]> git.proxmox.com Git - pmg-api.git/blob - PMG/Config.pm
projects / pmg-api.git / blob
? search:


b09a856018dc172a6fd52d88f0ff8a25a4c056ce
[pmg-api.git] / PMG / Config.pm
1 package PMG::Config::Base;
2
3 use strict;
4 use warnings;
5 use URI;
6 use Data::Dumper;
7
8 use PVE::Tools;
9 use PVE::JSONSchema qw(get_standard_option);
10 use PVE::SectionConfig;
11
12 use base qw(PVE::SectionConfig);
13
14 my $defaultData = {
15 propertyList => {
16 type => { description => "Section type." },
17 section => {
18 description => "Section ID.",
19 type => 'string', format => 'pve-configid',
20 },
21 },
22 };
23
24 sub private {
25 return $defaultData;
26 }
27
28 sub format_section_header {
29 my ($class, $type, $sectionId) = @_;
30
31 die "internal error ($type ne $sectionId)" if $type ne $sectionId;
32
33 return "section: $type\n";
34 }
35
36
37 sub parse_section_header {
38 my ($class, $line) = @_;
39
40 if ($line =~ m/^section:\s*(\S+)\s*$/) {
41 my $section = $1;
42 my $errmsg = undef; # set if you want to skip whole section
43 eval { PVE::JSONSchema::pve_verify_configid($section); };
44 $errmsg = $@ if $@;
45 my $config = {}; # to return additional attributes
46 return ($section, $section, $errmsg, $config);
47 }
48 return undef;
49 }
50
51 package PMG::Config::Admin;
52
53 use strict;
54 use warnings;
55
56 use base qw(PMG::Config::Base);
57
58 sub type {
59 return 'admin';
60 }
61
62 sub properties {
63 return {
64 advfilter => {
65 description => "Use advanced filters for statistic.",
66 type => 'boolean',
67 default => 1,
68 },
69 dailyreport => {
70 description => "Send daily reports.",
71 type => 'boolean',
72 default => 1,
73 },
74 statlifetime => {
75 description => "User Statistics Lifetime (days)",
76 type => 'integer',
77 default => 7,
78 minimum => 1,
79 },
80 demo => {
81 description => "Demo mode - do not start SMTP filter.",
82 type => 'boolean',
83 default => 0,
84 },
85 email => {
86 description => "Administrator E-Mail address.",
87 type => 'string', format => 'email',
88 default => 'admin@domain.tld',
89 },
90 http_proxy => {
91 description => "Specify external http proxy which is used for downloads (example: 'http://username:password\@host:port/')",
92 type => 'string',
93 pattern => "http://.*",
94 },
95 avast => {
96 description => "Use Avast Virus Scanner (/bin/scan). You need to buy and install 'Avast Core Security' before you can enable this feature.",
97 type => 'boolean',
98 default => 0,
99 },
100 clamav => {
101 description => "Use ClamAV Virus Scanner. This is the default virus scanner and is enabled by default.",
102 type => 'boolean',
103 default => 1,
104 },
105 };
106 }
107
108 sub options {
109 return {
110 advfilter => { optional => 1 },
111 avast => { optional => 1 },
112 clamav => { optional => 1 },
113 statlifetime => { optional => 1 },
114 dailyreport => { optional => 1 },
115 demo => { optional => 1 },
116 email => { optional => 1 },
117 http_proxy => { optional => 1 },
118 };
119 }
120
121 package PMG::Config::Spam;
122
123 use strict;
124 use warnings;
125
126 use base qw(PMG::Config::Base);
127
128 sub type {
129 return 'spam';
130 }
131
132 sub properties {
133 return {
134 languages => {
135 description => "This option is used to specify which languages are considered OK for incoming mail.",
136 type => 'string',
137 pattern => '(all|([a-z][a-z])+( ([a-z][a-z])+)*)',
138 default => 'all',
139 },
140 use_bayes => {
141 description => "Whether to use the naive-Bayesian-style classifier.",
142 type => 'boolean',
143 default => 1,
144 },
145 use_awl => {
146 description => "Use the Auto-Whitelist plugin.",
147 type => 'boolean',
148 default => 1,
149 },
150 use_razor => {
151 description => "Whether to use Razor2, if it is available.",
152 type => 'boolean',
153 default => 1,
154 },
155 wl_bounce_relays => {
156 description => "Whitelist legitimate bounce relays.",
157 type => 'string',
158 },
159 clamav_heuristic_score => {
160 description => "Score for ClamAV heuristics (Google Safe Browsing database, PhishingScanURLs, ...).",
161 type => 'integer',
162 minimum => 0,
163 maximum => 1000,
164 default => 3,
165 },
166 bounce_score => {
167 description => "Additional score for bounce mails.",
168 type => 'integer',
169 minimum => 0,
170 maximum => 1000,
171 default => 0,
172 },
173 rbl_checks => {
174 description => "Enable real time blacklists (RBL) checks.",
175 type => 'boolean',
176 default => 1,
177 },
178 maxspamsize => {
179 description => "Maximum size of spam messages in bytes.",
180 type => 'integer',
181 minimum => 64,
182 default => 256*1024,
183 },
184 };
185 }
186
187 sub options {
188 return {
189 use_awl => { optional => 1 },
190 use_razor => { optional => 1 },
191 wl_bounce_relays => { optional => 1 },
192 languages => { optional => 1 },
193 use_bayes => { optional => 1 },
194 clamav_heuristic_score => { optional => 1 },
195 bounce_score => { optional => 1 },
196 rbl_checks => { optional => 1 },
197 maxspamsize => { optional => 1 },
198 };
199 }
200
201 package PMG::Config::SpamQuarantine;
202
203 use strict;
204 use warnings;
205
206 use base qw(PMG::Config::Base);
207
208 sub type {
209 return 'spamquar';
210 }
211
212 sub properties {
213 return {
214 lifetime => {
215 description => "Quarantine life time (days)",
216 type => 'integer',
217 minimum => 1,
218 default => 7,
219 },
220 authmode => {
221 description => "Authentication mode to access the quarantine interface. Mode 'ticket' allows login using tickets sent with the daily spam report. Mode 'ldap' requires to login using an LDAP account. Finally, mode 'ldapticket' allows both ways.",
222 type => 'string',
223 enum => [qw(ticket ldap ldapticket)],
224 default => 'ticket',
225 },
226 reportstyle => {
227 description => "Spam report style.",
228 type => 'string',
229 enum => [qw(none short verbose custom)],
230 default => 'verbose',
231 },
232 viewimages => {
233 description => "Allow to view images.",
234 type => 'boolean',
235 default => 1,
236 },
237 allowhrefs => {
238 description => "Allow to view hyperlinks.",
239 type => 'boolean',
240 default => 1,
241 },
242 hostname => {
243 description => "Quarantine Host. Useful if you run a Cluster and want users to connect to a specific host.",
244 type => 'string', format => 'address',
245 },
246 port => {
247 description => "Quarantine Port. Useful if you have a reverse proxy or port forwarding for the webinterface. Only used for the generated Spam report.",
248 type => 'integer',
249 minimum => 1,
250 maximum => 65535,
251 default => 8006,
252 },
253 protocol => {
254 description => "Quarantine Webinterface Protocol. Useful if you have a reverse proxy for the webinterface. Only used for the generated Spam report.",
255 type => 'string',
256 enum => [qw(http https)],
257 default => 'https',
258 },
259 mailfrom => {
260 description => "Text for 'From' header in daily spam report mails.",
261 type => 'string',
262 },
263 };
264 }
265
266 sub options {
267 return {
268 mailfrom => { optional => 1 },
269 hostname => { optional => 1 },
270 lifetime => { optional => 1 },
271 authmode => { optional => 1 },
272 reportstyle => { optional => 1 },
273 viewimages => { optional => 1 },
274 allowhrefs => { optional => 1 },
275 port => { optional => 1 },
276 protocol => { optional => 1 },
277 };
278 }
279
280 package PMG::Config::VirusQuarantine;
281
282 use strict;
283 use warnings;
284
285 use base qw(PMG::Config::Base);
286
287 sub type {
288 return 'virusquar';
289 }
290
291 sub properties {
292 return {};
293 }
294
295 sub options {
296 return {
297 lifetime => { optional => 1 },
298 viewimages => { optional => 1 },
299 allowhrefs => { optional => 1 },
300 };
301 }
302
303 package PMG::Config::ClamAV;
304
305 use strict;
306 use warnings;
307
308 use base qw(PMG::Config::Base);
309
310 sub type {
311 return 'clamav';
312 }
313
314 sub properties {
315 return {
316 dbmirror => {
317 description => "ClamAV database mirror server.",
318 type => 'string',
319 default => 'database.clamav.net',
320 },
321 archiveblockencrypted => {
322 description => "Whether to block encrypted archives. Mark encrypted archives as viruses.",
323 type => 'boolean',
324 default => 0,
325 },
326 archivemaxrec => {
327 description => "Nested archives are scanned recursively, e.g. if a ZIP archive contains a TAR file, all files within it will also be scanned. This options specifies how deeply the process should be continued. Warning: setting this limit too high may result in severe damage to the system.",
328 type => 'integer',
329 minimum => 1,
330 default => 5,
331 },
332 archivemaxfiles => {
333 description => "Number of files to be scanned within an archive, a document, or any other kind of container. Warning: disabling this limit or setting it too high may result in severe damage to the system.",
334 type => 'integer',
335 minimum => 0,
336 default => 1000,
337 },
338 archivemaxsize => {
339 description => "Files larger than this limit won't be scanned.",
340 type => 'integer',
341 minimum => 1000000,
342 default => 25000000,
343 },
344 maxscansize => {
345 description => "Sets the maximum amount of data to be scanned for each input file.",
346 type => 'integer',
347 minimum => 1000000,
348 default => 100000000,
349 },
350 maxcccount => {
351 description => "This option sets the lowest number of Credit Card or Social Security numbers found in a file to generate a detect.",
352 type => 'integer',
353 minimum => 0,
354 default => 0,
355 },
356 safebrowsing => {
357 description => "Enables support for Google Safe Browsing.",
358 type => 'boolean',
359 default => 1
360 },
361 };
362 }
363
364 sub options {
365 return {
366 archiveblockencrypted => { optional => 1 },
367 archivemaxrec => { optional => 1 },
368 archivemaxfiles => { optional => 1 },
369 archivemaxsize => { optional => 1 },
370 maxscansize => { optional => 1 },
371 dbmirror => { optional => 1 },
372 maxcccount => { optional => 1 },
373 safebrowsing => { optional => 1 },
374 };
375 }
376
377 package PMG::Config::Mail;
378
379 use strict;
380 use warnings;
381
382 use PVE::ProcFSTools;
383
384 use base qw(PMG::Config::Base);
385
386 sub type {
387 return 'mail';
388 }
389
390 my $physicalmem = 0;
391 sub physical_memory {
392
393 return $physicalmem if $physicalmem;
394
395 my $info = PVE::ProcFSTools::read_meminfo();
396 my $total = int($info->{memtotal} / (1024*1024));
397
398 return $total;
399 }
400
401 sub get_max_filters {
402 # estimate optimal number of filter servers
403
404 my $max_servers = 5;
405 my $servermem = 120;
406 my $memory = physical_memory();
407 my $add_servers = int(($memory - 512)/$servermem);
408 $max_servers += $add_servers if $add_servers > 0;
409 $max_servers = 40 if $max_servers > 40;
410
411 return $max_servers - 2;
412 }
413
414 sub get_max_smtpd {
415 # estimate optimal number of smtpd daemons
416
417 my $max_servers = 25;
418 my $servermem = 20;
419 my $memory = physical_memory();
420 my $add_servers = int(($memory - 512)/$servermem);
421 $max_servers += $add_servers if $add_servers > 0;
422 $max_servers = 100 if $max_servers > 100;
423 return $max_servers;
424 }
425
426 sub get_max_policy {
427 # estimate optimal number of proxpolicy servers
428 my $max_servers = 2;
429 my $memory = physical_memory();
430 $max_servers = 5 if $memory >= 500;
431 return $max_servers;
432 }
433
434 sub properties {
435 return {
436 int_port => {
437 description => "SMTP port number for outgoing mail (trusted).",
438 type => 'integer',
439 minimum => 1,
440 maximum => 65535,
441 default => 26,
442 },
443 ext_port => {
444 description => "SMTP port number for incoming mail (untrusted). This must be a different number than 'int_port'.",
445 type => 'integer',
446 minimum => 1,
447 maximum => 65535,
448 default => 25,
449 },
450 relay => {
451 description => "The default mail delivery transport (incoming mails).",
452 type => 'string', format => 'address',
453 },
454 relayport => {
455 description => "SMTP port number for relay host.",
456 type => 'integer',
457 minimum => 1,
458 maximum => 65535,
459 default => 25,
460 },
461 relaynomx => {
462 description => "Disable MX lookups for default relay.",
463 type => 'boolean',
464 default => 0,
465 },
466 smarthost => {
467 description => "When set, all outgoing mails are deliverd to the specified smarthost.",
468 type => 'string', format => 'address',
469 },
470 smarthostport => {
471 description => "SMTP port number for smarthost.",
472 type => 'integer',
473 minimum => 1,
474 maximum => 65535,
475 default => 25,
476 },
477 banner => {
478 description => "ESMTP banner.",
479 type => 'string',
480 maxLength => 1024,
481 default => 'ESMTP Proxmox',
482 },
483 max_filters => {
484 description => "Maximum number of pmg-smtp-filter processes.",
485 type => 'integer',
486 minimum => 3,
487 maximum => 40,
488 default => get_max_filters(),
489 },
490 max_policy => {
491 description => "Maximum number of pmgpolicy processes.",
492 type => 'integer',
493 minimum => 2,
494 maximum => 10,
495 default => get_max_policy(),
496 },
497 max_smtpd_in => {
498 description => "Maximum number of SMTP daemon processes (in).",
499 type => 'integer',
500 minimum => 3,
501 maximum => 100,
502 default => get_max_smtpd(),
503 },
504 max_smtpd_out => {
505 description => "Maximum number of SMTP daemon processes (out).",
506 type => 'integer',
507 minimum => 3,
508 maximum => 100,
509 default => get_max_smtpd(),
510 },
511 conn_count_limit => {
512 description => "How many simultaneous connections any client is allowed to make to this service. To disable this feature, specify a limit of 0.",
513 type => 'integer',
514 minimum => 0,
515 default => 50,
516 },
517 conn_rate_limit => {
518 description => "The maximal number of connection attempts any client is allowed to make to this service per minute. To disable this feature, specify a limit of 0.",
519 type => 'integer',
520 minimum => 0,
521 default => 0,
522 },
523 message_rate_limit => {
524 description => "The maximal number of message delivery requests that any client is allowed to make to this service per minute.To disable this feature, specify a limit of 0.",
525 type => 'integer',
526 minimum => 0,
527 default => 0,
528 },
529 hide_received => {
530 description => "Hide received header in outgoing mails.",
531 type => 'boolean',
532 default => 0,
533 },
534 maxsize => {
535 description => "Maximum email size. Larger mails are rejected.",
536 type => 'integer',
537 minimum => 1024,
538 default => 1024*1024*10,
539 },
540 dwarning => {
541 description => "SMTP delay warning time (in hours).",
542 type => 'integer',
543 minimum => 0,
544 default => 4,
545 },
546 tls => {
547 description => "Enable TLS.",
548 type => 'boolean',
549 default => 0,
550 },
551 tlslog => {
552 description => "Enable TLS Logging.",
553 type => 'boolean',
554 default => 0,
555 },
556 tlsheader => {
557 description => "Add TLS received header.",
558 type => 'boolean',
559 default => 0,
560 },
561 spf => {
562 description => "Use Sender Policy Framework.",
563 type => 'boolean',
564 default => 1,
565 },
566 greylist => {
567 description => "Use Greylisting.",
568 type => 'boolean',
569 default => 1,
570 },
571 helotests => {
572 description => "Use SMTP HELO tests.",
573 type => 'boolean',
574 default => 0,
575 },
576 rejectunknown => {
577 description => "Reject unknown clients.",
578 type => 'boolean',
579 default => 0,
580 },
581 rejectunknownsender => {
582 description => "Reject unknown senders.",
583 type => 'boolean',
584 default => 0,
585 },
586 verifyreceivers => {
587 description => "Enable receiver verification. The value spefifies the numerical reply code when the Postfix SMTP server rejects a recipient address.",
588 type => 'string',
589 enum => ['450', '550'],
590 },
591 dnsbl_sites => {
592 description => "Optional list of DNS white/blacklist domains (see postscreen_dnsbl_sites parameter).",
593 type => 'string', format => 'dnsbl-entry-list',
594 },
595 dnsbl_threshold => {
596 description => "The inclusive lower bound for blocking a remote SMTP client, based on its combined DNSBL score (see postscreen_dnsbl_threshold parameter).",
597 type => 'integer',
598 minimum => 0,
599 default => 1
600 },
601 };
602 }
603
604 sub options {
605 return {
606 int_port => { optional => 1 },
607 ext_port => { optional => 1 },
608 smarthost => { optional => 1 },
609 smarthostport => { optional => 1 },
610 relay => { optional => 1 },
611 relayport => { optional => 1 },
612 relaynomx => { optional => 1 },
613 dwarning => { optional => 1 },
614 max_smtpd_in => { optional => 1 },
615 max_smtpd_out => { optional => 1 },
616 greylist => { optional => 1 },
617 helotests => { optional => 1 },
618 tls => { optional => 1 },
619 tlslog => { optional => 1 },
620 tlsheader => { optional => 1 },
621 spf => { optional => 1 },
622 maxsize => { optional => 1 },
623 banner => { optional => 1 },
624 max_filters => { optional => 1 },
625 max_policy => { optional => 1 },
626 hide_received => { optional => 1 },
627 rejectunknown => { optional => 1 },
628 rejectunknownsender => { optional => 1 },
629 conn_count_limit => { optional => 1 },
630 conn_rate_limit => { optional => 1 },
631 message_rate_limit => { optional => 1 },
632 verifyreceivers => { optional => 1 },
633 dnsbl_sites => { optional => 1 },
634 dnsbl_threshold => { optional => 1 },
635 };
636 }
637
638 package PMG::Config;
639
640 use strict;
641 use warnings;
642 use IO::File;
643 use Data::Dumper;
644 use Template;
645
646 use PVE::SafeSyslog;
647 use PVE::Tools qw($IPV4RE $IPV6RE);
648 use PVE::INotify;
649 use PVE::JSONSchema;
650
651 use PMG::Cluster;
652
653 PMG::Config::Admin->register();
654 PMG::Config::Mail->register();
655 PMG::Config::SpamQuarantine->register();
656 PMG::Config::VirusQuarantine->register();
657 PMG::Config::Spam->register();
658 PMG::Config::ClamAV->register();
659
660 # initialize all plugins
661 PMG::Config::Base->init();
662
663 PVE::JSONSchema::register_format(
664 'transport-domain', \&pmg_verify_transport_domain);
665
666 sub pmg_verify_transport_domain {
667 my ($name, $noerr) = @_;
668
669 # like dns-name, but can contain leading dot
670 my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
671
672 if ($name !~ /^\.?(${namere}\.)*${namere}$/) {
673 return undef if $noerr;
674 die "value does not look like a valid transport domain\n";
675 }
676 return $name;
677 }
678
679 PVE::JSONSchema::register_format(
680 'transport-domain-or-email', \&pmg_verify_transport_domain_or_email);
681
682 sub pmg_verify_transport_domain_or_email {
683 my ($name, $noerr) = @_;
684
685 my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
686
687 # email address
688 if ($name =~ m/^(?:[^\s\/\@]+\@)(${namere}\.)*${namere}$/) {
689 return $name;
690 }
691
692 # like dns-name, but can contain leading dot
693 if ($name !~ /^\.?(${namere}\.)*${namere}$/) {
694 return undef if $noerr;
695 die "value does not look like a valid transport domain or email address\n";
696 }
697 return $name;
698 }
699
700 PVE::JSONSchema::register_format(
701 'dnsbl-entry', \&pmg_verify_dnsbl_entry);
702
703 sub pmg_verify_dnsbl_entry {
704 my ($name, $noerr) = @_;
705
706 # like dns-name, but can contain trailing weight: 'domain*<WEIGHT>'
707 my $namere = "([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)";
708
709 if ($name !~ /^(${namere}\.)*${namere}(\*\-?\d+)?$/) {
710 return undef if $noerr;
711 die "value '$name' does not look like a valid dnsbl entry\n";
712 }
713 return $name;
714 }
715
716 sub new {
717 my ($type) = @_;
718
719 my $class = ref($type) || $type;
720
721 my $cfg = PVE::INotify::read_file("pmg.conf");
722
723 return bless $cfg, $class;
724 }
725
726 sub write {
727 my ($self) = @_;
728
729 PVE::INotify::write_file("pmg.conf", $self);
730 }
731
732 my $lockfile = "/var/lock/pmgconfig.lck";
733
734 sub lock_config {
735 my ($code, $errmsg) = @_;
736
737 my $p = PVE::Tools::lock_file($lockfile, undef, $code);
738 if (my $err = $@) {
739 $errmsg ? die "$errmsg: $err" : die $err;
740 }
741 }
742
743 # set section values
744 sub set {
745 my ($self, $section, $key, $value) = @_;
746
747 my $pdata = PMG::Config::Base->private();
748
749 my $plugin = $pdata->{plugins}->{$section};
750 die "no such section '$section'" if !$plugin;
751
752 if (defined($value)) {
753 my $tmp = PMG::Config::Base->check_value($section, $key, $value, $section, 0);
754 $self->{ids}->{$section} = { type => $section } if !defined($self->{ids}->{$section});
755 $self->{ids}->{$section}->{$key} = PMG::Config::Base->decode_value($section, $key, $tmp);
756 } else {
757 if (defined($self->{ids}->{$section})) {
758 delete $self->{ids}->{$section}->{$key};
759 }
760 }
761
762 return undef;
763 }
764
765 # get section value or default
766 sub get {
767 my ($self, $section, $key, $nodefault) = @_;
768
769 my $pdata = PMG::Config::Base->private();
770 my $pdesc = $pdata->{propertyList}->{$key};
771 die "no such property '$section/$key'\n"
772 if !(defined($pdesc) && defined($pdata->{options}->{$section}) &&
773 defined($pdata->{options}->{$section}->{$key}));
774
775 if (defined($self->{ids}->{$section}) &&
776 defined(my $value = $self->{ids}->{$section}->{$key})) {
777 return $value;
778 }
779
780 return undef if $nodefault;
781
782 return $pdesc->{default};
783 }
784
785 # get a whole section with default value
786 sub get_section {
787 my ($self, $section) = @_;
788
789 my $pdata = PMG::Config::Base->private();
790 return undef if !defined($pdata->{options}->{$section});
791
792 my $res = {};
793
794 foreach my $key (keys %{$pdata->{options}->{$section}}) {
795
796 my $pdesc = $pdata->{propertyList}->{$key};
797
798 if (defined($self->{ids}->{$section}) &&
799 defined(my $value = $self->{ids}->{$section}->{$key})) {
800 $res->{$key} = $value;
801 next;
802 }
803 $res->{$key} = $pdesc->{default};
804 }
805
806 return $res;
807 }
808
809 # get a whole config with default values
810 sub get_config {
811 my ($self) = @_;
812
813 my $pdata = PMG::Config::Base->private();
814
815 my $res = {};
816
817 foreach my $type (keys %{$pdata->{plugins}}) {
818 my $plugin = $pdata->{plugins}->{$type};
819 $res->{$type} = $self->get_section($type);
820 }
821
822 return $res;
823 }
824
825 sub read_pmg_conf {
826 my ($filename, $fh) = @_;
827
828 local $/ = undef; # slurp mode
829
830 my $raw = <$fh> if defined($fh);
831
832 return PMG::Config::Base->parse_config($filename, $raw);
833 }
834
835 sub write_pmg_conf {
836 my ($filename, $fh, $cfg) = @_;
837
838 my $raw = PMG::Config::Base->write_config($filename, $cfg);
839
840 PVE::Tools::safe_print($filename, $fh, $raw);
841 }
842
843 PVE::INotify::register_file('pmg.conf', "/etc/pmg/pmg.conf",
844 \&read_pmg_conf,
845 \&write_pmg_conf,
846 undef, always_call_parser => 1);
847
848 # parsers/writers for other files
849
850 my $domainsfilename = "/etc/pmg/domains";
851
852 sub postmap_pmg_domains {
853 PMG::Utils::run_postmap($domainsfilename);
854 }
855
856 sub read_pmg_domains {
857 my ($filename, $fh) = @_;
858
859 my $domains = {};
860
861 my $comment = '';
862 if (defined($fh)) {
863 while (defined(my $line = <$fh>)) {
864 chomp $line;
865 next if $line =~ m/^\s*$/;
866 if ($line =~ m/^#(.*)\s*$/) {
867 $comment = $1;
868 next;
869 }
870 if ($line =~ m/^(\S+)\s.*$/) {
871 my $domain = $1;
872 $domains->{$domain} = {
873 domain => $domain, comment => $comment };
874 $comment = '';
875 } else {
876 warn "parse error in '$filename': $line\n";
877 $comment = '';
878 }
879 }
880 }
881
882 return $domains;
883 }
884
885 sub write_pmg_domains {
886 my ($filename, $fh, $domains) = @_;
887
888 foreach my $domain (sort keys %$domains) {
889 my $comment = $domains->{$domain}->{comment};
890 PVE::Tools::safe_print($filename, $fh, "#$comment\n")
891 if defined($comment) && $comment !~ m/^\s*$/;
892
893 PVE::Tools::safe_print($filename, $fh, "$domain 1\n");
894 }
895 }
896
897 PVE::INotify::register_file('domains', $domainsfilename,
898 \&read_pmg_domains,
899 \&write_pmg_domains,
900 undef, always_call_parser => 1);
901
902 my $mynetworks_filename = "/etc/pmg/mynetworks";
903
904 sub read_pmg_mynetworks {
905 my ($filename, $fh) = @_;
906
907 my $mynetworks = {};
908
909 my $comment = '';
910 if (defined($fh)) {
911 while (defined(my $line = <$fh>)) {
912 chomp $line;
913 next if $line =~ m/^\s*$/;
914 if ($line =~ m!^((?:$IPV4RE|$IPV6RE))/(\d+)\s*(?:#(.*)\s*)?$!) {
915 my ($network, $prefix_size, $comment) = ($1, $2, $3);
916 my $cidr = "$network/${prefix_size}";
917 $mynetworks->{$cidr} = {
918 cidr => $cidr,
919 network_address => $network,
920 prefix_size => $prefix_size,
921 comment => $comment // '',
922 };
923 } else {
924 warn "parse error in '$filename': $line\n";
925 }
926 }
927 }
928
929 return $mynetworks;
930 }
931
932 sub write_pmg_mynetworks {
933 my ($filename, $fh, $mynetworks) = @_;
934
935 foreach my $cidr (sort keys %$mynetworks) {
936 my $data = $mynetworks->{$cidr};
937 my $comment = $data->{comment} // '*';
938 PVE::Tools::safe_print($filename, $fh, "$cidr #$comment\n");
939 }
940 }
941
942 PVE::INotify::register_file('mynetworks', $mynetworks_filename,
943 \&read_pmg_mynetworks,
944 \&write_pmg_mynetworks,
945 undef, always_call_parser => 1);
946
947 PVE::JSONSchema::register_format(
948 'tls-policy', \&pmg_verify_tls_policy);
949
950 # TODO: extend to parse attributes of the policy
951 my $VALID_TLS_POLICY_RE = qr/none|may|encrypt|dane|dane-only|fingerprint|verify|secure/;
952 sub pmg_verify_tls_policy {
953 my ($policy, $noerr) = @_;
954
955 if ($policy !~ /^$VALID_TLS_POLICY_RE\b/) {
956 return undef if $noerr;
957 die "value '$policy' does not look like a valid tls policy\n";
958 }
959 return $policy;
960 }
961
962 PVE::JSONSchema::register_format(
963 'tls-policy-strict', \&pmg_verify_tls_policy_strict);
964
965 sub pmg_verify_tls_policy_strict {
966 my ($policy, $noerr) = @_;
967
968 if ($policy !~ /^$VALID_TLS_POLICY_RE$/) {
969 return undef if $noerr;
970 die "value '$policy' does not look like a valid tls policy\n";
971 }
972 return $policy;
973 }
974
975 sub read_tls_policy {
976 my ($filename, $fh) = @_;
977
978 return {} if !defined($fh);
979
980 my $tls_policy = {};
981
982 while (defined(my $line = <$fh>)) {
983 chomp $line;
984 next if $line =~ m/^\s*$/;
985 next if $line =~ m/^#(.*)\s*$/;
986
987 my $parse_error = sub {
988 my ($err) = @_;
989 die "parse error in '$filename': $line - $err";
990 };
991
992 if ($line =~ m/^(\S+)\s+(.+)\s*$/) {
993 my ($domain, $policy) = ($1, $2);
994
995 eval {
996 pmg_verify_transport_domain($domain);
997 pmg_verify_tls_policy($policy);
998 };
999 if (my $err = $@) {
1000 $parse_error->($err);
1001 next;
1002 }
1003
1004 $tls_policy->{$domain} = {
1005 domain => $domain,
1006 policy => $policy,
1007 };
1008 } else {
1009 $parse_error->('wrong format');
1010 }
1011 }
1012
1013 return $tls_policy;
1014 }
1015
1016 sub write_tls_policy {
1017 my ($filename, $fh, $tls_policy) = @_;
1018
1019 return if !$tls_policy;
1020
1021 foreach my $domain (sort keys %$tls_policy) {
1022 my $entry = $tls_policy->{$domain};
1023 PVE::Tools::safe_print(
1024 $filename, $fh, "$entry->{domain} $entry->{policy}\n");
1025 }
1026 }
1027
1028 my $tls_policy_map_filename = "/etc/pmg/tls_policy";
1029 PVE::INotify::register_file('tls_policy', $tls_policy_map_filename,
1030 \&read_tls_policy,
1031 \&write_tls_policy,
1032 undef, always_call_parser => 1);
1033
1034 sub postmap_tls_policy {
1035 PMG::Utils::run_postmap($tls_policy_map_filename);
1036 }
1037
1038 my $transport_map_filename = "/etc/pmg/transport";
1039
1040 sub postmap_pmg_transport {
1041 PMG::Utils::run_postmap($transport_map_filename);
1042 }
1043
1044 sub read_transport_map {
1045 my ($filename, $fh) = @_;
1046
1047 return [] if !defined($fh);
1048
1049 my $res = {};
1050
1051 my $comment = '';
1052
1053 while (defined(my $line = <$fh>)) {
1054 chomp $line;
1055 next if $line =~ m/^\s*$/;
1056 if ($line =~ m/^#(.*)\s*$/) {
1057 $comment = $1;
1058 next;
1059 }
1060
1061 my $parse_error = sub {
1062 my ($err) = @_;
1063 warn "parse error in '$filename': $line - $err";
1064 $comment = '';
1065 };
1066
1067 if ($line =~ m/^(\S+)\s+smtp:(\S+):(\d+)\s*$/) {
1068 my ($domain, $host, $port) = ($1, $2, $3);
1069
1070 eval { pmg_verify_transport_domain_or_email($domain); };
1071 if (my $err = $@) {
1072 $parse_error->($err);
1073 next;
1074 }
1075 my $use_mx = 1;
1076 if ($host =~ m/^\[(.*)\]$/) {
1077 $host = $1;
1078 $use_mx = 0;
1079 }
1080
1081 eval { PVE::JSONSchema::pve_verify_address($host); };
1082 if (my $err = $@) {
1083 $parse_error->($err);
1084 next;
1085 }
1086
1087 my $data = {
1088 domain => $domain,
1089 host => $host,
1090 port => $port,
1091 use_mx => $use_mx,
1092 comment => $comment,
1093 };
1094 $res->{$domain} = $data;
1095 $comment = '';
1096 } else {
1097 $parse_error->('wrong format');
1098 }
1099 }
1100
1101 return $res;
1102 }
1103
1104 sub write_transport_map {
1105 my ($filename, $fh, $tmap) = @_;
1106
1107 return if !$tmap;
1108
1109 foreach my $domain (sort keys %$tmap) {
1110 my $data = $tmap->{$domain};
1111
1112 my $comment = $data->{comment};
1113 PVE::Tools::safe_print($filename, $fh, "#$comment\n")
1114 if defined($comment) && $comment !~ m/^\s*$/;
1115
1116 my $use_mx = $data->{use_mx};
1117 $use_mx = 0 if $data->{host} =~ m/^(?:$IPV4RE|$IPV6RE)$/;
1118
1119 if ($use_mx) {
1120 PVE::Tools::safe_print(
1121 $filename, $fh, "$data->{domain} smtp:$data->{host}:$data->{port}\n");
1122 } else {
1123 PVE::Tools::safe_print(
1124 $filename, $fh, "$data->{domain} smtp:[$data->{host}]:$data->{port}\n");
1125 }
1126 }
1127 }
1128
1129 PVE::INotify::register_file('transport', $transport_map_filename,
1130 \&read_transport_map,
1131 \&write_transport_map,
1132 undef, always_call_parser => 1);
1133
1134 # config file generation using templates
1135
1136 sub get_template_vars {
1137 my ($self) = @_;
1138
1139 my $vars = { pmg => $self->get_config() };
1140
1141 my $nodename = PVE::INotify::nodename();
1142 my $int_ip = PMG::Cluster::remote_node_ip($nodename);
1143 $vars->{ipconfig}->{int_ip} = $int_ip;
1144
1145 my $transportnets = [];
1146
1147 if (my $tmap = PVE::INotify::read_file('transport')) {
1148 foreach my $domain (sort keys %$tmap) {
1149 my $data = $tmap->{$domain};
1150 my $host = $data->{host};
1151 if ($host =~ m/^$IPV4RE$/) {
1152 push @$transportnets, "$host/32";
1153 } elsif ($host =~ m/^$IPV6RE$/) {
1154 push @$transportnets, "[$host]/128";
1155 }
1156 }
1157 }
1158
1159 $vars->{postfix}->{transportnets} = join(' ', @$transportnets);
1160
1161 my $mynetworks = [ '127.0.0.0/8', '[::1]/128' ];
1162
1163 if (my $int_net_cidr = PMG::Utils::find_local_network_for_ip($int_ip, 1)) {
1164 if ($int_net_cidr =~ m/^($IPV6RE)\/(\d+)$/) {
1165 push @$mynetworks, "[$1]/$2";
1166 } else {
1167 push @$mynetworks, $int_net_cidr;
1168 }
1169 } else {
1170 if ($int_ip =~ m/^$IPV6RE$/) {
1171 push @$mynetworks, "[$int_ip]/128";
1172 } else {
1173 push @$mynetworks, "$int_ip/32";
1174 }
1175 }
1176
1177 my $netlist = PVE::INotify::read_file('mynetworks');
1178 foreach my $cidr (keys %$netlist) {
1179 if ($cidr =~ m/^($IPV6RE)\/(\d+)$/) {
1180 push @$mynetworks, "[$1]/$2";
1181 } else {
1182 push @$mynetworks, $cidr;
1183 }
1184 }
1185
1186 push @$mynetworks, @$transportnets;
1187
1188 # add default relay to mynetworks
1189 if (my $relay = $self->get('mail', 'relay')) {
1190 if ($relay =~ m/^$IPV4RE$/) {
1191 push @$mynetworks, "$relay/32";
1192 } elsif ($relay =~ m/^$IPV6RE$/) {
1193 push @$mynetworks, "[$relay]/128";
1194 } else {
1195 # DNS name - do nothing ?
1196 }
1197 }
1198
1199 $vars->{postfix}->{mynetworks} = join(' ', @$mynetworks);
1200
1201 # normalize dnsbl_sites
1202 my @dnsbl_sites = PVE::Tools::split_list($vars->{pmg}->{mail}->{dnsbl_sites});
1203 if (scalar(@dnsbl_sites)) {
1204 $vars->{postfix}->{dnsbl_sites} = join(',', @dnsbl_sites);
1205 }
1206
1207 $vars->{postfix}->{dnsbl_threshold} = $self->get('mail', 'dnsbl_threshold');
1208
1209 my $usepolicy = 0;
1210 $usepolicy = 1 if $self->get('mail', 'greylist') ||
1211 $self->get('mail', 'spf');
1212 $vars->{postfix}->{usepolicy} = $usepolicy;
1213
1214 if ($int_ip =~ m/^$IPV6RE$/) {
1215 $vars->{postfix}->{int_ip} = "[$int_ip]";
1216 } else {
1217 $vars->{postfix}->{int_ip} = $int_ip;
1218 }
1219
1220 my $resolv = PVE::INotify::read_file('resolvconf');
1221 $vars->{dns}->{hostname} = $nodename;
1222
1223 my $domain = $resolv->{search} // 'localdomain';
1224 $vars->{dns}->{domain} = $domain;
1225
1226 my $wlbr = "$nodename.$domain";
1227 foreach my $r (PVE::Tools::split_list($vars->{pmg}->{spam}->{wl_bounce_relays})) {
1228 $wlbr .= " $r"
1229 }
1230 $vars->{composed}->{wl_bounce_relays} = $wlbr;
1231
1232 if (my $proxy = $vars->{pmg}->{admin}->{http_proxy}) {
1233 eval {
1234 my $uri = URI->new($proxy);
1235 my $host = $uri->host;
1236 my $port = $uri->port // 8080;
1237 if ($host) {
1238 my $data = { host => $host, port => $port };
1239 if (my $ui = $uri->userinfo) {
1240 my ($username, $pw) = split(/:/, $ui, 2);
1241 $data->{username} = $username;
1242 $data->{password} = $pw if defined($pw);
1243 }
1244 $vars->{proxy} = $data;
1245 }
1246 };
1247 warn "parse http_proxy failed - $@" if $@;
1248 }
1249
1250 return $vars;
1251 }
1252
1253 # use one global TT cache
1254 our $tt_include_path = ['/etc/pmg/templates' ,'/var/lib/pmg/templates' ];
1255
1256 my $template_toolkit;
1257
1258 sub get_template_toolkit {
1259
1260 return $template_toolkit if $template_toolkit;
1261
1262 $template_toolkit = Template->new({ INCLUDE_PATH => $tt_include_path });
1263
1264 return $template_toolkit;
1265 }
1266
1267 # rewrite file from template
1268 # return true if file has changed
1269 sub rewrite_config_file {
1270 my ($self, $tmplname, $dstfn) = @_;
1271
1272 my $demo = $self->get('admin', 'demo');
1273
1274 if ($demo) {
1275 my $demosrc = "$tmplname.demo";
1276 $tmplname = $demosrc if -f "/var/lib/pmg/templates/$demosrc";
1277 }
1278
1279 my ($perm, $uid, $gid);
1280
1281 if ($dstfn eq '/etc/clamav/freshclam.conf') {
1282 # needed if file contains a HTTPProxyPasswort
1283
1284 $uid = getpwnam('clamav');
1285 $gid = getgrnam('adm');
1286 $perm = 0600;
1287 }
1288
1289 my $tt = get_template_toolkit();
1290
1291 my $vars = $self->get_template_vars();
1292
1293 my $output = '';
1294
1295 $tt->process($tmplname, $vars, \$output) ||
1296 die $tt->error() . "\n";
1297
1298 my $old = PVE::Tools::file_get_contents($dstfn, 128*1024) if -f $dstfn;
1299
1300 return 0 if defined($old) && ($old eq $output); # no change
1301
1302 PVE::Tools::file_set_contents($dstfn, $output, $perm);
1303
1304 if (defined($uid) && defined($gid)) {
1305 chown($uid, $gid, $dstfn);
1306 }
1307
1308 return 1;
1309 }
1310
1311 # rewrite spam configuration
1312 sub rewrite_config_spam {
1313 my ($self) = @_;
1314
1315 my $use_awl = $self->get('spam', 'use_awl');
1316 my $use_bayes = $self->get('spam', 'use_bayes');
1317 my $use_razor = $self->get('spam', 'use_razor');
1318
1319 my $changes = 0;
1320
1321 # delete AW and bayes databases if those features are disabled
1322 if (!$use_awl) {
1323 $changes = 1 if unlink '/root/.spamassassin/auto-whitelist';
1324 }
1325
1326 if (!$use_bayes) {
1327 $changes = 1 if unlink '/root/.spamassassin/bayes_journal';
1328 $changes = 1 if unlink '/root/.spamassassin/bayes_seen';
1329 $changes = 1 if unlink '/root/.spamassassin/bayes_toks';
1330 }
1331
1332 # make sure we have a custom.cf file (else cluster sync fails)
1333 IO::File->new('/etc/mail/spamassassin/custom.cf', 'a', 0644);
1334
1335 $changes = 1 if $self->rewrite_config_file(
1336 'local.cf.in', '/etc/mail/spamassassin/local.cf');
1337
1338 $changes = 1 if $self->rewrite_config_file(
1339 'init.pre.in', '/etc/mail/spamassassin/init.pre');
1340
1341 $changes = 1 if $self->rewrite_config_file(
1342 'v310.pre.in', '/etc/mail/spamassassin/v310.pre');
1343
1344 $changes = 1 if $self->rewrite_config_file(
1345 'v320.pre.in', '/etc/mail/spamassassin/v320.pre');
1346
1347 if ($use_razor) {
1348 mkdir "/root/.razor";
1349
1350 $changes = 1 if $self->rewrite_config_file(
1351 'razor-agent.conf.in', '/root/.razor/razor-agent.conf');
1352
1353 if (! -e '/root/.razor/identity') {
1354 eval {
1355 my $timeout = 30;
1356 PVE::Tools::run_command(['razor-admin', '-discover'], timeout => $timeout);
1357 PVE::Tools::run_command(['razor-admin', '-register'], timeout => $timeout);
1358 };
1359 my $err = $@;
1360 syslog('info', "registering razor failed: $err") if $err;
1361 }
1362 }
1363
1364 return $changes;
1365 }
1366
1367 # rewrite ClamAV configuration
1368 sub rewrite_config_clam {
1369 my ($self) = @_;
1370
1371 return $self->rewrite_config_file(
1372 'clamd.conf.in', '/etc/clamav/clamd.conf');
1373 }
1374
1375 sub rewrite_config_freshclam {
1376 my ($self) = @_;
1377
1378 return $self->rewrite_config_file(
1379 'freshclam.conf.in', '/etc/clamav/freshclam.conf');
1380 }
1381
1382 sub rewrite_config_postgres {
1383 my ($self) = @_;
1384
1385 my $pgconfdir = "/etc/postgresql/9.6/main";
1386
1387 my $changes = 0;
1388
1389 $changes = 1 if $self->rewrite_config_file(
1390 'pg_hba.conf.in', "$pgconfdir/pg_hba.conf");
1391
1392 $changes = 1 if $self->rewrite_config_file(
1393 'postgresql.conf.in', "$pgconfdir/postgresql.conf");
1394
1395 return $changes;
1396 }
1397
1398 # rewrite /root/.forward
1399 sub rewrite_dot_forward {
1400 my ($self) = @_;
1401
1402 my $dstfn = '/root/.forward';
1403
1404 my $email = $self->get('admin', 'email');
1405
1406 my $output = '';
1407 if ($email && $email =~ m/\s*(\S+)\s*/) {
1408 $output = "$1\n";
1409 } else {
1410 # empty .forward does not forward mails (see man local)
1411 }
1412
1413 my $old = PVE::Tools::file_get_contents($dstfn, 128*1024) if -f $dstfn;
1414
1415 return 0 if defined($old) && ($old eq $output); # no change
1416
1417 PVE::Tools::file_set_contents($dstfn, $output);
1418
1419 return 1;
1420 }
1421
1422 my $write_smtp_whitelist = sub {
1423 my ($filename, $data, $action) = @_;
1424
1425 $action = 'OK' if !$action;
1426
1427 my $old = PVE::Tools::file_get_contents($filename, 1024*1024)
1428 if -f $filename;
1429
1430 my $new = '';
1431 foreach my $k (sort keys %$data) {
1432 $new .= "$k $action\n";
1433 }
1434
1435 return 0 if defined($old) && ($old eq $new); # no change
1436
1437 PVE::Tools::file_set_contents($filename, $new);
1438
1439 PMG::Utils::run_postmap($filename);
1440
1441 return 1;
1442 };
1443
1444 sub rewrite_postfix_whitelist {
1445 my ($rulecache) = @_;
1446
1447 # see man page for regexp_table for postfix regex table format
1448
1449 # we use a hash to avoid duplicate entries in regex tables
1450 my $tolist = {};
1451 my $fromlist = {};
1452 my $clientlist = {};
1453
1454 foreach my $obj (@{$rulecache->{"greylist:receiver"}}) {
1455 my $oclass = ref($obj);
1456 if ($oclass eq 'PMG::RuleDB::Receiver') {
1457 my $addr = PMG::Utils::quote_regex($obj->{address});
1458 $tolist->{"/^$addr\$/"} = 1;
1459 } elsif ($oclass eq 'PMG::RuleDB::ReceiverDomain') {
1460 my $addr = PMG::Utils::quote_regex($obj->{address});
1461 $tolist->{"/^.+\@$addr\$/"} = 1;
1462 } elsif ($oclass eq 'PMG::RuleDB::ReceiverRegex') {
1463 my $addr = $obj->{address};
1464 $addr =~ s|/|\\/|g;
1465 $tolist->{"/^$addr\$/"} = 1;
1466 }
1467 }
1468
1469 foreach my $obj (@{$rulecache->{"greylist:sender"}}) {
1470 my $oclass = ref($obj);
1471 my $addr = PMG::Utils::quote_regex($obj->{address});
1472 if ($oclass eq 'PMG::RuleDB::EMail') {
1473 my $addr = PMG::Utils::quote_regex($obj->{address});
1474 $fromlist->{"/^$addr\$/"} = 1;
1475 } elsif ($oclass eq 'PMG::RuleDB::Domain') {
1476 my $addr = PMG::Utils::quote_regex($obj->{address});
1477 $fromlist->{"/^.+\@$addr\$/"} = 1;
1478 } elsif ($oclass eq 'PMG::RuleDB::WhoRegex') {
1479 my $addr = $obj->{address};
1480 $addr =~ s|/|\\/|g;
1481 $fromlist->{"/^$addr\$/"} = 1;
1482 } elsif ($oclass eq 'PMG::RuleDB::IPAddress') {
1483 $clientlist->{$obj->{address}} = 1;
1484 } elsif ($oclass eq 'PMG::RuleDB::IPNet') {
1485 $clientlist->{$obj->{address}} = 1;
1486 }
1487 }
1488
1489 $write_smtp_whitelist->("/etc/postfix/senderaccess", $fromlist);
1490 $write_smtp_whitelist->("/etc/postfix/rcptaccess", $tolist);
1491 $write_smtp_whitelist->("/etc/postfix/clientaccess", $clientlist);
1492 $write_smtp_whitelist->("/etc/postfix/postscreen_access", $clientlist, 'permit');
1493 };
1494
1495 # rewrite /etc/postfix/*
1496 sub rewrite_config_postfix {
1497 my ($self, $rulecache) = @_;
1498
1499 # make sure we have required files (else postfix start fails)
1500 IO::File->new($transport_map_filename, 'a', 0644);
1501
1502 my $changes = 0;
1503
1504 if ($self->get('mail', 'tls')) {
1505 eval {
1506 PMG::Utils::gen_proxmox_tls_cert();
1507 };
1508 syslog ('info', "generating certificate failed: $@") if $@;
1509 }
1510
1511 $changes = 1 if $self->rewrite_config_file(
1512 'main.cf.in', '/etc/postfix/main.cf');
1513
1514 $changes = 1 if $self->rewrite_config_file(
1515 'master.cf.in', '/etc/postfix/master.cf');
1516
1517 # make sure we have required files (else postfix start fails)
1518 # Note: postmap need a valid /etc/postfix/main.cf configuration
1519 postmap_pmg_domains();
1520 postmap_pmg_transport();
1521 postmap_tls_policy();
1522
1523 rewrite_postfix_whitelist($rulecache) if $rulecache;
1524
1525 # make sure aliases.db is up to date
1526 system('/usr/bin/newaliases');
1527
1528 return $changes;
1529 }
1530
1531 sub rewrite_config {
1532 my ($self, $rulecache, $restart_services, $force_restart) = @_;
1533
1534 $force_restart = {} if ! $force_restart;
1535
1536 if (($self->rewrite_config_postfix($rulecache) && $restart_services) ||
1537 $force_restart->{postfix}) {
1538 PMG::Utils::service_cmd('postfix', 'restart');
1539 }
1540
1541 if ($self->rewrite_dot_forward() && $restart_services) {
1542 # no need to restart anything
1543 }
1544
1545 if ($self->rewrite_config_postgres() && $restart_services) {
1546 # do nothing (too many side effects)?
1547 # does not happen anyways, because config does not change.
1548 }
1549
1550 if (($self->rewrite_config_spam() && $restart_services) ||
1551 $force_restart->{spam}) {
1552 PMG::Utils::service_cmd('pmg-smtp-filter', 'restart');
1553 }
1554
1555 if (($self->rewrite_config_clam() && $restart_services) ||
1556 $force_restart->{clam}) {
1557 PMG::Utils::service_cmd('clamav-daemon', 'restart');
1558 }
1559
1560 if (($self->rewrite_config_freshclam() && $restart_services) ||
1561 $force_restart->{freshclam}) {
1562 PMG::Utils::service_cmd('clamav-freshclam', 'restart');
1563 }
1564 }
1565
1566 1;
PMG API