties {
315 return {
316 dbmirror => {
317 description => "ClamAV database mirror server.",
318 type => 'string',
319 default => 'database.clamav.net',
320 },
321 archiveblockencrypted => {
322 description => "Wether to block encrypted archives. Mark encrypted archives as viruses.",
323 type => 'boolean',
324 default => 0,
325 },
326 archivemaxrec => {
327 description => "Nested archives are scanned recursively, e.g. if a ZIP archive contains a TAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: setting this limit too high may result in severe damage to the system.",
328 type => 'integer',
329 minimum => 1,
330 default => 5,
331 },
332 archivemaxfiles => {
333 description => "Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.",
334 type => 'integer',
335 minimum => 0,
336 default => 1000,
337 },
338 archivemaxsize => {
339 description => "Files larger than this limit won't be scanned.",
340 type => 'integer',
341 minimum => 1000000,
342 default => 25000000,
343 },
344 maxscansize => {
345 description => "Sets the maximum amount of data to be scanned for each input file.",
346 type => 'integer',
347 minimum => 1000000,
348 default => 100000000,
349 },
350 maxcccount => {
351 description => "This option sets the lowest number of Credit Card or Social Security numbers found in a file to generate a detect.",
352 type => 'integer',
353 minimum => 0,
354 default => 0,
355 },
356 safebrowsing => {
357 description => "Enables support for Google Safe Browsing.",
358 type => 'boolean',
359 default => 1
360 },
361 };
362 }
363
364 sub options {
365 return {
366 archiveblockencrypted => { optional => 1 },
367 archivemaxrec => { optional => 1 },
368 archivemaxfiles => { optional => 1 },
369 archivemaxsize => { optional => 1 },
370 maxscansize => { optional => 1 },
371 dbmirror => { optional => 1 },
372 maxcccount => { optional => 1 },
373 safebrowsing => { optional => 1 },
374 };
375 }
376
377 package PMG::Config::Mail;
378
379 use strict;
380 use warnings;
381
382 use PVE::ProcFSTools;
383
384 use base qw(PMG::Config::Base);
385
386 sub type {
387 return 'mail';
388 }
389
390 my $physicalmem = 0;
391 sub physical_memory {
392
393 return $physicalmem if $physicalmem;
394
395 my $info = PVE::ProcFSTools::read_meminfo();
396 my $total = int($info->{memtotal} / (1024*1024));
397
398 return $total;
399 }
400
401 sub get_max_filters {
402 # estimate optimal number of filter servers
403
404 my $max_servers = 5;
405 my $servermem = 120;
406 my $memory = physical_memory();
407 my $add_servers = int(($memory - 512)/$servermem);
408 $max_servers += $add_servers if $add_servers > 0;
409 $max_servers = 40 if $max_servers > 40;
410
411 return $max_servers - 2;
412 }
413
414 sub get_max_smtpd {
415 # estimate optimal number of smtpd daemons
416
417 my $max_servers = 25;
418 my $servermem = 20;
419 my $memory = physical_memory();
420 my $add_servers = int(($memory - 512)/$servermem);
421 $max_servers += $add_servers if $add_servers > 0;
422 $max_servers = 100 if $max_servers > 100;
423 return $max_servers;
424 }
425
426 sub get_max_policy {
427 # estimate optimal number of proxpolicy servers
428 my $max_servers = 2;
429 my $memory = physical_memory();
430 $max_servers = 5 if $memory >= 500;
431 return $max_servers;
432 }
433
434 sub properties {
435 return {
436 int_port => {
437 description => "SMTP port number for outgoing mail (trusted).",
438 type => 'integer',
439 minimum => 1,
440 maximum => 65535,
441 default => 26,
442 },
443 ext_port => {
444 description => "SMTP port number for incoming mail (untrusted). This must be a different number than 'int_port'.",
445 type => 'integer',
446 minimum => 1,
447 maximum => 65535,
448 default => 25,
449 },
450 relay => {
451 description => "The default mail delivery transport (incoming mails).",
452 type => 'string', format => 'address',
453 },
454 relayport => {
455 description => "SMTP port number for relay host.",
456 type => 'integer',
457 minimum => 1,
458 maximum => 65535,
459 default => 25,
460 },
461 relaynomx => {
462 description => "Disable MX lookups for default relay.",
463 type => 'boolean',
464 default => 0,
465 },
466 smarthost => {
467 description => "When set, all outgoing mails are deliverd to the specified smarthost.",
468 type => 'string', format => 'address',
469 },
470 smarthostport => {
471 description => "SMTP port number for smarthost.",
472 type => 'integer',
473 minimum => 1,
474 maximum => 65535,
475 default => 25,
476 },
477 banner => {
478 description => "ESMTP banner.",
479 type => 'string',
480 maxLength => 1024,
481 default => 'ESMTP Proxmox',
482 },
483 max_filters => {
484 description => "Maximum number of pmg-smtp-filter processes.",
485 type => 'integer',
486 minimum => 3,
487 maximum => 40,
488 default => get_max_filters(),
489 },
490 max_policy => {
491 description => "Maximum number of pmgpolicy processes.",
492 type => 'integer',
493 minimum => 2,
494 maximum => 10,
495 default => get_max_policy(),
496 },
497 max_smtpd_in => {
498 description => "Maximum number of SMTP daemon processes (in).",
499 type => 'integer',
500 minimum => 3,
501 maximum => 100,
502 default => get_max_smtpd(),
503 },
504 max_smtpd_out => {
505 description => "Maximum number of SMTP daemon processes (out).",
506 type => 'integer',
507 minimum => 3,
508 maximum => 100,
509 default => get_max_smtpd(),
510 },
511 conn_count_limit => {
512 description => "How many simultaneous connections any client is allowed to make to this service. To disable this feature, specify a limit of 0.",
513 type => 'integer',
514 minimum => 0,
515 default => 50,
516 },
517 conn_rate_limit => {
518 description => "The maximal number of connection attempts any client is allowed to make to this service per minute. To disable this feature, specify a limit of 0.",
519 type => 'integer',
520 minimum => 0,
521 default => 0,
522 },
523 message_rate_limit => {
524 description => "The maximal number of message delivery requests that any client is allowed to make to this service per minute.To disable this feature, specify a limit of 0.",
525 type => 'integer',
526 minimum => 0,
527 default => 0,
528 },
529 hide_received => {
530 description => "Hide received header in outgoing mails.",
531 type => 'boolean',
532 default => 0,
533 },
534 maxsize => {
535 description => "Maximum email size. Larger mails are rejected.",
536 type => 'integer',
537 minimum => 1024,
538 default => 1024*1024*10,
539 },
540 dwarning => {
541 description => "SMTP delay warning time (in hours).",
542 type => 'integer',
543 minimum => 0,
544 default => 4,
545 },
546 tls => {
547 description => "Enable TLS.",
548 type => 'boolean',
549 default => 0,
550 },
551 tlslog => {
552 description => "Enable TLS Logging.",
553 type => 'boolean',
554 default => 0,
555 },
556 tlsheader => {
557 description => "Add TLS received header.",
558 type => 'boolean',
559 default => 0,
560 },
561 spf => {
562 description => "Use Sender Policy Framework.",
563 type => 'boolean',
564 default => 1,
565 },
566 greylist => {
567 description => "Use Greylisting.",
568 type => 'boolean',
569 default => 1,
570 },
571 helotests => {
572 description => "Use SMTP HELO tests.",
573 type => 'boolean',
574 default => 0,
575 },
576 rejectunknown => {
577 description => "Reject unknown clients.",
578 type => 'boolean',
579 default => 0,
580 },
581 rejectunknownsender => {
582 description => "Reject unknown senders.",
583 type => 'boolean',
584 default => 0,
585 },
586 verifyreceivers => {
587 description => "Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.",
588 type => 'string',
589 enum => ['450', '550'],
590 },
591 dnsbl_sites => {
592 description => "Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).",
593 type => 'string', format => 'dnsbl-entry-list',
594 },
595 dnsbl_threshold => {
596 description => "The inclusive lower bound for blocking a remote SMTP client, based on its combined DNSBL score (see postscreen_dnsbl_threshold parameter).",
597 type => 'integer',
598 minimum => 0,
599 default => 1
600 },
601 };
602 }
603
604 sub options {
605 return {
606 int_port => { optional => 1 },
607 ext_port => { optional => 1 },
608 smarthost => { optional => 1 },
609 smarthostport => { optional => 1 },
610 relay => { optional => 1 },
611 relayport => { optional => 1 },
612 relaynomx => { optional => 1 },
613 dwarning => { optional => 1 },
614 max_smtpd_in => { optional => 1 },
615 max_smtpd_out => { optional => 1 },
616 greylist => { optional => 1 },
617 helotests => { optional => 1 },
618 tls => { optional => 1 },
619 tlslog => { optional => 1 },
620 tlsheader => { optional => 1 },
621 spf => { optional => 1 },
622 maxsize => { optional => 1 },
623 banner => { optional => 1 },
624 max_filters => { optional => 1 },
625 max_policy => { optional => 1 },
626 hide_received => { optional => 1 },
627 rejectunknown => { optional => 1 },
628 rejectunknownsender => { optional => 1 },
629 conn_count_limit => { optional => 1 },
630 conn_rate_limit => { optional => 1 },
631 message_rate_limit => { optional => 1 },
632 verifyreceivers => { optional => 1 },
633 dnsbl_sites => { optional => 1 },
634 dnsbl_threshold => { optional => 1 },
635 };
636 }
637
638 package PMG::Config;
639
640 use strict;
641 use warnings;
642 use IO::File;
643 use Data::Dumper;
644 use Template;
645
646 use PVE::SafeSyslog;
647 use PVE::Tools qw($IPV4RE $IPV6RE);
648 use PVE::INotify;
649 use PVE::JSONSchema;
650
651 use PMG::Cluster;
652
653 PMG::Config::Admin->register();
654 PMG::Config::Mail->register();
655 PMG::Config::SpamQuarantine->register();
656 PMG::Config::VirusQuarantine->register();
657 PMG::Config::Spam->register();
658 PMG::Config::ClamAV->register();
659
660 # initialize all plugins
661 PMG::Config::Base->init();
662
663 PVE::JSONSchema::register_format(
664 'transport-domain', \&pmg_verify_transport_domain);
665
666 sub pmg_verify_transport_domain {
667 my ($name, $noerr) = @_;
668
669 # like dns-name, but can contain leading dot
670 my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
671
672 if ($name !~ /^\.?(${namere}\.)*${namere}$/) {
673 return undef if $noerr;
674 die "value does not look like a valid transport domain\n";
675 }
676 return $name;
677 }
678
679 PVE::JSONSchema::register_format(
680 'transport-domain-or-email', \&pmg_verify_transport_domain_or_email);
681
682 sub pmg_verify_transport_domain_or_email {
683 my ($name, $noerr) = @_;
684
685 my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
686
687 # email address
688 if ($name =~ m/^(?:[^\s\/\@]+\@)(${namere}\.)*${namere}$/) {
689 return $name;
690 }
691
692 # like dns-name, but can contain leading dot
693 if ($name !~ /^\.?(${namere}\.)*${namere}$/) {
694 return undef if $noerr;
695 die "value does not look like a valid transport domain or email address\n";
696 }
697 return $name;
698 }
699
700 PVE::JSONSchema::register_format(
701 'dnsbl-entry', \&pmg_verify_dnsbl_entry);
702
703 sub pmg_verify_dnsbl_entry {
704 my ($name, $noerr) = @_;
705
706 # like dns-name, but can contain trailing weight: 'domain*<WEIGHT>'
707 my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
708
709 if ($name !~ /^(${namere}\.)*${namere}(\*\-?\d+)?$/) {
710 return undef if $noerr;
711 die "value '$name' does not look like a valid dnsbl entry\n";
712 }
713 return $name;
714 }
715
716 sub new {
717 my ($type) = @_;
718
719 my $class = ref($type) || $type;
720
721 my $cfg = PVE::INotify::read_file("pmg.conf");
722
723 return bless $cfg, $class;
724 }
725
726 sub write {
727 my ($self) = @_;
728
729 PVE::INotify::write_file("pmg.conf", $self);
730 }
731
732 my $lockfile = "/var/lock/pmgconfig.lck";
733
734 sub lock_config {
735 my ($code, $errmsg) = @_;
736
737 my $p = PVE::Tools::lock_file($lockfile, undef, $code);
738 if (my $err = $@) {
739 $errmsg ? die "$errmsg: $err" : die $err;
740 }
741 }
742
743 # set section values
744 sub set {
745 my ($self, $section, $key, $value) = @_;
746
747 my $pdata = PMG::Config::Base->private();
748
749 my $plugin = $pdata->{plugins}->{$section};
750 die "no such section '$section'" if !$plugin;
751
752 if (defined($value)) {
753 my $tmp = PMG::Config::Base->check_value($section, $key, $value, $section, 0);
754 $self->{ids}->{$section} = { type => $section } if !defined($self->{ids}->{$section});
755 $self->{ids}->{$section}->{$key} = PMG::Config::Base->decode_value($section, $key, $tmp);
756 } else {
757 if (defined($self->{ids}->{$section})) {
758 delete $self->{ids}->{$section}->{$key};
759 }
760 }
761
762 return undef;
763 }
764
765 # get section value or default
766 sub get {
767 my ($self, $section, $key, $nodefault) = @_;
768
769 my $pdata = PMG::Config::Base->private();
770 my $pdesc = $pdata->{propertyList}->{$key};
771 die "no such property '$section/$key'\n"
772 if !(defined($pdesc) && defined($pdata->{options}->{$section}) &&
773 defined($pdata->{options}->{$section}->{$key}));
774
775 if (defined($self->{ids}->{$section}) &&
776 defined(my $value = $self->{ids}->{$section}->{$key})) {
777 return $value;
778 }
779
780 return undef if $nodefault;
781
782 return $pdesc->{default};
783 }
784
785 # get a whole section with default value
786 sub get_section {
787 my ($self, $section) = @_;
788
789 my $pdata = PMG::Config::Base->private();
790 return undef if !defined($pdata->{options}->{$section});
791
792 my $res = {};
793
794 foreach my $key (keys %{$pdata->{options}->{$section}}) {
795
796 my $pdesc = $pdata->{propertyList}->{$key};
797
798 if (defined($self->{ids}->{$section}) &&
799 defined(my $value = $self->{ids}->{$section}->{$key})) {
800 $res->{$key} = $value;
801 next;
802 }
803 $res->{$key} = $pdesc->{default};
804 }
805
806 return $res;
807 }
808
809 # get a whole config with default values
810 sub get_config {
811 my ($self) = @_;
812
813 my $pdata = PMG::Config::Base->private();
814
815 my $res = {};
816
817 foreach my $type (keys %{$pdata->{plugins}}) {
818 my $plugin = $pdata->{plugins}->{$type};
819 $res->{$type} = $self->get_section($type);
820 }
821
822 return $res;
823 }
824
825 sub read_pmg_conf {
826 my ($filename, $fh) = @_;
827
828 local $/ = undef; # slurp mode
829
830 my $raw = <$fh> if defined($fh);
831
832 return PMG::Config::Base->parse_config($filename, $raw);
833 }
834
835 sub write_pmg_conf {
836 my ($filename, $fh, $cfg) = @_;
837
838 my $raw = PMG::Config::Base->write_config($filename, $cfg);
839
840 PVE::Tools::safe_print($filename, $fh, $raw);
841 }
842
843 PVE::INotify::register_file('pmg.conf', "/etc/pmg/pmg.conf",
844 \&read_pmg_conf,
845 \&write_pmg_conf,
846 undef, always_call_parser => 1);
847
848 # parsers/writers for other files
849
850 my $domainsfilename = "/etc/pmg/domains";
851
852 sub postmap_pmg_domains {
853 PMG::Utils::run_postmap($domainsfilename);
854 }
855
856 sub read_pmg_domains {
857 my ($filename, $fh) = @_;
858
859 my $domains = {};
860
861 my $comment = '';
862 if (defined($fh)) {
863 while (defined(my $line = <$fh>)) {
864 chomp $line;
865 next if $line =~ m/^\s*$/;
866 if ($line =~ m/^#(.*)\s*$/) {
867 $comment = $1;
868 next;
869 }
870 if ($line =~ m/^(\S+)\s.*$/) {
871 my $domain = $1;
872 $domains->{$domain} = {
873 domain => $domain, comment => $comment };
874 $comment = '';
875 } else {
876 warn "parse error in '$filename': $line\n";
877 $comment = '';
878 }
879 }
880 }
881
882 return $domains;
883 }
884
885 sub write_pmg_domains {
886 my ($filename, $fh, $domains) = @_;
887
888 foreach my $domain (sort keys %$domains) {
889 my $comment = $domains->{$domain}->{comment};
890 PVE::Tools::safe_print($filename, $fh, "#$comment\n")
891 if defined($comment) && $comment !~ m/^\s*$/;
892
893 PVE::Tools::safe_print($filename, $fh, "$domain 1\n");
894 }
895 }
896
897 PVE::INotify::register_file('domains', $domainsfilename,
898 \&read_pmg_domains,
899 \&write_pmg_domains,
900 undef, always_call_parser => 1);
901
902 my $mynetworks_filename = "/etc/pmg/mynetworks";
903
904 sub read_pmg_mynetworks {
905 my ($filename, $fh) = @_;
906
907 my $mynetworks = {};
908
909 my $comment = '';
910 if (defined($fh)) {
911 while (defined(my $line = <$fh>)) {
912 chomp $line;
913 next if $line =~ m/^\s*$/;
914 if ($line =~ m!^((?:$IPV4RE|$IPV6RE))/(\d+)\s*(?:#(.*)\s*)?$!) {
915 my ($network, $prefix_size, $comment) = ($1, $2, $3);
916 my $cidr = "$network/${prefix_size}";
917 $mynetworks->{$cidr} = {
918 cidr => $cidr,
919 network_address => $network,
920 prefix_size => $prefix_size,
921 comment => $comment // '',
922 };
923 } else {
924 warn "parse error in '$filename': $line\n";
925 }
926 }
927 }
928
929 return $mynetworks;
930 }
931
932 sub write_pmg_mynetworks {
933 my ($filename, $fh, $mynetworks) = @_;
934
935 foreach my $cidr (sort keys %$mynetworks) {
936 my $data = $mynetworks->{$cidr};
937 my $comment = $data->{comment} // '*';
938 PVE::Tools::safe_print($filename, $fh, "$cidr #$comment\n");
939 }
940 }
941
942 PVE::INotify::register_file('mynetworks', $mynetworks_filename,
943 \&read_pmg_mynetworks,
944 \&write_pmg_mynetworks,
945 undef, always_call_parser => 1);
946
947 PVE::JSONSchema::register_format(
948 'tls-policy', \&pmg_verify_tls_policy);
949
950 # TODO: extend to parse attributes of the policy
951 my $VALID_TLS_POLICY_RE = qr/none|may|encrypt|dane|dane-only|fingerprint|verify|secure/;
952 sub pmg_verify_tls_policy {
953 my ($policy, $noerr) = @_;
954
955 if ($policy !~ /^$VALID_TLS_POLICY_RE\b/) {
956 return undef if $noerr;
957 die "value '$policy' does not look like a valid tls policy\n";
958 }
959 return $policy;
960 }
961
962 sub pmg_verify_tls_policy_strict {
963 my ($policy) = @_;
964
965 return $policy
966 if ($policy =~ /^$VALID_TLS_POLICY_RE$/);
967
968 return undef;
969 }
970
971 sub read_tls_policy {
972 my ($filename, $fh) = @_;
973
974 return {} if !defined($fh);
975
976 my $tls_policy = {};
977
978 while (defined(my $line = <$fh>)) {
979 chomp $line;
980 next if $line =~ m/^\s*$/;
981 next if $line =~ m/^#(.*)\s*$/;
982
983 my $parse_error = sub {
984 my ($err) = @_;
985 die "parse error in '$filename': $line - $err";
986 };
987
988 if ($line =~ m/^(\S+)\s+(.+)\s*$/) {
989 my ($domain, $policy) = ($1, $2);
990
991 eval {
992 pmg_verify_transport_domain($domain);
993 pmg_verify_tls_policy($policy);
994 };
995 if (my $err = $@) {
996 $parse_error->($err);
997 next;
998 }
999
1000 $tls_policy->{$domain} = {
1001 domain => $domain,
1002 policy => $policy,
1003 };
1004 } else {
1005 $parse_error->('wrong format');
1006 }
1007 }
1008
1009 return $tls_policy;
1010 }
1011
1012 sub write_tls_policy {
1013 my ($filename, $fh, $tls_policy) = @_;
1014
1015 return if !$tls_policy;
1016
1017 foreach my $domain (sort keys %$tls_policy) {
1018 my $entry = $tls_policy->{$domain};
1019 PVE::Tools::safe_print(
1020 $filename, $fh, "$entry->{domain} $entry->{policy}\n");
1021 }
1022 }
1023
1024 my $tls_policy_map_filename = "/etc/pmg/tls_policy";
1025 PVE::INotify::register_file('tls_policy', $tls_policy_map_filename,
1026 \&read_tls_policy,
1027 \&write_tls_policy,
1028 undef, always_call_parser => 1);
1029
1030 sub postmap_tls_policy {
1031 PMG::Utils::run_postmap($tls_policy_map_filename);
1032 }
1033
1034 my $transport_map_filename = "/etc/pmg/transport";
1035
1036 sub postmap_pmg_transport {
1037 PMG::Utils::run_postmap($transport_map_filename);
1038 }
1039
1040 sub read_transport_map {
1041 my ($filename, $fh) = @_;
1042
1043 return [] if !defined($fh);
1044
1045 my $res = {};
1046
1047 my $comment = '';
1048
1049 while (defined(my $line = <$fh>)) {
1050 chomp $line;
1051 next if $line =~ m/^\s*$/;
1052 if ($line =~ m/^#(.*)\s*$/) {
1053 $comment = $1;
1054 next;
1055 }
1056
1057 my $parse_error = sub {
1058 my ($err) = @_;
1059 warn "parse error in '$filename': $line - $err";
1060 $comment = '';
1061 };
1062
1063 if ($line =~ m/^(\S+)\s+smtp:(\S+):(\d+)\s*$/) {
1064 my ($domain, $host, $port) = ($1, $2, $3);
1065
1066 eval { pmg_verify_transport_domain_or_email($domain); };
1067 if (my $err = $@) {
1068 $parse_error->($err);
1069 next;
1070 }
1071 my $use_mx = 1;
1072 if ($host =~ m/^\[(.*)\]$/) {
1073 $host = $1;
1074 $use_mx = 0;
1075 }
1076
1077 eval { PVE::JSONSchema::pve_verify_address($host); };
1078 if (my $err = $@) {
1079 $parse_error->($err);
1080 next;
1081 }
1082
1083 my $data = {
1084 domain => $domain,
1085 host => $host,
1086 port => $port,
1087 use_mx => $use_mx,
1088 comment => $comment,
1089 };
1090 $res->{$domain} = $data;
1091 $comment = '';
1092 } else {
1093 $parse_error->('wrong format');
1094 }
1095 }
1096
1097 return $res;
1098 }
1099
1100 sub write_transport_map {
1101 my ($filename, $fh, $tmap) = @_;
1102
1103 return if !$tmap;
1104
1105 foreach my $domain (sort keys %$tmap) {
1106 my $data = $tmap->{$domain};
1107
1108 my $comment = $data->{comment};
1109 PVE::Tools::safe_print($filename, $fh, "#$comment\n")
1110 if defined($comment) && $comment !~ m/^\s*$/;
1111
1112 my $use_mx = $data->{use_mx};
1113 $use_mx = 0 if $data->{host} =~ m/^(?:$IPV4RE|$IPV6RE)$/;
1114
1115 if ($use_mx) {
1116 PVE::Tools::safe_print(
1117 $filename, $fh, "$data->{domain} smtp:$data->{host}:$data->{port}\n");
1118 } else {
1119 PVE::Tools::safe_print(
1120 $filename, $fh, "$data->{domain} smtp:[$data->{host}]:$data->{port}\n");
1121 }
1122 }
1123 }
1124
1125 PVE::INotify::register_file('transport', $transport_map_filename,
1126 \&read_transport_map,
1127 \&write_transport_map,
1128 undef, always_call_parser => 1);
1129
1130 # config file generation using templates
1131
1132 sub get_template_vars {
1133 my ($self) = @_;
1134
1135 my $vars = { pmg => $self->get_config() };
1136
1137 my $nodename = PVE::INotify::nodename();
1138 my $int_ip = PMG::Cluster::remote_node_ip($nodename);
1139 $vars->{ipconfig}->{int_ip} = $int_ip;
1140
1141 my $transportnets = [];
1142
1143 if (my $tmap = PVE::INotify::read_file('transport')) {
1144 foreach my $domain (sort keys %$tmap) {
1145 my $data = $tmap->{$domain};
1146 my $host = $data->{host};
1147 if ($host =~ m/^$IPV4RE$/) {
1148 push @$transportnets, "$host/32";
1149 } elsif ($host =~ m/^$IPV6RE$/) {
1150 push @$transportnets, "[$host]/128";
1151 }
1152 }
1153 }
1154
1155 $vars->{postfix}->{transportnets} = join(' ', @$transportnets);
1156
1157 my $mynetworks = [ '127.0.0.0/8', '[::1]/128' ];
1158
1159 if (my $int_net_cidr = PMG::Utils::find_local_network_for_ip($int_ip, 1)) {
1160 if ($int_net_cidr =~ m/^($IPV6RE)\/(\d+)$/) {
1161 push @$mynetworks, "[$1]/$2";
1162 } else {
1163 push @$mynetworks, $int_net_cidr;
1164 }
1165 } else {
1166 if ($int_ip =~ m/^$IPV6RE$/) {
1167 push @$mynetworks, "[$int_ip]/128";
1168 } else {
1169 push @$mynetworks, "$int_ip/32";
1170 }
1171 }
1172
1173 my $netlist = PVE::INotify::read_file('mynetworks');
1174 foreach my $cidr (keys %$netlist) {
1175 if ($cidr =~ m/^($IPV6RE)\/(\d+)$/) {
1176 push @$mynetworks, "[$1]/$2";
1177 } else {
1178 push @$mynetworks, $cidr;
1179 }
1180 }
1181
1182 push @$mynetworks, @$transportnets;
1183
1184 # add default relay to mynetworks
1185 if (my $relay = $self->get('mail', 'relay')) {
1186 if ($relay =~ m/^$IPV4RE$/) {
1187 push @$mynetworks, "$relay/32";
1188 } elsif ($relay =~ m/^$IPV6RE$/) {
1189 push @$mynetworks, "[$relay]/128";
1190 } else {
1191 # DNS name - do nothing ?
1192 }
1193 }
1194
1195 $vars->{postfix}->{mynetworks} = join(' ', @$mynetworks);
1196
1197 # normalize dnsbl_sites
1198 my @dnsbl_sites = PVE::Tools::split_list($vars->{pmg}->{mail}->{dnsbl_sites});
1199 if (scalar(@dnsbl_sites)) {
1200 $vars->{postfix}->{dnsbl_sites} = join(',', @dnsbl_sites);
1201 }
1202
1203 $vars->{postfix}->{dnsbl_threshold} = $self->get('mail', 'dnsbl_threshold');
1204
1205 my $usepolicy = 0;
1206 $usepolicy = 1 if $self->get('mail', 'greylist') ||
1207 $self->get('mail', 'spf');
1208 $vars->{postfix}->{usepolicy} = $usepolicy;
1209
1210 if ($int_ip =~ m/^$IPV6RE$/) {
1211 $vars->{postfix}->{int_ip} = "[$int_ip]";
1212 } else {
1213 $vars->{postfix}->{int_ip} = $int_ip;
1214 }
1215
1216 my $resolv = PVE::INotify::read_file('resolvconf');
1217 $vars->{dns}->{hostname} = $nodename;
1218
1219 my $domain = $resolv->{search} // 'localdomain';
1220 $vars->{dns}->{domain} = $domain;
1221
1222 my $wlbr = "$nodename.$domain";
1223 foreach my $r (PVE::Tools::split_list($vars->{pmg}->{spam}->{wl_bounce_relays})) {
1224 $wlbr .= " $r"
1225 }
1226 $vars->{composed}->{wl_bounce_relays} = $wlbr;
1227
1228 if (my $proxy = $vars->{pmg}->{admin}->{http_proxy}) {
1229 eval {
1230 my $uri = URI->new($proxy);
1231 my $host = $uri->host;
1232 my $port = $uri->port // 8080;
1233 if ($host) {
1234 my $data = { host => $host, port => $port };
1235 if (my $ui = $uri->userinfo) {
1236 my ($username, $pw) = split(/:/, $ui, 2);
1237 $data->{username} = $username;
1238 $data->{password} = $pw if defined($pw);
1239 }
1240 $vars->{proxy} = $data;
1241 }
1242 };
1243 warn "parse http_proxy failed - $@" if $@;
1244 }
1245
1246 return $vars;
1247 }
1248
1249 # use one global TT cache
1250 our $tt_include_path = ['/etc/pmg/templates' ,'/var/lib/pmg/templates' ];
1251
1252 my $template_toolkit;
1253
1254 sub get_template_toolkit {
1255
1256 return $template_toolkit if $template_toolkit;
1257
1258 $template_toolkit = Template->new({ INCLUDE_PATH => $tt_include_path });
1259
1260 return $template_toolkit;
1261 }
1262
1263 # rewrite file from template
1264 # return true if file has changed
1265 sub rewrite_config_file {
1266 my ($self, $tmplname, $dstfn) = @_;
1267
1268 my $demo = $self->get('admin', 'demo');
1269
1270 if ($demo) {
1271 my $demosrc = "$tmplname.demo";
1272 $tmplname = $demosrc if -f "/var/lib/pmg/templates/$demosrc";
1273 }
1274
1275 my ($perm, $uid, $gid);
1276
1277 if ($dstfn eq '/etc/clamav/freshclam.conf') {
1278 # needed if file contains a HTTPProxyPasswort
1279
1280 $uid = getpwnam('clamav');
1281 $gid = getgrnam('adm');
1282 $perm = 0600;
1283 }
1284
1285 my $tt = get_template_toolkit();
1286
1287 my $vars = $self->get_template_vars();
1288
1289 my $output = '';
1290
1291 $tt->process($tmplname, $vars, \$output) ||
1292 die $tt->error() . "\n";
1293
1294 my $old = PVE::Tools::file_get_contents($dstfn, 128*1024) if -f $dstfn;
1295
1296 return 0 if defined($old) && ($old eq $output); # no change
1297
1298 PVE::Tools::file_set_contents($dstfn, $output, $perm);
1299
1300 if (defined($uid) && defined($gid)) {
1301 chown($uid, $gid, $dstfn);
1302 }
1303
1304 return 1;
1305 }
1306
1307 # rewrite spam configuration
1308 sub rewrite_config_spam {
1309 my ($self) = @_;
1310
1311 my $use_awl = $self->get('spam', 'use_awl');
1312 my $use_bayes = $self->get('spam', 'use_bayes');
1313 my $use_razor = $self->get('spam', 'use_razor');
1314
1315 my $changes = 0;
1316
1317 # delete AW and bayes databases if those features are disabled
1318 if (!$use_awl) {
1319 $changes = 1 if unlink '/root/.spamassassin/auto-whitelist';
1320 }
1321
1322 if (!$use_bayes) {
1323 $changes = 1 if unlink '/root/.spamassassin/bayes_journal';
1324 $changes = 1 if unlink '/root/.spamassassin/bayes_seen';
1325 $changes = 1 if unlink '/root/.spamassassin/bayes_toks';
1326 }
1327
1328 # make sure we have a custom.cf file (else cluster sync fails)
1329 IO::File->new('/etc/mail/spamassassin/custom.cf', 'a', 0644);
1330
1331 $changes = 1 if $self->rewrite_config_file(
1332 'local.cf.in', '/etc/mail/spamassassin/local.cf');
1333
1334 $changes = 1 if $self->rewrite_config_file(
1335 'init.pre.in', '/etc/mail/spamassassin/init.pre');
1336
1337 $changes = 1 if $self->rewrite_config_file(
1338 'v310.pre.in', '/etc/mail/spamassassin/v310.pre');
1339
1340 $changes = 1 if $self->rewrite_config_file(
1341 'v320.pre.in', '/etc/mail/spamassassin/v320.pre');
1342
1343 if ($use_razor) {
1344 mkdir "/root/.razor";
1345
1346 $changes = 1 if $self->rewrite_config_file(
1347 'razor-agent.conf.in', '/root/.razor/razor-agent.conf');
1348
1349 if (! -e '/root/.razor/identity') {
1350 eval {
1351 my $timeout = 30;
1352 PVE::Tools::run_command(['razor-admin', '-discover'], timeout => $timeout);
1353 PVE::Tools::run_command(['razor-admin', '-register'], timeout => $timeout);
1354 };
1355 my $err = $@;
1356 syslog('info', "registering razor failed: $err") if $err;
1357 }
1358 }
1359
1360 return $changes;
1361 }
1362
1363 # rewrite ClamAV configuration
1364 sub rewrite_config_clam {
1365 my ($self) = @_;
1366
1367 return $self->rewrite_config_file(
1368 'clamd.conf.in', '/etc/clamav/clamd.conf');
1369 }
1370
1371 sub rewrite_config_freshclam {
1372 my ($self) = @_;
1373
1374 return $self->rewrite_config_file(
1375 'freshclam.conf.in', '/etc/clamav/freshclam.conf');
1376 }
1377
1378 sub rewrite_config_postgres {
1379 my ($self) = @_;
1380
1381 my $pgconfdir = "/etc/postgresql/9.6/main";
1382
1383 my $changes = 0;
1384
1385 $changes = 1 if $self->rewrite_config_file(
1386 'pg_hba.conf.in', "$pgconfdir/pg_hba.conf");
1387
1388 $changes = 1 if $self->rewrite_config_file(
1389 'postgresql.conf.in', "$pgconfdir/postgresql.conf");
1390
1391 return $changes;
1392 }
1393
1394 # rewrite /root/.forward
1395 sub rewrite_dot_forward {
1396 my ($self) = @_;
1397
1398 my $dstfn = '/root/.forward';
1399
1400 my $email = $self->get('admin', 'email');
1401
1402 my $output = '';
1403 if ($email && $email =~ m/\s*(\S+)\s*/) {
1404 $output = "$1\n";
1405 } else {
1406 # empty .forward does not forward mails (see man local)
1407 }
1408
1409 my $old = PVE::Tools::file_get_contents($dstfn, 128*1024) if -f $dstfn;
1410
1411 return 0 if defined($old) && ($old eq $output); # no change
1412
1413 PVE::Tools::file_set_contents($dstfn, $output);
1414
1415 return 1;
1416 }
1417
1418 my $write_smtp_whitelist = sub {
1419 my ($filename, $data, $action) = @_;
1420
1421 $action = 'OK' if !$action;
1422
1423 my $old = PVE::Tools::file_get_contents($filename, 1024*1024)
1424 if -f $filename;
1425
1426 my $new = '';
1427 foreach my $k (sort keys %$data) {
1428 $new .= "$k $action\n";
1429 }
1430
1431 return 0 if defined($old) && ($old eq $new); # no change
1432
1433 PVE::Tools::file_set_contents($filename, $new);
1434
1435 PMG::Utils::run_postmap($filename);
1436
1437 return 1;
1438 };
1439
1440 sub rewrite_postfix_whitelist {
1441 my ($rulecache) = @_;
1442
1443 # see man page for regexp_table for postfix regex table format
1444
1445 # we use a hash to avoid duplicate entries in regex tables
1446 my $tolist = {};
1447 my $fromlist = {};
1448 my $clientlist = {};
1449
1450 foreach my $obj (@{$rulecache->{"greylist:receiver"}}) {
1451 my $oclass = ref($obj);
1452 if ($oclass eq 'PMG::RuleDB::Receiver') {
1453 my $addr = PMG::Utils::quote_regex($obj->{address});
1454 $tolist->{"/^$addr\$/"} = 1;
1455 } elsif ($oclass eq 'PMG::RuleDB::ReceiverDomain') {
1456 my $addr = PMG::Utils::quote_regex($obj->{address});
1457 $tolist->{"/^.+\@$addr\$/"} = 1;
1458 } elsif ($oclass eq 'PMG::RuleDB::ReceiverRegex') {
1459 my $addr = $obj->{address};
1460 $addr =~ s|/|\\/|g;
1461 $tolist->{"/^$addr\$/"} = 1;
1462 }
1463 }
1464
1465 foreach my $obj (@{$rulecache->{"greylist:sender"}}) {
1466 my $oclass = ref($obj);
1467 my $addr = PMG::Utils::quote_regex($obj->{address});
1468 if ($oclass eq 'PMG::RuleDB::EMail') {
1469 my $addr = PMG::Utils::quote_regex($obj->{address});
1470 $fromlist->{"/^$addr\$/"} = 1;
1471 } elsif ($oclass eq 'PMG::RuleDB::Domain') {
1472 my $addr = PMG::Utils::quote_regex($obj->{address});
1473 $fromlist->{"/^.+\@$addr\$/"} = 1;
1474 } elsif ($oclass eq 'PMG::RuleDB::WhoRegex') {
1475 my $addr = $obj->{address};
1476 $addr =~ s|/|\\/|g;
1477 $fromlist->{"/^$addr\$/"} = 1;
1478 } elsif ($oclass eq 'PMG::RuleDB::IPAddress') {
1479 $clientlist->{$obj->{address}} = 1;
1480 } elsif ($oclass eq 'PMG::RuleDB::IPNet') {
1481 $clientlist->{$obj->{address}} = 1;
1482 }
1483 }
1484
1485 $write_smtp_whitelist->("/etc/postfix/senderaccess", $fromlist);
1486 $write_smtp_whitelist->("/etc/postfix/rcptaccess", $tolist);
1487 $write_smtp_whitelist->("/etc/postfix/clientaccess", $clientlist);
1488 $write_smtp_whitelist->("/etc/postfix/postscreen_access", $clientlist, 'permit');
1489 };
1490
1491 # rewrite /etc/postfix/*
1492 sub rewrite_config_postfix {
1493 my ($self, $rulecache) = @_;
1494
1495 # make sure we have required files (else postfix start fails)
1496 IO::File->new($transport_map_filename, 'a', 0644);
1497
1498 my $changes = 0;
1499
1500 if ($self->get('mail', 'tls')) {
1501 eval {
1502 PMG::Utils::gen_proxmox_tls_cert();
1503 };
1504 syslog ('info', "generating certificate failed: $@") if $@;
1505 }
1506
1507 $changes = 1 if $self->rewrite_config_file(
1508 'main.cf.in', '/etc/postfix/main.cf');
1509
1510 $changes = 1 if $self->rewrite_config_file(
1511 'master.cf.in', '/etc/postfix/master.cf');
1512
1513 # make sure we have required files (else postfix start fails)
1514 # Note: postmap need a valid /etc/postfix/main.cf configuration
1515 postmap_pmg_domains();
1516 postmap_pmg_transport();
1517 postmap_tls_policy();
1518
1519 rewrite_postfix_whitelist($rulecache) if $rulecache;
1520
1521 # make sure aliases.db is up to date
1522 system('/usr/bin/newaliases');
1523
1524 return $changes;
1525 }
1526
1527 sub rewrite_config {
1528 my ($self, $rulecache, $restart_services, $force_restart) = @_;
1529
1530 $force_restart = {} if ! $force_restart;
1531
1532 if (($self->rewrite_config_postfix($rulecache) && $restart_services) ||
1533 $force_restart->{postfix}) {
1534 PMG::Utils::service_cmd('postfix', 'restart');
1535 }
1536
1537 if ($self->rewrite_dot_forward() && $restart_services) {
1538 # no need to restart anything
1539 }
1540
1541 if ($self->rewrite_config_postgres() && $restart_services) {
1542 # do nothing (too many side effects)?
1543 # does not happen anyways, because config does not change.
1544 }
1545
1546 if (($self->rewrite_config_spam() && $restart_services) ||
1547 $force_restart->{spam}) {
1548 PMG::Utils::service_cmd('pmg-smtp-filter', 'restart');
1549 }
1550
1551 if (($self->rewrite_config_clam() && $restart_services) ||
1552 $force_restart->{clam}) {
1553 PMG::Utils::service_cmd('clamav-daemon', 'restart');
1554 }
1555
1556 if (($self->rewrite_config_freshclam() && $restart_services) ||
1557 $force_restart->{freshclam}) {
1558 PMG::Utils::service_cmd('clamav-freshclam', 'restart');
1559 }
1560 }
1561
1562 1;
PMG API