sub properties {
return {
advfilter => {
- description => "Use advanced filters for statistic.",
+ description => "Enable advanced filters for statistic.",
+ verbose_description => <<EODESC,
+Enable advanced filters for statistic.
+
+If this is enabled, the receiver statistic are limited to active ones
+(receivers which also sent out mail in the 90 days before), and the contact
+statistic will not contain these active receivers.
+EODESC
type => 'boolean',
- default => 1,
+ default => 0,
},
dailyreport => {
description => "Send daily reports.",
use_bayes => {
description => "Whether to use the naive-Bayesian-style classifier.",
type => 'boolean',
- default => 1,
+ default => 0,
},
use_awl => {
description => "Use the Auto-Whitelist plugin.",
type => 'boolean',
- default => 1,
+ default => 0,
},
use_razor => {
description => "Whether to use Razor2, if it is available.",
minimum => 64,
default => 256*1024,
},
+ extract_text => {
+ description => "Extract text from attachments (doc, pdf, rtf, images) and scan for spam.",
+ type => 'boolean',
+ default => 0,
+ },
};
}
bounce_score => { optional => 1 },
rbl_checks => { optional => 1 },
maxspamsize => { optional => 1 },
+ extract_text => { optional => 1 },
};
}
my $max_servers = 5;
my $servermem = 120;
+ my $base;
my $memory = physical_memory();
- my $add_servers = int(($memory - 512)/$servermem);
+ if ($memory < 3840) {
+ warn "low amount of system memory installed, recommended is 4+ GB\n"
+ ."to prevent OOM kills, it is better to set max_filters manually\n";
+ $base = $memory > 1536 ? 1024 : 512;
+ } else {
+ $base = 2816;
+ $servermem = 150;
+ }
+ my $add_servers = int(($memory - $base)/$servermem);
$max_servers += $add_servers if $add_servers > 0;
$max_servers = 40 if $max_servers > 40;
default => 0,
},
smarthost => {
- description => "When set, all outgoing mails are deliverd to the specified smarthost.",
+ description => "When set, all outgoing mails are deliverd to the specified smarthost."
+ ." (postfix option `default_transport`)",
type => 'string', format => 'address',
},
smarthostport => {
- description => "SMTP port number for smarthost.",
+ description => "SMTP port number for smarthost. (postfix option `default_transport`)",
type => 'integer',
minimum => 1,
maximum => 65535,
default => 0,
},
maxsize => {
- description => "Maximum email size. Larger mails are rejected.",
+ description => "Maximum email size. Larger mails are rejected. (postfix option `message_size_limit`)",
type => 'integer',
minimum => 1024,
default => 1024*1024*10,
},
dwarning => {
- description => "SMTP delay warning time (in hours).",
+ description => "SMTP delay warning time (in hours). (postfix option `delay_warning_time`)",
type => 'integer',
minimum => 0,
default => 4,
default => 64,
},
helotests => {
- description => "Use SMTP HELO tests.",
+ description => "Use SMTP HELO tests. (postfix option `smtpd_helo_restrictions`)",
type => 'boolean',
default => 0,
},
rejectunknown => {
- description => "Reject unknown clients.",
+ description => "Reject unknown clients. (postfix option `reject_unknown_client_hostname`)",
type => 'boolean',
default => 0,
},
rejectunknownsender => {
- description => "Reject unknown senders.",
+ description => "Reject unknown senders. (postfix option `reject_unknown_sender_domain`)",
type => 'boolean',
default => 0,
},
verifyreceivers => {
- description => "Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.",
+ description => "Enable receiver verification. The value spefifies the numerical reply"
+ ." code when the Postfix SMTP server rejects a recipient address."
+ ." (postfix options `reject_unknown_recipient_domain`, `reject_unverified_recipient`,"
+ ." and `unverified_recipient_reject_code`)",
type => 'string',
enum => ['450', '550'],
},
dnsbl_sites => {
- description => "Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).",
+ description => "Optional list of DNS white/blacklist domains (postfix option `postscreen_dnsbl_sites`).",
type => 'string', format => 'dnsbl-entry-list',
},
dnsbl_threshold => {
- description => "The inclusive lower bound for blocking a remote SMTP client, based on its combined DNSBL score (see postscreen_dnsbl_threshold parameter).",
+ description => "The inclusive lower bound for blocking a remote SMTP client, based on"
+ ." its combined DNSBL score (postfix option `postscreen_dnsbl_threshold`).",
type => 'integer',
minimum => 0,
default => 1
type => 'boolean',
default => 0
},
+ smtputf8 => {
+ description => "Enable SMTPUTF8 support in Postfix and detection for locally generated mail (postfix option `smtputf8_enable`)",
+ type => 'boolean',
+ default => 1
+ },
};
}
dnsbl_threshold => { optional => 1 },
before_queue_filtering => { optional => 1 },
ndr_on_block => { optional => 1 },
+ smtputf8 => { optional => 1 },
};
}
sub read_pmg_conf {
my ($filename, $fh) = @_;
- local $/ = undef; # slurp mode
-
my $raw;
- $raw = <$fh> if defined($fh);
+ $raw = do { local $/ = undef; <$fh> } if defined($fh);
return PMG::Config::Base->parse_config($filename, $raw);
}
my $parse_error = sub {
my ($err) = @_;
- die "parse error in '$filename': $line - $err";
+ warn "parse error in '$filename': $line - $err\n";
};
if ($line =~ m/^(\S+)\s+(.+)\s*$/) {
PMG::Utils::run_postmap($tls_policy_map_filename);
}
+sub read_tls_inbound_domains {
+ my ($filename, $fh) = @_;
+
+ return {} if !defined($fh);
+
+ my $domains = {};
+
+ while (defined(my $line = <$fh>)) {
+ chomp $line;
+ next if $line =~ m/^\s*$/;
+ next if $line =~ m/^#(.*)\s*$/;
+
+ my $parse_error = sub {
+ my ($err) = @_;
+ warn "parse error in '$filename': $line - $err\n";
+ };
+
+ if ($line =~ m/^(\S+) reject_plaintext_session$/) {
+ my $domain = $1;
+
+ eval { pmg_verify_transport_domain($domain) };
+ if (my $err = $@) {
+ $parse_error->($err);
+ next;
+ }
+
+ $domains->{$domain} = 1;
+ } else {
+ $parse_error->('wrong format');
+ }
+ }
+
+ return $domains;
+}
+
+sub write_tls_inbound_domains {
+ my ($filename, $fh, $domains) = @_;
+
+ return if !$domains;
+
+ foreach my $domain (sort keys %$domains) {
+ PVE::Tools::safe_print($filename, $fh, "$domain reject_plaintext_session\n");
+ }
+}
+
+my $tls_inbound_domains_map_filename = "/etc/pmg/tls_inbound_domains";
+PVE::INotify::register_file('tls_inbound_domains', $tls_inbound_domains_map_filename,
+ \&read_tls_inbound_domains,
+ \&write_tls_inbound_domains,
+ undef, always_call_parser => 1);
+
+sub postmap_tls_inbound_domains {
+ PMG::Utils::run_postmap($tls_inbound_domains_map_filename);
+}
+
my $transport_map_filename = "/etc/pmg/transport";
sub postmap_pmg_transport {
$changes = 1 if $self->rewrite_config_file(
'v320.pre.in', '/etc/mail/spamassassin/v320.pre');
+ $changes = 1 if $self->rewrite_config_file(
+ 'v342.pre.in', '/etc/mail/spamassassin/v342.pre');
+
+ $changes = 1 if $self->rewrite_config_file(
+ 'v400.pre.in', '/etc/mail/spamassassin/v400.pre');
+
if ($use_razor) {
mkdir "/root/.razor";
postmap_pmg_domains();
postmap_pmg_transport();
postmap_tls_policy();
+ postmap_tls_inbound_domains();
rewrite_postfix_whitelist($rulecache) if $rulecache;
mail => {
hide_received => 1,
ndr_on_block => 1,
+ smtputf8 => 1,
},
admin => {
dkim_selector => 1,