use MIME::Words;
use MIME::Parser;
use Time::HiRes qw (gettimeofday);
+use Time::Local;
use Xdgmime;
use Data::Dumper;
use Digest::SHA;
+use Digest::MD5;
use Net::IP;
use Socket;
use RRDs;
use PMG::MailQueue;
use PMG::SMTPPrinter;
-my $realm_regex = qr/[A-Za-z][A-Za-z0-9\.\-_]+/;
-
-PVE::JSONSchema::register_format('pmg-realm', \&verify_realm);
-sub verify_realm {
- my ($realm, $noerr) = @_;
-
- if ($realm !~ m/^${realm_regex}$/) {
- return undef if $noerr;
- die "value does not look like a valid realm\n";
- }
- return $realm;
-}
+my $valid_pmg_realms = ['pam', 'pmg', 'quarantine'];
PVE::JSONSchema::register_standard_option('realm', {
description => "Authentication domain ID",
- type => 'string', format => 'pmg-realm',
+ type => 'string',
+ enum => $valid_pmg_realms,
maxLength => 32,
});
+PVE::JSONSchema::register_standard_option('pmg-starttime', {
+ description => "Only consider entries newer than 'starttime' (unix epoch). Default is 'now - 1day'.",
+ type => 'integer',
+ minimum => 0,
+ optional => 1,
+});
+
+PVE::JSONSchema::register_standard_option('pmg-endtime', {
+ description => "Only consider entries older than 'endtime' (unix epoch). This is set to '<start> + 1day' by default.",
+ type => 'integer',
+ minimum => 1,
+ optional => 1,
+});
+
PVE::JSONSchema::register_format('pmg-userid', \&verify_username);
sub verify_username {
my ($username, $noerr) = @_;
# colon separated lists)!
# slash is not allowed because it is used as pve API delimiter
# also see "man useradd"
- if ($username =~ m!^([^\s:/]+)\@(${realm_regex})$!) {
+ my $realm_list = join('|', @$valid_pmg_realms);
+ if ($username =~ m!^([^\s:/]+)\@(${realm_list})$!) {
return wantarray ? ($username, $1, $2) : $username;
}
maxLength => 64,
});
+PVE::JSONSchema::register_standard_option('pmg-email-address', {
+ description => "Email Address (allow most characters).",
+ type => 'string',
+ pattern => '(?:|[^\s\/\@]+\@[^\s\/\@]+)',
+ maxLength => 512,
+ minLength => 3,
+});
+
sub lastid {
my ($dbh, $seq) = @_;
return $res;
}
+our $db_service_list = [
+ 'pmgpolicy', 'pmgmirror', 'pmgtunnel', 'pmg-smtp-filter' ];
+
sub service_wait_stopped {
my ($timeout, $service_list) = @_;
my ($service, $cmd) = @_;
die "unknown service command '$cmd'\n"
- if $cmd !~ m/^(start|stop|restart|reload)$/;
+ if $cmd !~ m/^(start|stop|restart|reload|reload-or-restart)$/;
if ($service eq 'pmgdaemon' || $service eq 'pmgproxy') {
- if ($cmd eq 'restart') {
- # OK
- } else {
- die "invalid service cmd '$service $cmd': ERROR";
- }
+ die "invalid service cmd '$service $cmd': ERROR" if $cmd eq 'stop';
+ } elsif ($service eq 'fetchmail') {
+ # use restart instead of start - else it does not start 'exited' unit
+ # after setting START_DAEMON=yes in /etc/default/fetchmail
+ $cmd = 'restart' if $cmd eq 'start';
}
$service = $service_aliases->{$service} // $service;
# make sure the file exists (else postmap fails)
IO::File->new($filename, 'a', 0644);
+ my $age_src = -M $filename // 0;
+ my $age_dst = -M "$filename.db" // 10000000000;
+
+ # if not changed, do nothing
+ return if $age_src > $age_dst;
+
eval {
PVE::Tools::run_command(
['/usr/sbin/postmap', $filename],
my $netin = 0;
my $netout = 0;
foreach my $dev (keys %$netdev) {
- next if $dev !~ m/^eth\d+$/;
+ next if $dev !~ m/^$PVE::Network::PHYSICAL_NIC_RE$/;
$netin += $netdev->{$dev}->{receive};
$netout += $netdev->{$dev}->{transmit};
}
return $res;
}
+sub decode_to_html {
+ my ($charset, $data) = @_;
+
+ my $res = $data;
+
+ eval { $res = encode_entities(decode($charset, $data)); };
+
+ return $res;
+}
+
+sub decode_rfc1522 {
+ my ($enc) = @_;
+
+ my $res = '';
+
+ return '' if !$enc;
+
+ eval {
+ foreach my $r (MIME::Words::decode_mimewords($enc)) {
+ my ($d, $cs) = @$r;
+ if ($d) {
+ if ($cs) {
+ $res .= decode($cs, $d);
+ } else {
+ $res .= $d;
+ }
+ }
+ }
+ };
+
+ $res = $enc if $@;
+
+ return $res;
+}
+
sub rfc1522_to_html {
my ($enc) = @_;
return $res;
}
+# RFC 2047 B-ENCODING http://rfc.net/rfc2047.html
+# (Q-Encoding is complex and error prone)
+sub bencode_header {
+ my $txt = shift;
+
+ my $CRLF = "\015\012";
+
+ # Nonprintables (controls + x7F + 8bit):
+ my $NONPRINT = "\\x00-\\x1F\\x7F-\\xFF";
+
+ # always use utf-8 (work with japanese character sets)
+ $txt = encode("UTF-8", $txt);
+
+ return $txt if $txt !~ /[$NONPRINT]/o;
+
+ my $res = '';
+
+ while ($txt =~ s/^(.{1,42})//sm) {
+ my $t = MIME::Words::encode_mimeword ($1, 'B', 'UTF-8');
+ $res .= $res ? "\015\012\t$t" : $t;
+ }
+
+ return $res;
+}
+
+sub load_sa_descriptions {
+ my ($additional_dirs) = @_;
+
+ my @dirs = ('/usr/share/spamassassin',
+ '/usr/share/spamassassin-extra');
+
+ push @dirs, @$additional_dirs if @$additional_dirs;
+
+ my $res = {};
+
+ my $parse_sa_file = sub {
+ my ($file) = @_;
+
+ open(my $fh,'<', $file);
+ return if !defined($fh);
+
+ while (defined(my $line = <$fh>)) {
+ if ($line =~ m/^describe\s+(\S+)\s+(.*)\s*$/) {
+ my ($name, $desc) = ($1, $2);
+ next if $res->{$name};
+ $res->{$name}->{desc} = $desc;
+ if ($desc =~ m|[\(\s](http:\/\/\S+\.[^\s\.\)]+\.[^\s\.\)]+)|i) {
+ $res->{$name}->{url} = $1;
+ }
+ }
+ }
+ close($fh);
+ };
+
+ foreach my $dir (@dirs) {
+ foreach my $file (<$dir/*.cf>) {
+ $parse_sa_file->($file);
+ }
+ }
+
+ $res->{'ClamAVHeuristics'}->{desc} = "ClamAV heuristic tests";
+
+ return $res;
+}
+
+sub format_uptime {
+ my ($uptime) = @_;
+
+ my $days = int($uptime/86400);
+ $uptime -= $days*86400;
+
+ my $hours = int($uptime/3600);
+ $uptime -= $hours*3600;
+
+ my $mins = $uptime/60;
+
+ if ($days) {
+ my $ds = $days > 1 ? 'days' : 'day';
+ return sprintf "%d $ds %02d:%02d", $days, $hours, $mins;
+ } else {
+ return sprintf "%02d:%02d", $hours, $mins;
+ }
+}
+
+sub finalize_report {
+ my ($tt, $template, $data, $mailfrom, $receiver, $debug) = @_;
+
+ my $html = '';
+
+ $tt->process($template, $data, \$html) ||
+ die $tt->error() . "\n";
+
+ my $title;
+ if ($html =~ m|^\s*<title>(.*)</title>|m) {
+ $title = $1;
+ } else {
+ die "unable to extract template title\n";
+ }
+
+ my $top = MIME::Entity->build(
+ Type => "multipart/related",
+ To => $data->{pmail},
+ From => $mailfrom,
+ Subject => bencode_header(decode_entities($title)));
+
+ $top->attach(
+ Data => $html,
+ Type => "text/html",
+ Encoding => $debug ? 'binary' : 'quoted-printable');
+
+ if ($debug) {
+ $top->print();
+ return;
+ }
+ # we use an empty envelope sender (we dont want to receive NDRs)
+ PMG::Utils::reinject_mail ($top, '', [$receiver], undef, $data->{fqdn});
+}
+
+sub lookup_timespan {
+ my ($timespan) = @_;
+
+ my (undef, undef, undef, $mday, $mon, $year) = localtime(time());
+ my $daystart = timelocal(0, 0, 0, $mday, $mon, $year);
+
+ my $start;
+ my $end;
+
+ if ($timespan eq 'today') {
+ $start = $daystart;
+ $end = $start + 86400;
+ } elsif ($timespan eq 'yesterday') {
+ $end = $daystart;
+ $start = $end - 86400;
+ } elsif ($timespan eq 'week') {
+ $end = $daystart;
+ $start = $end - 7*86400;
+ } else {
+ die "internal error";
+ }
+
+ return ($start, $end);
+}
+
+my $rbl_scan_last_cursor;
+my $rbl_scan_start_time = time();
+
+sub scan_journal_for_rbl_rejects {
+
+ # example postscreen log entry for RBL rejects
+ # Aug 29 08:00:36 proxmox postfix/postscreen[11266]: NOQUEUE: reject: RCPT from [x.x.x.x]:1234: 550 5.7.1 Service unavailable; client [x.x.x.x] blocked using zen.spamhaus.org; from=<xxxx>, to=<yyyy>, proto=ESMTP, helo=<zzz>
+
+ # example for PREGREET reject
+ # Dec 7 06:57:11 proxmox postfix/postscreen[32084]: PREGREET 14 after 0.23 from [x.x.x.x]:63492: EHLO yyyyy\r\n
+
+ my $identifier = 'postfix/postscreen';
+
+ my $rbl_count = 0;
+ my $pregreet_count = 0;
+
+ my $parser = sub {
+ my $line = shift;
+
+ if ($line =~ m/^--\scursor:\s(\S+)$/) {
+ $rbl_scan_last_cursor = $1;
+ return;
+ }
+
+ if ($line =~ m/\s$identifier\[\d+\]:\sNOQUEUE:\sreject:.*550 5.7.1 Service unavailable;/) {
+ $rbl_count++;
+ } elsif ($line =~ m/\s$identifier\[\d+\]:\sPREGREET\s\d+\safter\s/) {
+ $pregreet_count++;
+ }
+ };
+
+ # limit to last 5000 lines to avoid long delays
+ my $cmd = ['journalctl', '--show-cursor', '-o', 'short-unix', '--no-pager',
+ '--identifier', $identifier, '-n', 5000];
+
+ if (defined($rbl_scan_last_cursor)) {
+ push @$cmd, "--after-cursor=${rbl_scan_last_cursor}";
+ } else {
+ push @$cmd, "--since=@" . $rbl_scan_start_time;
+ }
+
+ PVE::Tools::run_command($cmd, outfunc => $parser);
+
+ return ($rbl_count, $pregreet_count);
+}
+
+my $hwaddress;
+
+sub get_hwaddress {
+
+ return $hwaddress if defined ($hwaddress);
+
+ my $fn = '/etc/ssh/ssh_host_rsa_key.pub';
+ my $sshkey = PVE::Tools::file_get_contents($fn);
+ $hwaddress = uc(Digest::MD5::md5_hex($sshkey));
+
+ return $hwaddress;
+}
+
+my $default_locale = "en_US.UTF-8 UTF-8";
+
+sub cond_add_default_locale {
+
+ my $filename = "/etc/locale.gen";
+
+ open(my $infh, "<", $filename) || return;
+
+ while (defined(my $line = <$infh>)) {
+ if ($line =~ m/^\Q${default_locale}\E/) {
+ # already configured
+ return;
+ }
+ }
+
+ seek($infh, 0, 0) // return; # seek failed
+
+ open(my $outfh, ">", "$filename.tmp") || return;
+
+ my $done;
+ while (defined(my $line = <$infh>)) {
+ if ($line =~ m/^#\s*\Q${default_locale}\E.*/) {
+ print $outfh "${default_locale}\n" if !$done;
+ $done = 1;
+ } else {
+ print $outfh $line;
+ }
+ }
+
+ print STDERR "generation pmg default locale\n";
+
+ rename("$filename.tmp", $filename) || return; # rename failed
+
+ system("dpkg-reconfigure locales -f noninteractive");
+}
+
1;
projects / pmg-api.git / blobdiff