type => 'string',
pattern => "http://.*",
},
+ avast => {
+ description => "Use Avast Virus Scanner (/bin/scan). You need to buy and install 'Avast Core Security' before you can enable this feature.",
+ type => 'boolean',
+ default => 0,
+ },
+ clamav => {
+ description => "Use ClamAV Virus Scanner. This is the default virus scanner and is enabled by default.",
+ type => 'boolean',
+ default => 1,
+ },
};
}
sub options {
return {
advfilter => { optional => 1 },
+ avast => { optional => 1 },
+ clamav => { optional => 1 },
statlifetime => { optional => 1 },
dailyreport => { optional => 1 },
demo => { optional => 1 },
default => 1,
},
hostname => {
- description => "Quarantine Host. Usefule if you run a Cluster and want users to connect to a specific host.",
+ description => "Quarantine Host. Useful if you run a Cluster and want users to connect to a specific host.",
type => 'string', format => 'address',
},
+ port => {
+ description => "Quarantine Port. Useful if you have a reverse proxy or port forwarding for the webinterface. Only used for the generated Spam report.",
+ type => 'integer',
+ minimum => 1,
+ maximum => 65535,
+ default => 8006,
+ },
+ protocol => {
+ description => "Quarantine Webinterface Protocol. Useful if you have a reverse proxy for the webinterface. Only used for the generated Spam report.",
+ type => 'string',
+ enum => [qw(http https)],
+ default => 'https',
+ },
mailfrom => {
description => "Text for 'From' header in daily spam report mails.",
type => 'string',
reportstyle => { optional => 1 },
viewimages => { optional => 1 },
allowhrefs => { optional => 1 },
+ port => { optional => 1 },
+ protocol => { optional => 1 },
};
}
description => "Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).",
type => 'string', format => 'dnsbl-entry-list',
},
+ dnsbl_threshold => {
+ description => "The inclusive lower bound for blocking a remote SMTP client, based on its combined DNSBL score (see postscreen_dnsbl_threshold parameter).",
+ type => 'integer',
+ minimum => 0,
+ default => 1
+ },
};
}
message_rate_limit => { optional => 1 },
verifyreceivers => { optional => 1 },
dnsbl_sites => { optional => 1 },
+ dnsbl_threshold => { optional => 1 },
};
}
return $name;
}
+PVE::JSONSchema::register_format(
+ 'transport-domain-or-email', \&pmg_verify_transport_domain_or_email);
+
+sub pmg_verify_transport_domain_or_email {
+ my ($name, $noerr) = @_;
+
+ my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
+
+ # email address
+ if ($name =~ m/^(?:[^\s\/\@]+\@)(${namere}\.)*${namere}$/) {
+ return $name;
+ }
+
+ # like dns-name, but can contain leading dot
+ if ($name !~ /^\.?(${namere}\.)*${namere}$/) {
+ return undef if $noerr;
+ die "value does not look like a valid transport domain or email address\n";
+ }
+ return $name;
+}
+
PVE::JSONSchema::register_format(
'dnsbl-entry', \&pmg_verify_dnsbl_entry);
if ($line =~ m/^(\S+)\s+smtp:(\S+):(\d+)\s*$/) {
my ($domain, $host, $port) = ($1, $2, $3);
- eval { pmg_verify_transport_domain($domain); };
+ eval { pmg_verify_transport_domain_or_email($domain); };
if (my $err = $@) {
$parse_error->($err);
next;
my $mynetworks = [ '127.0.0.0/8', '[::1]/128' ];
if (my $int_net_cidr = PMG::Utils::find_local_network_for_ip($int_ip, 1)) {
- push @$mynetworks, $int_net_cidr;
+ if ($int_net_cidr =~ m/^($IPV6RE)\/(\d+)$/) {
+ push @$mynetworks, "[$1]/$2";
+ } else {
+ push @$mynetworks, $int_net_cidr;
+ }
} else {
if ($int_ip =~ m/^$IPV6RE$/) {
- push @$mynetworks, "$int_ip/128";
+ push @$mynetworks, "[$int_ip]/128";
} else {
push @$mynetworks, "$int_ip/32";
}
}
my $netlist = PVE::INotify::read_file('mynetworks');
- push @$mynetworks, keys %$netlist;
+ foreach my $cidr (keys %$netlist) {
+ if ($cidr =~ m/^($IPV6RE)\/(\d+)$/) {
+ push @$mynetworks, "[$1]/$2";
+ } else {
+ push @$mynetworks, $cidr;
+ }
+ }
push @$mynetworks, @$transportnets;
$vars->{postfix}->{dnsbl_sites} = join(',', @dnsbl_sites);
}
+ $vars->{postfix}->{dnsbl_threshold} = $self->get('mail', 'dnsbl_threshold');
+
my $usepolicy = 0;
$usepolicy = 1 if $self->get('mail', 'greylist') ||
$self->get('mail', 'spf');
$vars->{postfix}->{usepolicy} = $usepolicy;
+ if ($int_ip =~ m/^$IPV6RE$/) {
+ $vars->{postfix}->{int_ip} = "[$int_ip]";
+ } else {
+ $vars->{postfix}->{int_ip} = $int_ip;
+ }
+
my $resolv = PVE::INotify::read_file('resolvconf');
$vars->{dns}->{hostname} = $nodename;