Stoiko Ivanov [Mon, 22 Nov 2021 19:49:39 +0000 (20:49 +0100)]
fix #3712: strip trailing dot from searchdomain
having a trailing '.' in the search domain is perfectly legal syntax
(for domain names in general). postfix refuses to use a fqdn with
trailing dot as hostname[0].
The restriction might be due to section 2.3.5 (Domain Names) of
RFC5321 (a top-level domain is a single string without any dots) [1]
[0] src/util/valid_hostname.c in the postfix source
[1] https://datatracker.ietf.org/doc/html/rfc5321#section-2.3.5
Thomas Lamprecht [Mon, 20 Sep 2021 06:52:28 +0000 (08:52 +0200)]
services: add drop weird binary-exists condition
The package that ships the service is the same as the one that ships
the binaries, so quite the useless check and a remainder from initial
switch from sysv to systemd in ~2015 (when it was not 100% clear
what/how systemd features should be integrated or units encoded).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 20 Sep 2021 06:50:46 +0000 (08:50 +0200)]
services: add After=network-online.target and update
while we indirectly got that by the remote-fs ordering constraint its
better to encode it explicitly, especially as the remote-fs does not
make much sense and may get removed soon
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 20 Sep 2021 06:38:08 +0000 (08:38 +0200)]
config: fix "var declared in conditional statement"
This is actually buggy and can lead to unexpected issues as in the
case the check on the declared variable did not evaluates to true it
gets (or better keeps) the value from the previous time when it was
actually assigned. Found with perlcritic, which reports the highest
severity for this mistake.
Refactor out the "is current file equal to generated config" check
which fixes three instances of that on its own and reduces code bloat
a bit.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 18 Sep 2021 13:17:21 +0000 (15:17 +0200)]
pmgbanner: retry getting local ip for a bit
basically only useful for setups using (hopefully static) DHCP for
the PMG host, but we can have that in evaluation, especially when
using CTs or installing on top of a plain Debian.
This was favored over adding an After=network-online.target order
constraint for the pmgbanner service, as it'd delay the console-getty
service needlessly in most setups
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Sat, 18 Sep 2021 13:06:57 +0000 (15:06 +0200)]
prefer more flexible get_local_ip where possible
get_ip_from_hostname does only check getaddrinfo, which can fail for
the local node in some environments, especially container ones.
Rather, use the new get_local_ip helper, that still tries to do a gai
call first, but falls back to configured (/etc/network/interfaces)
IPs and also on the currently, from kernel POV active ones.
A big bonus is that the new helper is much less likely to die, so it
won't break service startup in restricted (CTs) envs after initial
setup as often anymore.
While yes, if no addr is resolved, configured or active the PMG won't
work, but killing pmg proxy/daemon won't better that situation either
;)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Oguz Bektas [Thu, 2 Sep 2021 08:47:12 +0000 (10:47 +0200)]
api: apt: use actual pmg-style permission for endpoint schema
it wrongly uses the permission model from PVE, which caused the
endpoints to be root-only as a side effect, since PMG API doesn't
recognize the PVE-specific permissions.
fix those to allow PMG users with administrator role to add/delete
repositories, and auditor role to view the repositories.
Thomas Lamprecht [Fri, 16 Jul 2021 10:27:01 +0000 (12:27 +0200)]
api: implement live network reload with ifupdown2
Like most of the other call here, copied over from PVE, with the SDN
stuff dropped and some task-log feedback if we actually moved a
pending change in. Also adding error handling for the rename, both
should be added to PVE too.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
ssh public keys are base64 encoded, thus can potentially contain =.
until now the RSA keys generated by Debian were 2048 bits long and did
not need padding
with bullseye (openssh (1:8.0p1-1)) the RSA keysize got increased to
3072 bits, and now does contain a =
noticed while trying to join a PMG container from a bullseye template
to my existing cluster (the error happens on the new node).
Stoiko Ivanov [Wed, 30 Jun 2021 16:39:55 +0000 (18:39 +0200)]
config: freshclam: default to incremental downloads
clamav recently started yielding 429 (too many requests) response
codes on even comparatively low attempts to download the complete
signature files (cvd)(see [0]), instead of the incremental changes
(cdiff) (see [1] for some background)
changing the default to scriptedupdates (a.k.a. cdiff download) seems
sensible for most situations.
Stoiko Ivanov [Wed, 30 Jun 2021 15:42:57 +0000 (17:42 +0200)]
cluster: fix missing import
The missing use PMG::Ticket import is problematic during ACME cert
renewal from pmg-daily->PMG::API2::Certificates->renew_acme_cert,
since pmg-daily does not import it.
Reported-by: Martin Maurer <martin@proxmox.com> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Stoiko Ivanov [Mon, 17 May 2021 14:02:57 +0000 (16:02 +0200)]
fix #2013 spamreport: remove ticket if authmode is ldap
Currently the 'authmode' setting for the spamquarantine is not used
anywhere. According to documentation setting it to 'ldap' should allow
access to the quarantine only with ldap credentials.
This patch addresses the issue by not generating a quarantineticket,
and adapting all links accordingly if the authmode is 'ldap'.
tested by changing the authmode and running
`pmgqm send -receiver <email-address> -debug 1`
Stoiko Ivanov [Wed, 16 Jun 2021 18:36:40 +0000 (20:36 +0200)]
api: nodeconfig: validate acme config before writing
Currently it is possible to add the same domains as different
acmedomainX keys to the node config, which prevents the user from
ordering certificates later.
This patch adds a call to get_acme_conf, which does the semantic
validation (and is also used in all other sites, which read the
config).
Reported in our community forum:
https://forum.proxmox.com/threads/lets-encrypt-cert-on-gui-not-working.91014/
quickly tested in my setup, by successfully adding the same domain
twice without the patch, and failing to do so with it applied.
Thomas Lamprecht [Mon, 28 Jun 2021 12:15:28 +0000 (14:15 +0200)]
d/control: drop transitional apt-transport-https, provided by apt
It was actually integrated into apt quite a bit before version 2.0
but it does not really hurts and version 2 is available since Q1 2020
on sid, bullseye will have 2.2.x so using (>= 2~) is just fine.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Stoiko Ivanov [Fri, 11 Jun 2021 15:54:46 +0000 (17:54 +0200)]
greylisting: drop unneeded Host column form cgreylist table
With the changes added in f61d54891d4820b21ef9e53f7ce0ebb1d5be1f73
greylisting does the matches based on a configurable netmask, and
does not use the 'Host' column in the cgreylist table anymore.
Drop it now with PMG 7.0
Quickly tested the following scenarios (all successfully):
* Upgrading from a previous version
* Restoring a pmg-backup taken with PMG 5.2 (the greylist table is
excluded from the backup)
* Adding a node with the changes to an existing cluster without the
change
* Adding a node without the changes to a master-node having them
Stoiko Ivanov [Mon, 31 May 2021 13:53:05 +0000 (13:53 +0000)]
utils: do not hardcode postgres version
PMG::Utils::lookup_real_service_name is only called
for translating the service names provided as arguments
to PMG::API2::Nodes::syslog (for fetching the journal
for specific units). Instead of hardcoding the
version getting it with a call to `psql` seems justified.
Stoiko Ivanov [Tue, 8 Jun 2021 17:25:29 +0000 (17:25 +0000)]
api: statistics: drop deprecated detail statistic methods
in e89b61c5190e3e374c2c3bcb3dce444c64c718cf we introduced a method
taking the address as explicit parameter instead of path component
(local-parts can contain '/'). now we can drop the old paths.
Stoiko Ivanov [Tue, 8 Jun 2021 16:06:50 +0000 (16:06 +0000)]
api: nodes: drop deprecated 'upgrade' option of termproxy
The termproxy api was adapted to the changes from PVE and PBS
in d9e79ff4b7f0f9b2c49f06484091546353980c5e
We can now drop the 'upgrade' option kept for backwards compatibility
archive in case it goes 404:
https://web.archive.org/web/20210408140341/https://blog.clamav.net/2021/04/are-you-still-attempting-to-download.html
* remove from freshclam.conf.in template
* remove from description
* default to 0 just to be sure
* if 'safebrowsing' set in pmg.conf, this is now ignored
note about removing the option in PMG 7.0
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
changed the removal notice form PMG 7.0 to 8.0 Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).
In order for this to work you need to configure the wild-card
sub-entry (*.domain.example) as ACME domains and be able to verify
that via a DNS Plugin.
This is best described in the announcement by Let's Encrypt announcing
wildcard certificate support [1], or the dns challenge type
documentation[2].
Quickly tested with a domain of mine (and the powerdns plugin)
Thomas Lamprecht [Mon, 22 Mar 2021 07:49:55 +0000 (08:49 +0100)]
fix #3164: api: quarantine: allow to return spam from all users
The pmail was only checked for the spam quarantine call, and there
mainly to ensure that the quarantine user only can check their own
mails. Make the pmail parameter also optional for this quarantine
related endpoint as long as one has a role other than quser.
This allows to query all spam quarantine entries from all pmails at
once, providing the backend side to address #3164.
The main argument against this was performance, but postgres can
handle even hundreds of thousands of rows rather fine, it's a high
performant database after all and this is quite the simple query
(single join, but no functions on columns, nested queries or other
performance hogs).
Some data, 45k records on a read limited disk, gathered with EXPLAIN
ANALYZE commands:
All caches dropped and fresh start: 440ms
Running for a bit with caches warm: 55ms
A simple extrapolation would mean that for half a million rows we
would spent about 5s in the DB, which is not too bad considering our
hard limit of 30s per requests, and the overhead of perl/https seems
to put the limit on my not so beefy VM at at least ~1.5 million rows
from a *cold* cache, which seems plenty (default 7 days keep window
and an avg. of 10 spam mails per day means >21k qusers). And with
warm caches and a beefier machine one can probably gain one or even
two order of magnitudes here.
And at the end, no mail admin is forced to use this and if they run a
setup with tens of millions of spam in their spam-keep time window,
well, they really should not be surprised that querying all has a
certain cost.
Stoiko Ivanov [Thu, 18 Mar 2021 15:14:49 +0000 (16:14 +0100)]
certs: reload postfix to activate new certificate
the current logic for reloading postfix only does so if the tls config
parameter changes (after rewriting the config files).
this does not cover the case where a certificate is replaced in a
setup, which already has tls enabled (config stays the same, so
postfix does not get reloaded)
the issue is mostly cosmetic, since postfix does eventually fork off
new smtpd instances, which read the files from disk, but it's
inconvenient, when trying out the new acme integration, and then
running a ssl-check on your PMG from external just to see that the
certificate was not updated.
Stoiko Ivanov [Thu, 18 Mar 2021 15:14:48 +0000 (16:14 +0100)]
cluster: use old and new fingerprint on master
when triggering a fingerprint update on master right after reloading
pmgproxy as we do for ACME certificates it can happen that the
connection is made against the old pmgproxy process (with the old
fingerprint). Simply trusting both fingerprints in that case seems
acceptable from a security perspective and makes the fingerprint
update more robust