]> git.proxmox.com Git - pmg-api.git/blob - PMG/Config.pm
projects / pmg-api.git / blob
? search:


a58a23836a3aff7d9a545617e41dc6ac436ae0cc
[pmg-api.git] / PMG / Config.pm
1 package PMG::Config::Base;
2
3 use strict;
4 use warnings;
5 use Data::Dumper;
6
7 use PVE::Tools;
8 use PVE::JSONSchema qw(get_standard_option);
9 use PVE::SectionConfig;
10
11 use base qw(PVE::SectionConfig);
12
13 my $defaultData = {
14 propertyList => {
15 type => { description => "Section type." },
16 section => {
17 description => "Secion ID.",
18 type => 'string', format => 'pve-configid',
19 },
20 },
21 };
22
23 sub private {
24 return $defaultData;
25 }
26
27 sub format_section_header {
28 my ($class, $type, $sectionId) = @_;
29
30 die "internal error ($type ne $sectionId)" if $type ne $sectionId;
31
32 return "section: $type\n";
33 }
34
35
36 sub parse_section_header {
37 my ($class, $line) = @_;
38
39 if ($line =~ m/^section:\s*(\S+)\s*$/) {
40 my $section = $1;
41 my $errmsg = undef; # set if you want to skip whole section
42 eval { PVE::JSONSchema::pve_verify_configid($section); };
43 $errmsg = $@ if $@;
44 my $config = {}; # to return additional attributes
45 return ($section, $section, $errmsg, $config);
46 }
47 return undef;
48 }
49
50 package PMG::Config::Admin;
51
52 use strict;
53 use warnings;
54
55 use base qw(PMG::Config::Base);
56
57 sub type {
58 return 'admin';
59 }
60
61 sub properties {
62 return {
63 dailyreport => {
64 description => "Send daily reports.",
65 type => 'boolean',
66 default => 1,
67 },
68 demo => {
69 description => "Demo mode - do not start SMTP filter.",
70 type => 'boolean',
71 default => 0,
72 },
73 email => {
74 description => "Administrator E-Mail address.",
75 type => 'string', format => 'email',
76 default => 'admin@domain.tld',
77 },
78 proxyport => {
79 description => "HTTP proxy port.",
80 type => 'integer',
81 minimum => 1,
82 default => 8080,
83 },
84 proxyserver => {
85 description => "HTTP proxy server address.",
86 type => 'string',
87 },
88 proxyuser => {
89 description => "HTTP proxy user name.",
90 type => 'string',
91 },
92 proxypassword => {
93 description => "HTTP proxy password.",
94 type => 'string',
95 },
96 };
97 }
98
99 sub options {
100 return {
101 dailyreport => { optional => 1 },
102 demo => { optional => 1 },
103 email => { optional => 1 },
104 proxyport => { optional => 1 },
105 proxyserver => { optional => 1 },
106 proxyuser => { optional => 1 },
107 proxypassword => { optional => 1 },
108 };
109 }
110
111 package PMG::Config::Spam;
112
113 use strict;
114 use warnings;
115
116 use base qw(PMG::Config::Base);
117
118 sub type {
119 return 'spam';
120 }
121
122 sub properties {
123 return {
124 languages => {
125 description => "This option is used to specify which languages are considered OK for incoming mail.",
126 type => 'string',
127 pattern => '(all|([a-z][a-z])+( ([a-z][a-z])+)*)',
128 default => 'all',
129 },
130 use_bayes => {
131 description => "Whether to use the naive-Bayesian-style classifier.",
132 type => 'boolean',
133 default => 1,
134 },
135 use_awl => {
136 description => "Use the Auto-Whitelist plugin.",
137 type => 'boolean',
138 default => 1,
139 },
140 use_razor => {
141 description => "Whether to use Razor2, if it is available.",
142 type => 'boolean',
143 default => 1,
144 },
145 use_ocr => {
146 description => "Enable OCR to scan pictures.",
147 type => 'boolean',
148 default => 0,
149 },
150 wl_bounce_relays => {
151 description => "Whitelist legitimate bounce relays.",
152 type => 'string',
153 },
154 bounce_score => {
155 description => "Additional score for bounce mails.",
156 type => 'integer',
157 minimum => 0,
158 maximum => 1000,
159 default => 0,
160 },
161 rbl_checks => {
162 description => "Enable real time blacklists (RBL) checks.",
163 type => 'boolean',
164 default => 1,
165 },
166 maxspamsize => {
167 description => "Maximum size of spam messages in bytes.",
168 type => 'integer',
169 minimum => 64,
170 default => 200*1024,
171 },
172 };
173 }
174
175 sub options {
176 return {
177 use_awl => { optional => 1 },
178 use_razor => { optional => 1 },
179 use_ocr => { optional => 1 },
180 wl_bounce_relays => { optional => 1 },
181 languages => { optional => 1 },
182 use_bayes => { optional => 1 },
183 bounce_score => { optional => 1 },
184 rbl_checks => { optional => 1 },
185 maxspamsize => { optional => 1 },
186 };
187 }
188
189 package PMG::Config::ClamAV;
190
191 use strict;
192 use warnings;
193
194 use base qw(PMG::Config::Base);
195
196 sub type {
197 return 'clamav';
198 }
199
200 sub properties {
201 return {
202 dbmirror => {
203 description => "ClamAV database mirror server.",
204 type => 'string',
205 default => 'database.clamav.net',
206 },
207 archiveblockencrypted => {
208 description => "Wether to block encrypted archives. Mark encrypted archives as viruses.",
209 type => 'boolean',
210 default => 0,
211 },
212 archivemaxrec => {
213 description => "Nested archives are scanned recursively, e.g. if a ZIP archive contains a TAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: setting this limit too high may result in severe damage to the system.",
214 type => 'integer',
215 minimum => 1,
216 default => 5,
217 },
218 archivemaxfiles => {
219 description => "Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.",
220 type => 'integer',
221 minimum => 0,
222 default => 1000,
223 },
224 archivemaxsize => {
225 description => "Files larger than this limit won't be scanned.",
226 type => 'integer',
227 minimum => 1000000,
228 default => 25000000,
229 },
230 maxscansize => {
231 description => "Sets the maximum amount of data to be scanned for each input file.",
232 type => 'integer',
233 minimum => 1000000,
234 default => 100000000,
235 },
236 maxcccount => {
237 description => "This option sets the lowest number of Credit Card or Social Security numbers found in a file to generate a detect.",
238 type => 'integer',
239 minimum => 0,
240 default => 0,
241 },
242 };
243 }
244
245 sub options {
246 return {
247 archiveblockencrypted => { optional => 1 },
248 archivemaxrec => { optional => 1 },
249 archivemaxfiles => { optional => 1 },
250 archivemaxsize => { optional => 1 },
251 maxscansize => { optional => 1 },
252 dbmirror => { optional => 1 },
253 maxcccount => { optional => 1 },
254 };
255 }
256
257 package PMG::Config::Mail;
258
259 use strict;
260 use warnings;
261
262 use PVE::ProcFSTools;
263
264 use base qw(PMG::Config::Base);
265
266 sub type {
267 return 'mail';
268 }
269
270 my $physicalmem = 0;
271 sub physical_memory {
272
273 return $physicalmem if $physicalmem;
274
275 my $info = PVE::ProcFSTools::read_meminfo();
276 my $total = int($info->{memtotal} / (1024*1024));
277
278 return $total;
279 }
280
281 sub get_max_filters {
282 # estimate optimal number of filter servers
283
284 my $max_servers = 5;
285 my $servermem = 120;
286 my $memory = physical_memory();
287 my $add_servers = int(($memory - 512)/$servermem);
288 $max_servers += $add_servers if $add_servers > 0;
289 $max_servers = 40 if $max_servers > 40;
290
291 return $max_servers - 2;
292 }
293
294 sub get_max_smtpd {
295 # estimate optimal number of smtpd daemons
296
297 my $max_servers = 25;
298 my $servermem = 20;
299 my $memory = physical_memory();
300 my $add_servers = int(($memory - 512)/$servermem);
301 $max_servers += $add_servers if $add_servers > 0;
302 $max_servers = 100 if $max_servers > 100;
303 return $max_servers;
304 }
305
306 sub get_max_policy {
307 # estimate optimal number of proxpolicy servers
308 my $max_servers = 2;
309 my $memory = physical_memory();
310 $max_servers = 5 if $memory >= 500;
311 return $max_servers;
312 }
313
314 sub properties {
315 return {
316 int_port => {
317 description => "SMTP port number for outgoing mail (trusted).",
318 type => 'integer',
319 minimum => 1,
320 maximum => 65535,
321 default => 25,
322 },
323 ext_port => {
324 description => "SMTP port number for incoming mail (untrusted). This must be a different number than 'int_port'.",
325 type => 'integer',
326 minimum => 1,
327 maximum => 65535,
328 default => 26,
329 },
330 relay => {
331 description => "The default mail delivery transport (incoming mails).",
332 type => 'string', format => 'address',
333 },
334 relayport => {
335 description => "SMTP port number for relay host.",
336 type => 'integer',
337 minimum => 1,
338 maximum => 65535,
339 default => 25,
340 },
341 relaynomx => {
342 description => "Disable MX lookups for default relay.",
343 type => 'boolean',
344 default => 0,
345 },
346 smarthost => {
347 description => "When set, all outgoing mails are deliverd to the specified smarthost.",
348 type => 'string', format => 'address',
349 },
350 banner => {
351 description => "ESMTP banner.",
352 type => 'string',
353 maxLength => 1024,
354 default => 'ESMTP Proxmox',
355 },
356 max_filters => {
357 description => "Maximum number of pmg-smtp-filter processes.",
358 type => 'integer',
359 minimum => 3,
360 maximum => 40,
361 default => get_max_filters(),
362 },
363 max_policy => {
364 description => "Maximum number of pmgpolicy processes.",
365 type => 'integer',
366 minimum => 2,
367 maximum => 10,
368 default => get_max_policy(),
369 },
370 max_smtpd_in => {
371 description => "Maximum number of SMTP daemon processes (in).",
372 type => 'integer',
373 minimum => 3,
374 maximum => 100,
375 default => get_max_smtpd(),
376 },
377 max_smtpd_out => {
378 description => "Maximum number of SMTP daemon processes (out).",
379 type => 'integer',
380 minimum => 3,
381 maximum => 100,
382 default => get_max_smtpd(),
383 },
384 conn_count_limit => {
385 description => "How many simultaneous connections any client is allowed to make to this service. To disable this feature, specify a limit of 0.",
386 type => 'integer',
387 minimum => 0,
388 default => 50,
389 },
390 conn_rate_limit => {
391 description => "The maximal number of connection attempts any client is allowed to make to this service per minute. To disable this feature, specify a limit of 0.",
392 type => 'integer',
393 minimum => 0,
394 default => 0,
395 },
396 message_rate_limit => {
397 description => "The maximal number of message delivery requests that any client is allowed to make to this service per minute.To disable this feature, specify a limit of 0.",
398 type => 'integer',
399 minimum => 0,
400 default => 0,
401 },
402 hide_received => {
403 description => "Hide received header in outgoing mails.",
404 type => 'boolean',
405 default => 0,
406 },
407 maxsize => {
408 description => "Maximum email size. Larger mails are rejected.",
409 type => 'integer',
410 minimum => 1024,
411 default => 1024*1024*10,
412 },
413 dwarning => {
414 description => "SMTP delay warning time (in hours).",
415 type => 'integer',
416 minimum => 0,
417 default => 4,
418 },
419 use_rbl => {
420 description => "Use Realtime Blacklists.",
421 type => 'boolean',
422 default => 1,
423 },
424 tls => {
425 description => "Enable TLS.",
426 type => 'boolean',
427 default => 0,
428 },
429 tlslog => {
430 description => "Enable TLS Logging.",
431 type => 'boolean',
432 default => 0,
433 },
434 tlsheader => {
435 description => "Add TLS received header.",
436 type => 'boolean',
437 default => 0,
438 },
439 spf => {
440 description => "Use Sender Policy Framework.",
441 type => 'boolean',
442 default => 1,
443 },
444 greylist => {
445 description => "Use Greylisting.",
446 type => 'boolean',
447 default => 1,
448 },
449 helotests => {
450 description => "Use SMTP HELO tests.",
451 type => 'boolean',
452 default => 0,
453 },
454 rejectunknown => {
455 description => "Reject unknown clients.",
456 type => 'boolean',
457 default => 0,
458 },
459 rejectunknownsender => {
460 description => "Reject unknown senders.",
461 type => 'boolean',
462 default => 0,
463 },
464 verifyreceivers => {
465 description => "Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.",
466 type => 'string',
467 enum => ['450', '550'],
468 },
469 dnsbl_sites => {
470 description => "Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).",
471 type => 'string',
472 },
473 };
474 }
475
476 sub options {
477 return {
478 int_port => { optional => 1 },
479 ext_port => { optional => 1 },
480 smarthost => { optional => 1 },
481 relay => { optional => 1 },
482 relayport => { optional => 1 },
483 relaynomx => { optional => 1 },
484 dwarning => { optional => 1 },
485 max_smtpd_in => { optional => 1 },
486 max_smtpd_out => { optional => 1 },
487 greylist => { optional => 1 },
488 helotests => { optional => 1 },
489 use_rbl => { optional => 1 },
490 tls => { optional => 1 },
491 tlslog => { optional => 1 },
492 tlsheader => { optional => 1 },
493 spf => { optional => 1 },
494 maxsize => { optional => 1 },
495 banner => { optional => 1 },
496 max_filters => { optional => 1 },
497 max_policy => { optional => 1 },
498 hide_received => { optional => 1 },
499 rejectunknown => { optional => 1 },
500 rejectunknownsender => { optional => 1 },
501 conn_count_limit => { optional => 1 },
502 conn_rate_limit => { optional => 1 },
503 message_rate_limit => { optional => 1 },
504 verifyreceivers => { optional => 1 },
505 dnsbl_sites => { optional => 1 },
506 };
507 }
508 package PMG::Config;
509
510 use strict;
511 use warnings;
512 use IO::File;
513 use Data::Dumper;
514 use Template;
515
516 use PVE::SafeSyslog;
517 use PVE::Tools qw($IPV4RE $IPV6RE);
518 use PVE::INotify;
519 use PVE::JSONSchema;
520
521 PMG::Config::Admin->register();
522 PMG::Config::Mail->register();
523 PMG::Config::Spam->register();
524 PMG::Config::ClamAV->register();
525
526 # initialize all plugins
527 PMG::Config::Base->init();
528
529 PVE::JSONSchema::register_format(
530 'transport-domain', \&pmg_verify_transport_domain);
531 sub pmg_verify_transport_domain {
532 my ($name, $noerr) = @_;
533
534 # like dns-name, but can contain leading dot
535 my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
536
537 if ($name !~ /^\.?(${namere}\.)*${namere}$/) {
538 return undef if $noerr;
539 die "value does not look like a valid transport domain\n";
540 }
541 return $name;
542 }
543
544 sub new {
545 my ($type) = @_;
546
547 my $class = ref($type) || $type;
548
549 my $cfg = PVE::INotify::read_file("pmg.conf");
550
551 return bless $cfg, $class;
552 }
553
554 sub write {
555 my ($self) = @_;
556
557 PVE::INotify::write_file("pmg.conf", $self);
558 }
559
560 my $lockfile = "/var/lock/pmgconfig.lck";
561
562 sub lock_config {
563 my ($code, $errmsg) = @_;
564
565 my $p = PVE::Tools::lock_file($lockfile, undef, $code);
566 if (my $err = $@) {
567 $errmsg ? die "$errmsg: $err" : die $err;
568 }
569 }
570
571 # set section values
572 sub set {
573 my ($self, $section, $key, $value) = @_;
574
575 my $pdata = PMG::Config::Base->private();
576
577 my $plugin = $pdata->{plugins}->{$section};
578 die "no such section '$section'" if !$plugin;
579
580 if (defined($value)) {
581 my $tmp = PMG::Config::Base->check_value($section, $key, $value, $section, 0);
582 $self->{ids}->{$section} = { type => $section } if !defined($self->{ids}->{$section});
583 $self->{ids}->{$section}->{$key} = PMG::Config::Base->decode_value($section, $key, $tmp);
584 } else {
585 if (defined($self->{ids}->{$section})) {
586 delete $self->{ids}->{$section}->{$key};
587 }
588 }
589
590 return undef;
591 }
592
593 # get section value or default
594 sub get {
595 my ($self, $section, $key) = @_;
596
597 my $pdata = PMG::Config::Base->private();
598 my $pdesc = $pdata->{propertyList}->{$key};
599 die "no such property '$section/$key'\n"
600 if !(defined($pdesc) && defined($pdata->{options}->{$section}) &&
601 defined($pdata->{options}->{$section}->{$key}));
602
603 if (defined($self->{ids}->{$section}) &&
604 defined(my $value = $self->{ids}->{$section}->{$key})) {
605 return $value;
606 }
607
608 return $pdesc->{default};
609 }
610
611 # get a whole section with default value
612 sub get_section {
613 my ($self, $section) = @_;
614
615 my $pdata = PMG::Config::Base->private();
616 return undef if !defined($pdata->{options}->{$section});
617
618 my $res = {};
619
620 foreach my $key (keys %{$pdata->{options}->{$section}}) {
621
622 my $pdesc = $pdata->{propertyList}->{$key};
623
624 if (defined($self->{ids}->{$section}) &&
625 defined(my $value = $self->{ids}->{$section}->{$key})) {
626 $res->{$key} = $value;
627 next;
628 }
629 $res->{$key} = $pdesc->{default};
630 }
631
632 return $res;
633 }
634
635 # get a whole config with default values
636 sub get_config {
637 my ($self) = @_;
638
639 my $pdata = PMG::Config::Base->private();
640
641 my $res = {};
642
643 foreach my $type (keys %{$pdata->{plugins}}) {
644 my $plugin = $pdata->{plugins}->{$type};
645 $res->{$type} = $self->get_section($type);
646 }
647
648 return $res;
649 }
650
651 sub read_pmg_conf {
652 my ($filename, $fh) = @_;
653
654 local $/ = undef; # slurp mode
655
656 my $raw = <$fh> if defined($fh);
657
658 return PMG::Config::Base->parse_config($filename, $raw);
659 }
660
661 sub write_pmg_conf {
662 my ($filename, $fh, $cfg) = @_;
663
664 my $raw = PMG::Config::Base->write_config($filename, $cfg);
665
666 PVE::Tools::safe_print($filename, $fh, $raw);
667 }
668
669 PVE::INotify::register_file('pmg.conf', "/etc/pmg/pmg.conf",
670 \&read_pmg_conf,
671 \&write_pmg_conf,
672 undef, always_call_parser => 1);
673
674 # parsers/writers for other files
675
676 my $domainsfilename = "/etc/pmg/domains";
677
678 sub postmap_pmg_domains {
679 PMG::Utils::run_postmap($domainsfilename);
680 }
681
682 sub read_pmg_domains {
683 my ($filename, $fh) = @_;
684
685 my $domains = {};
686
687 my $comment = '';
688 if (defined($fh)) {
689 while (defined(my $line = <$fh>)) {
690 chomp $line;
691 next if $line =~ m/^\s*$/;
692 if ($line =~ m/^#(.*)\s*$/) {
693 $comment = $1;
694 next;
695 }
696 if ($line =~ m/^(\S+)\s.*$/) {
697 my $domain = $1;
698 $domains->{$domain} = {
699 domain => $domain, comment => $comment };
700 $comment = '';
701 } else {
702 warn "parse error in '$filename': $line\n";
703 $comment = '';
704 }
705 }
706 }
707
708 return $domains;
709 }
710
711 sub write_pmg_domains {
712 my ($filename, $fh, $domains) = @_;
713
714 foreach my $domain (sort keys %$domains) {
715 my $comment = $domains->{$domain}->{comment};
716 PVE::Tools::safe_print($filename, $fh, "#$comment\n")
717 if defined($comment) && $comment !~ m/^\s*$/;
718
719 PVE::Tools::safe_print($filename, $fh, "$domain 1\n");
720 }
721 }
722
723 PVE::INotify::register_file('domains', $domainsfilename,
724 \&read_pmg_domains,
725 \&write_pmg_domains,
726 undef, always_call_parser => 1);
727
728 my $mynetworks_filename = "/etc/pmg/mynetworks";
729
730 sub postmap_pmg_mynetworks {
731 PMG::Utils::run_postmap($mynetworks_filename);
732 }
733
734 sub read_pmg_mynetworks {
735 my ($filename, $fh) = @_;
736
737 my $mynetworks = {};
738
739 my $comment = '';
740 if (defined($fh)) {
741 while (defined(my $line = <$fh>)) {
742 chomp $line;
743 next if $line =~ m/^\s*$/;
744 if ($line =~ m!^((?:$IPV4RE|$IPV6RE))/(\d+)\s*(?:#(.*)\s*)?$!) {
745 my ($network, $prefix_size, $comment) = ($1, $2, $3);
746 my $cidr = "$network/${prefix_size}";
747 $mynetworks->{$cidr} = {
748 cidr => $cidr,
749 network_address => $network,
750 prefix_size => $prefix_size,
751 comment => $comment // '',
752 };
753 } else {
754 warn "parse error in '$filename': $line\n";
755 }
756 }
757 }
758
759 return $mynetworks;
760 }
761
762 sub write_pmg_mynetworks {
763 my ($filename, $fh, $mynetworks) = @_;
764
765 foreach my $cidr (sort keys %$mynetworks) {
766 my $data = $mynetworks->{$cidr};
767 my $comment = $data->{comment} // '*';
768 PVE::Tools::safe_print($filename, $fh, "$cidr #$comment\n");
769 }
770 }
771
772 PVE::INotify::register_file('mynetworks', $mynetworks_filename,
773 \&read_pmg_mynetworks,
774 \&write_pmg_mynetworks,
775 undef, always_call_parser => 1);
776
777 my $transport_map_filename = "/etc/pmg/transport";
778
779 sub postmap_pmg_transport {
780 PMG::Utils::run_postmap($transport_map_filename);
781 }
782
783 sub read_transport_map {
784 my ($filename, $fh) = @_;
785
786 return [] if !defined($fh);
787
788 my $res = {};
789
790 my $comment = '';
791
792 while (defined(my $line = <$fh>)) {
793 chomp $line;
794 next if $line =~ m/^\s*$/;
795 if ($line =~ m/^#(.*)\s*$/) {
796 $comment = $1;
797 next;
798 }
799
800 my $parse_error = sub {
801 my ($err) = @_;
802 warn "parse error in '$filename': $line - $err";
803 $comment = '';
804 };
805
806 if ($line =~ m/^(\S+)\s+smtp:(\S+):(\d+)\s*$/) {
807 my ($domain, $host, $port) = ($1, $2, $3);
808
809 eval { pmg_verify_transport_domain($domain); };
810 if (my $err = $@) {
811 $parse_error->($err);
812 next;
813 }
814 my $use_mx = 1;
815 if ($host =~ m/^\[(.*)\]$/) {
816 $host = $1;
817 $use_mx = 0;
818 }
819
820 eval { PVE::JSONSchema::pve_verify_address($host); };
821 if (my $err = $@) {
822 $parse_error->($err);
823 next;
824 }
825
826 my $data = {
827 domain => $domain,
828 host => $host,
829 port => $port,
830 use_mx => $use_mx,
831 comment => $comment,
832 };
833 $res->{$domain} = $data;
834 $comment = '';
835 } else {
836 $parse_error->('wrong format');
837 }
838 }
839
840 return $res;
841 }
842
843 sub write_transport_map {
844 my ($filename, $fh, $tmap) = @_;
845
846 return if !$tmap;
847
848 foreach my $domain (sort keys %$tmap) {
849 my $data = $tmap->{$domain};
850
851 my $comment = $data->{comment};
852 PVE::Tools::safe_print($filename, $fh, "#$comment\n")
853 if defined($comment) && $comment !~ m/^\s*$/;
854
855 my $use_mx = $data->{use_mx};
856 $use_mx = 0 if $data->{host} =~ m/^(?:$IPV4RE|$IPV6RE)$/;
857
858 if ($use_mx) {
859 PVE::Tools::safe_print(
860 $filename, $fh, "$data->{domain} smtp:$data->{host}:$data->{port}\n");
861 } else {
862 PVE::Tools::safe_print(
863 $filename, $fh, "$data->{domain} smtp:[$data->{host}]:$data->{port}\n");
864 }
865 }
866 }
867
868 PVE::INotify::register_file('transport', $transport_map_filename,
869 \&read_transport_map,
870 \&write_transport_map,
871 undef, always_call_parser => 1);
872
873 # config file generation using templates
874
875 sub get_template_vars {
876 my ($self) = @_;
877
878 my $vars = { pmg => $self->get_config() };
879
880 my $nodename = PVE::INotify::nodename();
881 my $int_ip = PMG::Cluster::remote_node_ip($nodename);
882 my $int_net_cidr = PMG::Utils::find_local_network_for_ip($int_ip);
883 $vars->{ipconfig}->{int_ip} = $int_ip;
884 # $vars->{ipconfig}->{int_net_cidr} = $int_net_cidr;
885
886 my $transportnets = [];
887
888 my $tmap = PVE::INotify::read_file('transport');
889 foreach my $domain (sort keys %$tmap) {
890 my $data = $tmap->{$domain};
891 my $host = $data->{host};
892 if ($host =~ m/^$IPV4RE$/) {
893 push @$transportnets, "$host/32";
894 } elsif ($host =~ m/^$IPV6RE$/) {
895 push @$transportnets, "[$host]/128";
896 }
897 }
898
899 $vars->{postfix}->{transportnets} = join(' ', @$transportnets);
900
901 my $mynetworks = [ '127.0.0.0/8', '[::1]/128' ];
902 push @$mynetworks, @$transportnets;
903 push @$mynetworks, $int_net_cidr;
904 push @$mynetworks, 'hash:/etc/pmg/mynetworks';
905
906 my $netlist = PVE::INotify::read_file('mynetworks');
907 # add default relay to mynetworks
908 if (my $relay = $self->get('mail', 'relay')) {
909 if ($relay =~ m/^$IPV4RE$/) {
910 push @$mynetworks, "$relay/32";
911 } elsif ($relay =~ m/^$IPV6RE$/) {
912 push @$mynetworks, "[$relay]/128";
913 } else {
914 # DNS name - do nothing ?
915 }
916 }
917
918 $vars->{postfix}->{mynetworks} = join(' ', @$mynetworks);
919
920 my $usepolicy = 0;
921 $usepolicy = 1 if $self->get('mail', 'greylist') ||
922 $self->get('mail', 'spf') || $self->get('mail', 'use_rbl');
923 $vars->{postfix}->{usepolicy} = $usepolicy;
924
925 my $resolv = PVE::INotify::read_file('resolvconf');
926 $vars->{dns}->{hostname} = $nodename;
927 $vars->{dns}->{domain} = $resolv->{search};
928
929 return $vars;
930 }
931
932 # rewrite file from template
933 # return true if file has changed
934 sub rewrite_config_file {
935 my ($self, $tmplname, $dstfn) = @_;
936
937 my $demo = $self->get('admin', 'demo');
938
939 my $srcfn = ($tmplname =~ m|^.?/|) ?
940 $tmplname : "/var/lib/pmg/templates/$tmplname";
941
942 if ($demo) {
943 my $demosrc = "$srcfn.demo";
944 $srcfn = $demosrc if -f $demosrc;
945 }
946
947 my ($perm, $uid, $gid);
948
949 my $srcfd = IO::File->new ($srcfn, "r")
950 || die "cant read template '$srcfn' - $!: ERROR";
951
952 if ($dstfn eq '/etc/fetchmailrc') {
953 (undef, undef, $uid, $gid) = getpwnam('fetchmail');
954 $perm = 0600;
955 } elsif ($dstfn eq '/etc/clamav/freshclam.conf') {
956 # needed if file contains a HTTPProxyPasswort
957
958 $uid = getpwnam('clamav');
959 $gid = getgrnam('adm');
960 $perm = 0600;
961 }
962
963 my $template = Template->new({});
964
965 my $vars = $self->get_template_vars();
966
967 my $output = '';
968
969 $template->process($srcfd, $vars, \$output) ||
970 die $template->error();
971
972 $srcfd->close();
973
974 my $old = PVE::Tools::file_get_contents($dstfn, 128*1024) if -f $dstfn;
975
976 return 0 if defined($old) && ($old eq $output); # no change
977
978 PVE::Tools::file_set_contents($dstfn, $output, $perm);
979
980 if (defined($uid) && defined($gid)) {
981 chown($uid, $gid, $dstfn);
982 }
983
984 return 1;
985 }
986
987 # rewrite spam configuration
988 sub rewrite_config_spam {
989 my ($self) = @_;
990
991 my $use_awl = $self->get('spam', 'use_awl');
992 my $use_bayes = $self->get('spam', 'use_bayes');
993 my $use_razor = $self->get('spam', 'use_razor');
994
995 my $changes = 0;
996
997 # delete AW and bayes databases if those features are disabled
998 if (!$use_awl) {
999 $changes = 1 if unlink '/root/.spamassassin/auto-whitelist';
1000 }
1001
1002 if (!$use_bayes) {
1003 $changes = 1 if unlink '/root/.spamassassin/bayes_journal';
1004 $changes = 1 if unlink '/root/.spamassassin/bayes_seen';
1005 $changes = 1 if unlink '/root/.spamassassin/bayes_toks';
1006 }
1007
1008 # make sure we have a custom.cf file (else cluster sync fails)
1009 IO::File->new('/etc/mail/spamassassin/custom.cf', 'a', 0644);
1010
1011 $changes = 1 if $self->rewrite_config_file(
1012 'local.cf.in', '/etc/mail/spamassassin/local.cf');
1013
1014 $changes = 1 if $self->rewrite_config_file(
1015 'init.pre.in', '/etc/mail/spamassassin/init.pre');
1016
1017 $changes = 1 if $self->rewrite_config_file(
1018 'v310.pre.in', '/etc/mail/spamassassin/v310.pre');
1019
1020 $changes = 1 if $self->rewrite_config_file(
1021 'v320.pre.in', '/etc/mail/spamassassin/v320.pre');
1022
1023 if ($use_razor) {
1024 mkdir "/root/.razor";
1025
1026 $changes = 1 if $self->rewrite_config_file(
1027 'razor-agent.conf.in', '/root/.razor/razor-agent.conf');
1028
1029 if (! -e '/root/.razor/identity') {
1030 eval {
1031 my $timeout = 30;
1032 PVE::Tools::run_command(['razor-admin', '-discover'], timeout => $timeout);
1033 PVE::Tools::run_command(['razor-admin', '-register'], timeout => $timeout);
1034 };
1035 my $err = $@;
1036 syslog('info', msgquote ("registering razor failed: $err")) if $err;
1037 }
1038 }
1039
1040 return $changes;
1041 }
1042
1043 # rewrite ClamAV configuration
1044 sub rewrite_config_clam {
1045 my ($self) = @_;
1046
1047 return $self->rewrite_config_file(
1048 'clamd.conf.in', '/etc/clamav/clamd.conf');
1049 }
1050
1051 sub rewrite_config_freshclam {
1052 my ($self) = @_;
1053
1054 return $self->rewrite_config_file(
1055 'freshclam.conf.in', '/etc/clamav/freshclam.conf');
1056 }
1057
1058 sub rewrite_config_postgres {
1059 my ($self) = @_;
1060
1061 my $pgconfdir = "/etc/postgresql/9.6/main";
1062
1063 my $changes = 0;
1064
1065 $changes = 1 if $self->rewrite_config_file(
1066 'pg_hba.conf.in', "$pgconfdir/pg_hba.conf");
1067
1068 $changes = 1 if $self->rewrite_config_file(
1069 'postgresql.conf.in', "$pgconfdir/postgresql.conf");
1070
1071 return $changes;
1072 }
1073
1074 # rewrite /root/.forward
1075 sub rewrite_dot_forward {
1076 my ($self) = @_;
1077
1078 my $dstfn = '/root/.forward';
1079
1080 my $email = $self->get('admin', 'email');
1081
1082 my $output = '';
1083 if ($email && $email =~ m/\s*(\S+)\s*/) {
1084 $output = "$1\n";
1085 } else {
1086 # empty .forward does not forward mails (see man local)
1087 }
1088
1089 my $old = PVE::Tools::file_get_contents($dstfn, 128*1024) if -f $dstfn;
1090
1091 return 0 if defined($old) && ($old eq $output); # no change
1092
1093 PVE::Tools::file_set_contents($dstfn, $output);
1094
1095 return 1;
1096 }
1097
1098 # rewrite /etc/postfix/*
1099 sub rewrite_config_postfix {
1100 my ($self) = @_;
1101
1102 # make sure we have required files (else postfix start fails)
1103 postmap_pmg_domains();
1104 postmap_pmg_transport();
1105 postmap_pmg_mynetworks();
1106
1107 IO::File->new($transport_map_filename, 'a', 0644);
1108
1109 my $changes = 0;
1110
1111 if ($self->get('mail', 'tls')) {
1112 eval {
1113 PMG::Utils::gen_proxmox_tls_cert();
1114 };
1115 syslog ('info', msgquote ("generating certificate failed: $@")) if $@;
1116 }
1117
1118 $changes = 1 if $self->rewrite_config_file(
1119 'main.cf.in', '/etc/postfix/main.cf');
1120
1121 $changes = 1 if $self->rewrite_config_file(
1122 'master.cf.in', '/etc/postfix/master.cf');
1123
1124 #rewrite_config_transports ($class);
1125 #rewrite_config_whitelist ($class);
1126 #rewrite_config_tls_policy ($class);
1127
1128 # make sure aliases.db is up to date
1129 system('/usr/bin/newaliases');
1130
1131 return $changes;
1132 }
1133
1134 sub rewrite_config {
1135 my ($self, $restart_services) = @_;
1136
1137 if ($self->rewrite_config_postfix() && $restart_services) {
1138 PMG::Utils::service_cmd('postfix', 'restart');
1139 }
1140
1141 if ($self->rewrite_dot_forward() && $restart_services) {
1142 # no need to restart anything
1143 }
1144
1145 if ($self->rewrite_config_postgres() && $restart_services) {
1146 # do nothing (too many side effects)?
1147 # does not happen anyways, because config does not change.
1148 }
1149
1150 if ($self->rewrite_config_spam() && $restart_services) {
1151 PMG::Utils::service_cmd('pmg-smtp-filter', 'restart');
1152 }
1153
1154 if ($self->rewrite_config_clam() && $restart_services) {
1155 PMG::Utils::service_cmd('clamav-daemon', 'restart');
1156 }
1157
1158 if ($self->rewrite_config_freshclam() && $restart_services) {
1159 PMG::Utils::service_cmd('clamav-freshclam', 'restart');
1160 }
1161
1162 }
1163
1164 1;
PMG API