X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPMG%2FConfig.pm;h=061396e4d6da1025c7ca4c5bfde2968f29a5f79b;hb=b0f049b6674ea574fc3352859a71c54d40603a50;hp=a0b1866b78f07ca475307d0f269ec751389abd28;hpb=30c74bd27c3a4bd751561032e1a04ef52177db53;p=pmg-api.git

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
old mode 100755
new mode 100644
index a0b1866..061396e
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -63,9 +63,16 @@ sub type {
 sub properties {
     return {
 	advfilter => {
-	    description => "Use advanced filters for statistic.",
+	    description => "Enable advanced filters for statistic.",
+	    verbose_description => <<EODESC,
+Enable advanced filters for statistic.
+
+If this is enabled, the receiver statistic are limited to active ones
+(receivers which also sent out mail in the 90 days before), and the contact
+statistic will not contain these active receivers.
+EODESC
 	    type => 'boolean',
-	    default => 1,
+	    default => 0,
 	},
 	dailyreport => {
 	    description => "Send daily reports.",
@@ -170,12 +177,12 @@ sub properties {
 	use_bayes => {
 	    description => "Whether to use the naive-Bayesian-style classifier.",
 	    type => 'boolean',
-	    default => 1,
+	    default => 0,
 	},
 	use_awl => {
 	    description => "Use the Auto-Whitelist plugin.",
 	    type => 'boolean',
-	    default => 1,
+	    default => 0,
 	},
 	use_razor => {
 	    description => "Whether to use Razor2, if it is available.",
@@ -211,6 +218,11 @@ sub properties {
 	    minimum => 64,
 	    default => 256*1024,
 	},
+	extract_text => {
+	    description => "Extract text from attachments (doc, pdf, rtf, images) and scan for spam.",
+	    type => 'boolean',
+	    default => 0,
+	},
     };
 }
 
@@ -225,6 +237,7 @@ sub options {
 	bounce_score => { optional => 1 },
 	rbl_checks => { optional => 1 },
 	maxspamsize => { optional => 1 },
+	extract_text => { optional => 1 },
     };
 }
 
@@ -446,8 +459,17 @@ sub get_max_filters {
 
     my $max_servers = 5;
     my $servermem = 120;
+    my $base;
     my $memory = physical_memory();
-    my $add_servers = int(($memory - 512)/$servermem);
+    if ($memory < 3840) {
+	warn "low amount of system memory installed, recommended is 4+ GB\n"
+	    ."to prevent OOM kills, it is better to set max_filters manually\n";
+	$base = $memory > 1536 ? 1024 : 512;
+    } else {
+	$base = 2816;
+	$servermem = 150;
+    }
+    my $add_servers = int(($memory - $base)/$servermem);
     $max_servers += $add_servers if $add_servers > 0;
     $max_servers = 40 if  $max_servers > 40;
 
@@ -513,11 +535,12 @@ sub properties {
 	    default => 0,
 	},
 	smarthost => {
-	    description => "When set, all outgoing mails are deliverd to the specified smarthost.",
+	    description => "When set, all outgoing mails are deliverd to the specified smarthost."
+	        ." (postfix option `default_transport`)",
 	    type => 'string', format => 'address',
 	},
 	smarthostport => {
-	    description => "SMTP port number for smarthost.",
+	    description => "SMTP port number for smarthost. (postfix option `default_transport`)",
 	    type => 'integer',
 	    minimum => 1,
 	    maximum => 65535,
@@ -581,13 +604,13 @@ sub properties {
 	    default => 0,
 	},
 	maxsize => {
-	    description => "Maximum email size. Larger mails are rejected.",
+	    description => "Maximum email size. Larger mails are rejected. (postfix option `message_size_limit`)",
 	    type => 'integer',
 	    minimum => 1024,
 	    default => 1024*1024*10,
 	},
 	dwarning => {
-	    description => "SMTP delay warning time (in hours).",
+	    description => "SMTP delay warning time (in hours). (postfix option `delay_warning_time`)",
 	    type => 'integer',
 	    minimum => 0,
 	    default => 4,
@@ -637,31 +660,35 @@ sub properties {
 	    default => 64,
 	},
 	helotests => {
-	    description => "Use SMTP HELO tests.",
+	    description => "Use SMTP HELO tests. (postfix option `smtpd_helo_restrictions`)",
 	    type => 'boolean',
 	    default => 0,
 	},
 	rejectunknown => {
-	    description => "Reject unknown clients.",
+	    description => "Reject unknown clients. (postfix option `reject_unknown_client_hostname`)",
 	    type => 'boolean',
 	    default => 0,
 	},
 	rejectunknownsender => {
-	    description => "Reject unknown senders.",
+	    description => "Reject unknown senders. (postfix option `reject_unknown_sender_domain`)",
 	    type => 'boolean',
 	    default => 0,
 	},
 	verifyreceivers => {
-	    description => "Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.",
+	    description => "Enable receiver verification. The value spefifies the numerical reply"
+	        ." code when the Postfix SMTP server rejects a recipient address."
+	        ." (postfix options `reject_unknown_recipient_domain`, `reject_unverified_recipient`,"
+	        ." and `unverified_recipient_reject_code`)",
 	    type => 'string',
 	    enum => ['450', '550'],
 	},
 	dnsbl_sites => {
-	    description => "Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).",
+	    description => "Optional list of DNS white/blacklist domains (postfix option `postscreen_dnsbl_sites`).",
 	    type => 'string', format => 'dnsbl-entry-list',
 	},
 	dnsbl_threshold => {
-	    description => "The inclusive lower bound for blocking a remote SMTP client, based on its combined DNSBL score (see postscreen_dnsbl_threshold parameter).",
+	    description => "The inclusive lower bound for blocking a remote SMTP client, based on"
+	        ." its combined DNSBL score (postfix option `postscreen_dnsbl_threshold`).",
 	    type => 'integer',
 	    minimum => 0,
 	    default => 1
@@ -676,6 +703,11 @@ sub properties {
 	    type => 'boolean',
 	    default => 0
 	},
+	smtputf8 => {
+	    description => "Enable SMTPUTF8 support in Postfix and detection for locally generated mail (postfix option `smtputf8_enable`)",
+	    type => 'boolean',
+	    default => 1
+	},
     };
 }
 
@@ -716,6 +748,7 @@ sub options {
 	dnsbl_threshold => { optional => 1 },
 	before_queue_filtering => { optional => 1 },
 	ndr_on_block => { optional => 1 },
+	smtputf8 => { optional => 1 },
     };
 }
 
@@ -915,10 +948,8 @@ sub get_config {
 sub read_pmg_conf {
     my ($filename, $fh) = @_;
 
-    local $/ = undef; # slurp mode
-
     my $raw;
-    $raw = <$fh> if defined($fh);
+    $raw = do { local $/ = undef; <$fh> } if defined($fh);
 
     return  PMG::Config::Base->parse_config($filename, $raw);
 }
@@ -1105,7 +1136,7 @@ sub read_tls_policy {
 
 	my $parse_error = sub {
 	    my ($err) = @_;
-	    die "parse error in '$filename': $line - $err";
+	    warn "parse error in '$filename': $line - $err\n";
 	};
 
 	if ($line =~ m/^(\S+)\s+(.+)\s*$/) {
@@ -1154,6 +1185,61 @@ sub postmap_tls_policy {
     PMG::Utils::run_postmap($tls_policy_map_filename);
 }
 
+sub read_tls_inbound_domains {
+    my ($filename, $fh) = @_;
+
+    return {} if !defined($fh);
+
+    my $domains = {};
+
+    while (defined(my $line = <$fh>)) {
+	chomp $line;
+	next if $line =~ m/^\s*$/;
+	next if $line =~ m/^#(.*)\s*$/;
+
+	my $parse_error = sub {
+	    my ($err) = @_;
+	    warn "parse error in '$filename': $line - $err\n";
+	};
+
+	if ($line =~ m/^(\S+) reject_plaintext_session$/) {
+	    my $domain = $1;
+
+	    eval { pmg_verify_transport_domain($domain) };
+	    if (my $err = $@) {
+		$parse_error->($err);
+		next;
+	    }
+
+	    $domains->{$domain} = 1;
+	} else {
+	    $parse_error->('wrong format');
+	}
+    }
+
+    return $domains;
+}
+
+sub write_tls_inbound_domains {
+    my ($filename, $fh, $domains) = @_;
+
+    return if !$domains;
+
+    foreach my $domain (sort keys %$domains) {
+	PVE::Tools::safe_print($filename, $fh, "$domain reject_plaintext_session\n");
+    }
+}
+
+my $tls_inbound_domains_map_filename = "/etc/pmg/tls_inbound_domains";
+PVE::INotify::register_file('tls_inbound_domains', $tls_inbound_domains_map_filename,
+			    \&read_tls_inbound_domains,
+			    \&write_tls_inbound_domains,
+			    undef, always_call_parser => 1);
+
+sub postmap_tls_inbound_domains {
+    PMG::Utils::run_postmap($tls_inbound_domains_map_filename);
+}
+
 my $transport_map_filename = "/etc/pmg/transport";
 
 sub postmap_pmg_transport {
@@ -1515,6 +1601,12 @@ sub rewrite_config_spam {
     $changes = 1 if $self->rewrite_config_file(
 	'v320.pre.in', '/etc/mail/spamassassin/v320.pre');
 
+    $changes = 1 if $self->rewrite_config_file(
+	'v342.pre.in', '/etc/mail/spamassassin/v342.pre');
+
+    $changes = 1 if $self->rewrite_config_file(
+	'v400.pre.in', '/etc/mail/spamassassin/v400.pre');
+
     if ($use_razor) {
 	mkdir "/root/.razor";
 
@@ -1684,6 +1776,7 @@ sub rewrite_config_postfix {
     postmap_pmg_domains();
     postmap_pmg_transport();
     postmap_tls_policy();
+    postmap_tls_inbound_domains();
 
     rewrite_postfix_whitelist($rulecache) if $rulecache;
 
@@ -1698,6 +1791,7 @@ my $pmg_service_params = {
     mail => {
 	hide_received => 1,
 	ndr_on_block => 1,
+	smtputf8 => 1,
     },
     admin => {
 	dkim_selector => 1,