6 use POSIX
":sys_wait_h";
19 our $default_db_name = "Proxmox_ruledb";
21 our $cgreylist_merge_sql =
22 'INSERT INTO CGREYLIST (IPNet,Host,Sender,Receiver,Instance,RCTime,' .
23 'ExTime,Delay,Blocked,Passed,MTime,CID) ' .
24 'VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ' .
25 'ON CONFLICT (IPNet,Sender,Receiver) DO UPDATE SET ' .
26 'Host = CASE WHEN CGREYLIST.MTime >= excluded.MTime THEN CGREYLIST.Host ELSE excluded.Host END,' .
27 'CID = GREATEST(CGREYLIST.CID, excluded.CID), RCTime = LEAST(CGREYLIST.RCTime, excluded.RCTime),' .
28 'ExTime = GREATEST(CGREYLIST.ExTime, excluded.ExTime),' .
29 'Delay = GREATEST(CGREYLIST.Delay, excluded.Delay),' .
30 'Blocked = GREATEST(CGREYLIST.Blocked, excluded.Blocked),' .
31 'Passed = GREATEST(CGREYLIST.Passed, excluded.Passed)';
34 my ($database, $host, $port) = @_;
38 $database //= $default_db_name;
42 # Note: pmgtunnel uses UDP sockets inside directory '/var/run/pmgtunnel',
43 # and the cluster 'cid' as port number. You can connect to the
44 # socket with: host => /var/run/pmgtunnel, port => $cid
46 my $dsn = "dbi:Pg:dbname=$database;host=$host;port=$port;";
49 # only low level alarm interface works for DBI->connect
50 my $mask = POSIX
::SigSet-
>new(SIGALRM
);
51 my $action = POSIX
::SigAction-
>new(sub { die "connect timeout\n" }, $mask);
52 my $oldaction = POSIX
::SigAction-
>new();
53 sigaction
(SIGALRM
, $action, $oldaction);
59 $rdb = DBI-
>connect($dsn, 'root', undef,
60 { PrintError
=> 0, RaiseError
=> 1 });
64 sigaction
(SIGALRM
, $oldaction); # restore original handler
70 my $dsn = "DBI:Pg:dbname=$database;host=/var/run/postgresql;port=$port";
72 my $dbh = DBI-
>connect($dsn, $> == 0 ?
'root' : 'www-data', undef,
73 { PrintError
=> 0, RaiseError
=> 1 });
79 sub postgres_admin_cmd
{
80 my ($cmd, $options, @params) = @_;
82 $cmd = ref($cmd) ?
$cmd : [ $cmd ];
83 my $uid = getpwnam('postgres') || die "getpwnam postgres failed\n";
86 $! && die "setuid postgres ($uid) failed - $!\n";
88 PVE
::Tools
::run_command
([@$cmd, '-U', 'postgres', @params], %$options);
94 postgres_admin_cmd
('dropdb', undef, $dbname);
99 my $database_list = {};
104 my ($name, $owner) = map { PVE
::Tools
::trim
($_) } split(/\|/, $line);
105 return if !$name || !$owner;
107 $database_list->{$name} = { owner
=> $owner };
110 postgres_admin_cmd
('psql', { outfunc
=> $parser }, '--list', '--quiet', '--tuples-only');
112 return $database_list;
115 my $cgreylist_ctablecmd = <<__EOD;
116 CREATE TABLE CGreylist
117 (IPNet VARCHAR(16) NOT NULL,
118 Host INTEGER NOT NULL,
119 Sender VARCHAR(255) NOT NULL,
120 Receiver VARCHAR(255) NOT NULL,
121 Instance VARCHAR(255),
122 RCTime INTEGER NOT NULL,
123 ExTime INTEGER NOT NULL,
124 Delay INTEGER NOT NULL DEFAULT 0,
125 Blocked INTEGER NOT NULL,
126 Passed INTEGER NOT NULL,
127 CID INTEGER NOT NULL,
128 MTime INTEGER NOT NULL,
129 PRIMARY KEY (IPNet, Sender, Receiver));
131 CREATE INDEX CGreylist_Instance_Sender_Index ON CGreylist (Instance, Sender);
133 CREATE INDEX CGreylist_ExTime_Index ON CGreylist (ExTime);
135 CREATE INDEX CGreylist_MTime_Index ON CGreylist (MTime);
138 my $clusterinfo_ctablecmd = <<__EOD;
139 CREATE TABLE ClusterInfo
140 (CID INTEGER NOT NULL,
141 Name VARCHAR NOT NULL,
144 PRIMARY KEY (CID, Name))
147 my $local_stat_ctablecmd = <<__EOD;
148 CREATE TABLE LocalStat
149 (Time INTEGER NOT NULL UNIQUE,
150 RBLCount INTEGER DEFAULT 0 NOT NULL,
151 PregreetCount INTEGER DEFAULT 0 NOT NULL,
152 CID INTEGER NOT NULL,
153 MTime INTEGER NOT NULL,
154 PRIMARY KEY (Time, CID));
156 CREATE INDEX LocalStat_MTime_Index ON LocalStat (MTime);
160 my $daily_stat_ctablecmd = <<__EOD;
161 CREATE TABLE DailyStat
162 (Time INTEGER NOT NULL UNIQUE,
163 CountIn INTEGER NOT NULL,
164 CountOut INTEGER NOT NULL,
165 BytesIn REAL NOT NULL,
166 BytesOut REAL NOT NULL,
167 VirusIn INTEGER NOT NULL,
168 VirusOut INTEGER NOT NULL,
169 SpamIn INTEGER NOT NULL,
170 SpamOut INTEGER NOT NULL,
171 BouncesIn INTEGER NOT NULL,
172 BouncesOut INTEGER NOT NULL,
173 GreylistCount INTEGER NOT NULL,
174 SPFCount INTEGER NOT NULL,
175 PTimeSum REAL NOT NULL,
176 MTime INTEGER NOT NULL,
177 RBLCount INTEGER DEFAULT 0 NOT NULL,
180 CREATE INDEX DailyStat_MTime_Index ON DailyStat (MTime);
184 my $domain_stat_ctablecmd = <<__EOD;
185 CREATE TABLE DomainStat
186 (Time INTEGER NOT NULL,
187 Domain VARCHAR(255) NOT NULL,
188 CountIn INTEGER NOT NULL,
189 CountOut INTEGER NOT NULL,
190 BytesIn REAL NOT NULL,
191 BytesOut REAL NOT NULL,
192 VirusIn INTEGER NOT NULL,
193 VirusOut INTEGER NOT NULL,
194 SpamIn INTEGER NOT NULL,
195 SpamOut INTEGER NOT NULL,
196 BouncesIn INTEGER NOT NULL,
197 BouncesOut INTEGER NOT NULL,
198 PTimeSum REAL NOT NULL,
199 MTime INTEGER NOT NULL,
200 PRIMARY KEY (Time, Domain));
202 CREATE INDEX DomainStat_MTime_Index ON DomainStat (MTime);
205 my $statinfo_ctablecmd = <<__EOD;
206 CREATE TABLE StatInfo
207 (Name VARCHAR(255) NOT NULL UNIQUE,
213 my $virusinfo_stat_ctablecmd = <<__EOD;
214 CREATE TABLE VirusInfo
215 (Time INTEGER NOT NULL,
216 Name VARCHAR NOT NULL,
217 Count INTEGER NOT NULL,
218 MTime INTEGER NOT NULL,
219 PRIMARY KEY (Time, Name));
221 CREATE INDEX VirusInfo_MTime_Index ON VirusInfo (MTime);
227 # V - Virus quarantine
228 # S - Spam quarantine
229 # D - Delayed Mails - not implemented
230 # A - Held for Audit - not implemented
235 my $cmailstore_ctablecmd = <<__EOD;
236 CREATE TABLE CMailStore
237 (CID INTEGER DEFAULT 0 NOT NULL,
238 RID INTEGER NOT NULL,
240 Time INTEGER NOT NULL,
241 QType "char" NOT NULL,
242 Bytes INTEGER NOT NULL,
243 Spamlevel INTEGER NOT NULL,
245 Sender VARCHAR(255) NOT NULL,
246 Header VARCHAR NOT NULL,
247 File VARCHAR(255) NOT NULL,
248 PRIMARY KEY (CID, RID));
249 CREATE INDEX CMailStore_Time_Index ON CMailStore (Time);
251 CREATE TABLE CMSReceivers
252 (CMailStore_CID INTEGER NOT NULL,
253 CMailStore_RID INTEGER NOT NULL,
254 PMail VARCHAR(255) NOT NULL,
255 Receiver VARCHAR(255),
256 TicketID INTEGER NOT NULL,
257 Status "char" NOT NULL,
258 MTime INTEGER NOT NULL);
260 CREATE INDEX CMailStore_ID_Index ON CMSReceivers (CMailStore_CID, CMailStore_RID);
262 CREATE INDEX CMSReceivers_MTime_Index ON CMSReceivers (MTime);
266 my $cstatistic_ctablecmd = <<__EOD;
267 CREATE TABLE CStatistic
268 (CID INTEGER DEFAULT 0 NOT NULL,
269 RID INTEGER NOT NULL,
271 Time INTEGER NOT NULL,
272 Bytes INTEGER NOT NULL,
273 Direction Boolean NOT NULL,
274 Spamlevel INTEGER NOT NULL,
275 VirusInfo VARCHAR(255) NULL,
276 PTime INTEGER NOT NULL,
277 Sender VARCHAR(255) NOT NULL,
278 PRIMARY KEY (CID, RID));
280 CREATE INDEX CStatistic_Time_Index ON CStatistic (Time);
282 CREATE TABLE CReceivers
283 (CStatistic_CID INTEGER NOT NULL,
284 CStatistic_RID INTEGER NOT NULL,
285 Receiver VARCHAR(255) NOT NULL,
286 Blocked Boolean NOT NULL);
288 CREATE INDEX CStatistic_ID_Index ON CReceivers (CStatistic_CID, CStatistic_RID);
291 # user preferences (black an whitelists, ...)
292 # Name: perference name ('BL' -> blacklist, 'WL' -> whitelist)
293 # Data: arbitrary data
294 my $userprefs_ctablecmd = <<__EOD;
295 CREATE TABLE UserPrefs
299 MTime INTEGER NOT NULL,
300 PRIMARY KEY (PMail, Name));
302 CREATE INDEX UserPrefs_MTime_Index ON UserPrefs (MTime);
306 sub cond_create_dbtable
{
307 my ($dbh, $name, $ctablecmd) = @_;
312 my $cmd = "SELECT tablename FROM pg_tables " .
313 "WHERE tablename = lower ('$name')";
315 my $sth = $dbh->prepare($cmd);
319 if (!(my $ref = $sth->fetchrow_hashref())) {
320 $dbh->do ($ctablecmd);
333 sub database_column_exists
{
334 my ($dbh, $table, $column) = @_;
336 my $sth = $dbh->prepare(
337 "SELECT column_name FROM information_schema.columns " .
338 "WHERE table_name = ? and column_name = ?");
339 $sth->execute(lc($table), lc($column));
340 my $res = $sth->fetchrow_hashref();
341 return defined($res);
347 $dbname = $default_db_name if !$dbname;
349 my $silent_opts = { outfunc
=> sub {}, errfunc
=> sub {} };
350 # make sure we have user 'root'
351 eval { postgres_admin_cmd
('createuser', $silent_opts, '-D', 'root'); };
352 # also create 'www-data' (and give it read-only access below)
353 eval { postgres_admin_cmd
('createuser', $silent_opts, '-I', '-D', 'www-data'); };
355 # use sql_ascii to avoid any character set conversions, and be compatible with
356 # older postgres versions (update from 8.1 must be possible)
358 postgres_admin_cmd
('createdb', undef, '-E', 'sql_ascii', '-T', 'template0',
359 '--lc-collate=C', '--lc-ctype=C', $dbname);
361 my $dbh = open_ruledb
($dbname);
363 # make sure 'www-data' can read all tables
364 $dbh->do("ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO \"www-data\"");
368 CREATE TABLE Attribut
369 (Object_ID INTEGER NOT NULL,
370 Name VARCHAR(20) NOT NULL,
372 PRIMARY KEY (Object_ID, Name));
374 CREATE INDEX Attribut_Object_ID_Index ON Attribut(Object_ID);
378 ObjectType INTEGER NOT NULL,
379 Objectgroup_ID INTEGER NOT NULL,
383 CREATE TABLE Objectgroup
385 Name VARCHAR(255) NOT NULL,
386 Info VARCHAR(255) NULL,
387 Class VARCHAR(10) NOT NULL,
392 Name VARCHAR(255) NULL,
393 Priority INTEGER NOT NULL,
394 Active INTEGER NOT NULL DEFAULT 0,
395 Direction INTEGER NOT NULL DEFAULT 2,
396 Count INTEGER NOT NULL DEFAULT 0,
399 CREATE TABLE RuleGroup
400 (Objectgroup_ID INTEGER NOT NULL,
401 Rule_ID INTEGER NOT NULL,
402 Grouptype INTEGER NOT NULL,
403 PRIMARY KEY (Objectgroup_ID, Rule_ID, Grouptype));
405 $cgreylist_ctablecmd;
407 $clusterinfo_ctablecmd;
409 $local_stat_ctablecmd;
411 $daily_stat_ctablecmd;
413 $domain_stat_ctablecmd;
417 $cmailstore_ctablecmd;
419 $cstatistic_ctablecmd;
421 $userprefs_ctablecmd;
423 $virusinfo_stat_ctablecmd;
430 sub cond_create_action_quarantine
{
433 my $dbh = $ruledb->{dbh
};
436 my $sth = $dbh->prepare(
437 "SELECT * FROM Objectgroup, Object " .
438 "WHERE Object.ObjectType = ? AND Objectgroup.Class = ? " .
439 "AND Object.objectgroup_id = Objectgroup.id");
441 my $otype = PMG
::RuleDB
::Quarantine
::otype
();
442 if ($sth->execute($otype, 'action') <= 0) {
443 my $obj = PMG
::RuleDB
::Quarantine-
>new ();
444 my $txt = decode_entities
(PMG
::RuleDB
::Quarantine-
>otype_text);
445 my $quarantine = $ruledb->create_group_with_obj
446 ($obj, $txt, 'Move to quarantine.');
451 sub cond_create_std_actions
{
454 cond_create_action_quarantine
($ruledb);
456 #cond_create_action_report_spam($ruledb);
463 my $dbh = $ruledb->{dbh
};
465 # make sure we do not use slow sequential scans when upgraing
466 # database (before analyze can gather statistics)
467 $dbh->do("set enable_seqscan = false");
470 'LocalStat', $local_stat_ctablecmd,
471 'DailyStat', $daily_stat_ctablecmd,
472 'DomainStat', $domain_stat_ctablecmd,
473 'StatInfo', $statinfo_ctablecmd,
474 'CMailStore', $cmailstore_ctablecmd,
475 'UserPrefs', $userprefs_ctablecmd,
476 'CGreylist', $cgreylist_ctablecmd,
477 'CStatistic', $cstatistic_ctablecmd,
478 'ClusterInfo', $clusterinfo_ctablecmd,
479 'VirusInfo', $virusinfo_stat_ctablecmd,
482 foreach my $table (keys %$tables) {
483 cond_create_dbtable
($dbh, $table, $tables->{$table});
486 cond_create_std_actions
($ruledb);
488 # upgrade tables here if necessary
489 if (!database_column_exists
($dbh, 'LocalStat', 'PregreetCount')) {
490 $dbh->do("ALTER TABLE LocalStat ADD COLUMN " .
491 "PregreetCount INTEGER DEFAULT 0 NOT NULL");
494 # add missing TicketID to CMSReceivers
495 if (!database_column_exists
($dbh, 'CMSReceivers', 'TicketID')) {
498 $dbh->do("CREATE SEQUENCE cmsreceivers_ticketid_seq");
499 $dbh->do("ALTER TABLE CMSReceivers ADD COLUMN " .
500 "TicketID INTEGER NOT NULL " .
501 "DEFAULT nextval('cmsreceivers_ticketid_seq')");
502 $dbh->do("ALTER TABLE CMSReceivers ALTER COLUMN " .
503 "TicketID DROP DEFAULT");
504 $dbh->do("DROP SEQUENCE cmsreceivers_ticketid_seq");
513 # update obsolete content type names
515 $dbh->do("UPDATE Object " .
516 "SET value = 'content-type:application/java-vm' ".
517 "WHERE objecttype = 3003 " .
518 "AND value = 'content-type:application/x-java-vm';");
521 foreach my $table (keys %$tables) {
522 eval { $dbh->do("ANALYZE $table"); };
530 my ($ruledb, $reset, $testmode) = @_;
532 my $dbh = $ruledb->{dbh
};
535 # Greylist Objectgroup
536 my $greylistgroup = PMG
::RuleDB
::Group-
>new
537 ("GreyExclusion", "-", "greylist");
538 $ruledb->save_group ($greylistgroup);
541 # we do not touch greylist objects
542 my $glids = "SELECT object.ID FROM Object, Objectgroup WHERE " .
543 "objectgroup_id = objectgroup.id and class = 'greylist'";
545 $dbh->do ("DELETE FROM Rule; " .
546 "DELETE FROM RuleGroup; " .
547 "DELETE FROM Attribut WHERE Object_ID NOT IN ($glids); " .
548 "DELETE FROM Object WHERE ID NOT IN ($glids); " .
549 "DELETE FROM Objectgroup WHERE class != 'greylist';");
555 my $obj = PMG
::RuleDB
::EMail-
>new ('nomail@fromthisdomain.com');
556 my $blacklist = $ruledb->create_group_with_obj(
557 $obj, 'Blacklist', 'Global blacklist');
560 $obj = PMG
::RuleDB
::EMail-
>new('mail@fromthisdomain.com');
561 my $whitelist = $ruledb->create_group_with_obj(
562 $obj, 'Whitelist', 'Global whitelist');
567 $obj = PMG
::RuleDB
::TimeFrame-
>new(8*60, 16*60);
568 my $working_hours =$ruledb->create_group_with_obj($obj, 'Office Hours' ,
569 'Usual office hours');
574 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('image/.*');
575 my $img_content = $ruledb->create_group_with_obj(
576 $obj, 'Images', 'All kinds of graphic files');
579 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('audio/.*');
580 my $mm_content = $ruledb->create_group_with_obj(
581 $obj, 'Multimedia', 'Audio and Video');
583 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('video/.*');
584 $ruledb->group_add_object($mm_content, $obj);
587 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('application/vnd\.ms-excel');
588 my $office_content = $ruledb->create_group_with_obj(
589 $obj, 'Office Files', 'Common Office Files');
591 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new(
592 'application/vnd\.ms-powerpoint');
594 $ruledb->group_add_object($office_content, $obj);
596 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('application/msword');
597 $ruledb->group_add_object ($office_content, $obj);
599 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new(
600 'application/vnd\.openxmlformats-officedocument\..*');
601 $ruledb->group_add_object($office_content, $obj);
603 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new(
604 'application/vnd\.oasis\.opendocument\..*');
605 $ruledb->group_add_object($office_content, $obj);
607 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new(
608 'application/vnd\.stardivision\..*');
609 $ruledb->group_add_object($office_content, $obj);
611 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new(
612 'application/vnd\.sun\.xml\..*');
613 $ruledb->group_add_object($office_content, $obj);
616 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new(
617 'application/x-ms-dos-executable');
618 my $exe_content = $ruledb->create_group_with_obj(
619 $obj, 'Dangerous Content', 'executable files and partial messages');
621 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('application/x-java');
622 $ruledb->group_add_object($exe_content, $obj);
623 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('application/javascript');
624 $ruledb->group_add_object($exe_content, $obj);
625 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('application/x-executable');
626 $ruledb->group_add_object($exe_content, $obj);
627 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('application/x-ms-dos-executable');
628 $ruledb->group_add_object($exe_content, $obj);
629 $obj = PMG
::RuleDB
::ContentTypeFilter-
>new('message/partial');
630 $ruledb->group_add_object($exe_content, $obj);
631 $obj = PMG
::RuleDB
::MatchFilename-
>new('.*\.(vbs|pif|lnk|shs|shb)');
632 $ruledb->group_add_object($exe_content, $obj);
633 $obj = PMG
::RuleDB
::MatchFilename-
>new('.*\.\{.+\}');
634 $ruledb->group_add_object($exe_content, $obj);
637 $obj = PMG
::RuleDB
::Virus-
>new();
638 my $virus = $ruledb->create_group_with_obj(
639 $obj, 'Virus', 'Matches virus infected mail');
644 $obj = PMG
::RuleDB
::Spam-
>new(3);
645 my $spam3 = $ruledb->create_group_with_obj(
646 $obj, 'Spam (Level 3)', 'Matches possible spam mail');
648 $obj = PMG
::RuleDB
::Spam-
>new(5);
649 my $spam5 = $ruledb->create_group_with_obj(
650 $obj, 'Spam (Level 5)', 'Matches possible spam mail');
652 $obj = PMG
::RuleDB
::Spam-
>new(10);
653 my $spam10 = $ruledb->create_group_with_obj(
654 $obj, 'Spam (Level 10)', 'Matches possible spam mail');
659 $obj = PMG
::RuleDB
::ModField-
>new('X-SPAM-LEVEL', '__SPAM_INFO__');
660 my $mod_spam_level = $ruledb->create_group_with_obj(
661 $obj, 'Modify Spam Level',
662 'Mark mail as spam by adding a header tag.');
665 $obj = PMG
::RuleDB
::ModField-
>new('subject', 'SPAM: __SUBJECT__');
666 my $mod_spam_subject = $ruledb->create_group_with_obj(
667 $obj, 'Modify Spam Subject',
668 'Mark mail as spam by modifying the subject.');
670 # Remove matching attachments
671 $obj = PMG
::RuleDB
::Remove-
>new(0);
672 my $remove = $ruledb->create_group_with_obj(
673 $obj, 'Remove attachments', 'Remove matching attachments');
675 # Remove all attachments
676 $obj = PMG
::RuleDB
::Remove-
>new(1);
677 my $remove_all = $ruledb->create_group_with_obj(
678 $obj, 'Remove all attachments', 'Remove all attachments');
681 $obj = PMG
::RuleDB
::Accept-
>new();
682 my $accept = $ruledb->create_group_with_obj(
683 $obj, 'Accept', 'Accept mail for Delivery');
686 $obj = PMG
::RuleDB
::Block-
>new ();
687 my $block = $ruledb->create_group_with_obj($obj, 'Block', 'Block mail');
690 $obj = PMG
::RuleDB
::Quarantine-
>new();
691 my $quarantine = $ruledb->create_group_with_obj(
692 $obj, 'Quarantine', 'Move mail to quarantine');
695 $obj = PMG
::RuleDB
::Notify-
>new('__ADMIN__');
696 my $notify_admin = $ruledb->create_group_with_obj(
697 $obj, 'Notify Admin', 'Send notification');
700 $obj = PMG
::RuleDB
::Notify-
>new('__SENDER__');
701 my $notify_sender = $ruledb->create_group_with_obj(
702 $obj, 'Notify Sender', 'Send notification');
705 $obj = PMG
::RuleDB
::Disclaimer-
>new ();
706 my $add_discl = $ruledb->create_group_with_obj(
707 $obj, 'Disclaimer', 'Add Disclaimer');
709 # Attach original mail
710 #$obj = Proxmox::RuleDB::Attach->new ();
711 #my $attach_orig = $ruledb->create_group_with_obj ($obj, 'Attach Original Mail',
712 # 'Attach Original Mail');
714 ####################### RULES ##################################
716 ## Block Dangerous Files
717 my $rule = PMG
::RuleDB
::Rule-
>new ('Block Dangerous Files', 93, 1, 0);
718 $ruledb->save_rule ($rule);
720 $ruledb->rule_add_what_group ($rule, $exe_content);
721 $ruledb->rule_add_action ($rule, $remove);
724 $rule = PMG
::RuleDB
::Rule-
>new ('Block Viruses', 96, 1, 0);
725 $ruledb->save_rule ($rule);
727 $ruledb->rule_add_what_group ($rule, $virus);
728 $ruledb->rule_add_action ($rule, $notify_admin);
731 $ruledb->rule_add_action ($rule, $block);
733 $ruledb->rule_add_action ($rule, $quarantine);
737 $rule = PMG
::RuleDB
::Rule-
>new ('Virus Alert', 96, 1, 1);
738 $ruledb->save_rule ($rule);
740 $ruledb->rule_add_what_group ($rule, $virus);
741 $ruledb->rule_add_action ($rule, $notify_sender);
742 $ruledb->rule_add_action ($rule, $notify_admin);
743 $ruledb->rule_add_action ($rule, $block);
746 $rule = PMG
::RuleDB
::Rule-
>new ('Blacklist', 98, 1, 0);
747 $ruledb->save_rule ($rule);
749 $ruledb->rule_add_from_group ($rule, $blacklist);
750 $ruledb->rule_add_action ($rule, $block);
754 $rule = PMG
::RuleDB
::Rule-
>new ('Modify Header', 90, 1, 0);
755 $ruledb->save_rule ($rule);
756 $ruledb->rule_add_action ($rule, $mod_spam_level);
760 $rule = PMG
::RuleDB
::Rule-
>new ('Whitelist', 85, 1, 0);
761 $ruledb->save_rule ($rule);
763 $ruledb->rule_add_from_group ($rule, $whitelist);
764 $ruledb->rule_add_action ($rule, $accept);
767 $rule = PMG
::RuleDB
::Rule-
>new ('Mark Spam', 80, 1, 0);
768 $ruledb->save_rule ($rule);
770 $ruledb->rule_add_what_group ($rule, $spam10);
771 $ruledb->rule_add_action ($rule, $mod_spam_level);
772 $ruledb->rule_add_action ($rule, $mod_spam_subject);
774 # Quarantine/Mark Spam (Level 3)
775 $rule = PMG
::RuleDB
::Rule-
>new ('Quarantine/Mark Spam (Level 3)', 80, 1, 0);
776 $ruledb->save_rule ($rule);
778 $ruledb->rule_add_what_group ($rule, $spam3);
779 $ruledb->rule_add_action ($rule, $mod_spam_subject);
780 $ruledb->rule_add_action ($rule, $quarantine);
781 #$ruledb->rule_add_action ($rule, $count_spam);
784 # Quarantine/Mark Spam (Level 5)
785 $rule = PMG
::RuleDB
::Rule-
>new ('Quarantine/Mark Spam (Level 5)', 81, 0, 0);
786 $ruledb->save_rule ($rule);
788 $ruledb->rule_add_what_group ($rule, $spam5);
789 $ruledb->rule_add_action ($rule, $mod_spam_subject);
790 $ruledb->rule_add_action ($rule, $quarantine);
792 ## Block Spam Level 10
793 $rule = PMG
::RuleDB
::Rule-
>new ('Block Spam (Level 10)', 82, 0, 0);
794 $ruledb->save_rule ($rule);
796 $ruledb->rule_add_what_group ($rule, $spam10);
797 $ruledb->rule_add_action ($rule, $block);
799 ## Block Outgoing Spam
800 $rule = PMG
::RuleDB
::Rule-
>new ('Block outgoing Spam', 70, 0, 1);
801 $ruledb->save_rule ($rule);
803 $ruledb->rule_add_what_group ($rule, $spam3);
804 $ruledb->rule_add_action ($rule, $notify_admin);
805 $ruledb->rule_add_action ($rule, $notify_sender);
806 $ruledb->rule_add_action ($rule, $block);
809 $rule = PMG
::RuleDB
::Rule-
>new ('Add Disclaimer', 60, 0, 1);
810 $ruledb->save_rule ($rule);
811 $ruledb->rule_add_action ($rule, $add_discl);
813 # Block Multimedia Files
814 $rule = PMG
::RuleDB
::Rule-
>new ('Block Multimedia Files', 87, 0, 2);
815 $ruledb->save_rule ($rule);
817 $ruledb->rule_add_what_group ($rule, $mm_content);
818 $ruledb->rule_add_action ($rule, $remove);
820 #$ruledb->rule_add_from_group ($rule, $anybody);
821 #$ruledb->rule_add_from_group ($rule, $trusted);
822 #$ruledb->rule_add_to_group ($rule, $anybody);
823 #$ruledb->rule_add_what_group ($rule, $ct_filter);
824 #$ruledb->rule_add_action ($rule, $add_discl);
825 #$ruledb->rule_add_action ($rule, $remove);
826 #$ruledb->rule_add_action ($rule, $bcc);
827 #$ruledb->rule_add_action ($rule, $storeq);
828 #$ruledb->rule_add_action ($rule, $accept);
830 cond_create_std_actions
($ruledb);
835 sub get_remote_time
{
838 my $sth = $rdb->prepare("SELECT EXTRACT (EPOCH FROM TIMESTAMP (0) WITH TIME ZONE 'now') as ctime;");
840 my $ctinfo = $sth->fetchrow_hashref();
843 return $ctinfo ?
$ctinfo->{ctime
} : 0;
847 my ($lcid, $database) = @_;
849 die "got unexpected cid for new master" if !$lcid;
854 $dbh = open_ruledb
($database);
858 print STDERR
"update quarantine database\n";
859 $dbh->do ("UPDATE CMailStore SET CID = $lcid WHERE CID = 0;" .
860 "UPDATE CMSReceivers SET CMailStore_CID = $lcid WHERE CMailStore_CID = 0;");
862 print STDERR
"update statistic database\n";
863 $dbh->do ("UPDATE CStatistic SET CID = $lcid WHERE CID = 0;" .
864 "UPDATE CReceivers SET CStatistic_CID = $lcid WHERE CStatistic_CID = 0;");
866 print STDERR
"update greylist database\n";
867 $dbh->do ("UPDATE CGreylist SET CID = $lcid WHERE CID = 0;");
869 print STDERR
"update localstat database\n";
870 $dbh->do ("UPDATE LocalStat SET CID = $lcid WHERE CID = 0;");
877 $dbh->rollback if $err;
884 sub purge_statistic_database
{
885 my ($dbh, $statlifetime) = @_;
887 return if $statlifetime <= 0;
889 my (undef, undef, undef, $mday, $mon, $year) = localtime(time());
890 my $end = timelocal
(0, 0, 0, $mday, $mon, $year);
891 my $start = $end - $statlifetime*86400;
893 # delete statistics older than $start
900 my $sth = $dbh->prepare("DELETE FROM CStatistic WHERE time < $start");
906 $sth = $dbh->prepare(
907 "DELETE FROM CReceivers WHERE NOT EXISTS " .
908 "(SELECT * FROM CStatistic WHERE CID = CStatistic_CID AND RID = CStatistic_RID)");
922 sub purge_quarantine_database
{
923 my ($dbh, $qtype, $lifetime) = @_;
925 my $spooldir = $PMG::MailQueue
::spooldir
;
927 my (undef, undef, undef, $mday, $mon, $year) = localtime(time());
928 my $end = timelocal
(0, 0, 0, $mday, $mon, $year);
929 my $start = $end - $lifetime*86400;
931 my $sth = $dbh->prepare(
932 "SELECT file FROM CMailStore WHERE time < $start AND QType = '$qtype'");
938 while (my $ref = $sth->fetchrow_hashref()) {
939 my $filename = "$spooldir/$ref->{file}";
940 $count++ if unlink($filename);
946 "DELETE FROM CMailStore WHERE time < $start AND QType = '$qtype';" .
947 "DELETE FROM CMSReceivers WHERE NOT EXISTS " .
948 "(SELECT * FROM CMailStore WHERE CID = CMailStore_CID AND RID = CMailStore_RID)");
953 sub get_quarantine_count
{
954 my ($dbh, $qtype) = @_;
956 # Note;: We try to estimate used disk space - each mail
957 # is stored in an extra file ...
961 my $sth = $dbh->prepare(
962 "SELECT count(ID) as count, sum (ceil((Bytes+$bs-1)/$bs)*$bs) / (1024*1024) as mbytes, " .
963 "avg(Bytes) as avgbytes, avg(Spamlevel) as avgspam " .
964 "FROM CMailStore WHERE QType = ?");
966 $sth->execute($qtype);
968 my $ref = $sth->fetchrow_hashref();
972 foreach my $k (qw(count mbytes avgbytes avgspam)) {
980 my ($ldb, $rdb, $table) = @_;
984 my $sth = $ldb->column_info(undef, undef, $table, undef);
985 my $attrs = $sth->fetchall_arrayref({});
988 foreach my $ref (@$attrs) {
989 push @col_arr, $ref->{COLUMN_NAME
};
994 my $cols = join(', ', @col_arr);
995 $cols || die "unable to fetch column definitions of table '$table' : ERROR";
997 $rdb->do("COPY $table ($cols) TO STDOUT");
1002 $ldb->do("COPY $table ($cols) FROM stdin");
1004 while ($rdb->pg_getcopydata($data) >= 0) {
1005 $ldb->pg_putcopydata($data);
1008 $ldb->pg_putcopyend();
1011 $ldb->pg_putcopyend();
1016 sub copy_selected_data
{
1017 my ($dbh, $select_sth, $table, $attrs, $callback) = @_;
1021 my $insert_sth = $dbh->prepare(
1022 "INSERT INTO ${table}(" . join(',', @$attrs) . ') ' .
1023 'VALUES (' . join(',', ('?') x
scalar(@$attrs)) . ')');
1025 while (my $ref = $select_sth->fetchrow_hashref()) {
1026 $callback->($ref) if $callback;
1028 $insert_sth->execute(map { $ref->{$_} } @$attrs);
1034 sub update_master_clusterinfo
{
1035 my ($clientcid) = @_;
1037 my $dbh = open_ruledb
();
1039 $dbh->do("DELETE FROM ClusterInfo WHERE CID = $clientcid");
1041 my @mt = ('CMSReceivers', 'CGreylist', 'UserPrefs', 'DomainStat', 'DailyStat', 'LocalStat', 'VirusInfo');
1043 foreach my $table (@mt) {
1044 $dbh->do ("INSERT INTO ClusterInfo (cid, name, ivalue) select $clientcid, 'lastmt_$table', " .
1045 "EXTRACT(EPOCH FROM now())");
1049 sub update_client_clusterinfo
{
1050 my ($mastercid) = @_;
1052 my $dbh = open_ruledb
();
1054 $dbh->do ("DELETE FROM StatInfo"); # not needed at node
1056 $dbh->do ("DELETE FROM ClusterInfo WHERE CID = $mastercid");
1058 $dbh->do ("INSERT INTO ClusterInfo (cid, name, ivalue) select $mastercid, 'lastid_CMailStore', " .
1059 "COALESCE (max (rid), -1) FROM CMailStore WHERE cid = $mastercid");
1061 $dbh->do ("INSERT INTO ClusterInfo (cid, name, ivalue) select $mastercid, 'lastid_CStatistic', " .
1062 "COALESCE (max (rid), -1) FROM CStatistic WHERE cid = $mastercid");
1064 my @mt = ('CMSReceivers', 'CGreylist', 'UserPrefs', 'DomainStat', 'DailyStat', 'LocalStat', 'VirusInfo');
1066 foreach my $table (@mt) {
1067 $dbh->do ("INSERT INTO ClusterInfo (cid, name, ivalue) select $mastercid, 'lastmt_$table', " .
1068 "COALESCE (max (mtime), 0) FROM $table");
1072 sub create_clusterinfo_default
{
1073 my ($dbh, $rcid, $name, $ivalue, $svalue) = @_;
1075 my $sth = $dbh->prepare("SELECT * FROM ClusterInfo WHERE CID = ? AND Name = ?");
1076 $sth->execute($rcid, $name);
1077 if (!$sth->fetchrow_hashref()) {
1078 $dbh->do("INSERT INTO ClusterInfo (CID, Name, IValue, SValue) " .
1079 "VALUES (?, ?, ?, ?)", undef,
1080 $rcid, $name, $ivalue, $svalue);
1085 sub read_int_clusterinfo
{
1086 my ($dbh, $rcid, $name) = @_;
1088 my $sth = $dbh->prepare(
1089 "SELECT ivalue as value FROM ClusterInfo " .
1090 "WHERE cid = ? AND NAME = ?");
1091 $sth->execute($rcid, $name);
1092 my $cinfo = $sth->fetchrow_hashref();
1095 return $cinfo->{value
};
1098 sub write_maxint_clusterinfo
{
1099 my ($dbh, $rcid, $name, $value) = @_;
1101 $dbh->do("UPDATE ClusterInfo SET ivalue = GREATEST(ivalue, ?) " .
1102 "WHERE cid = ? AND name = ?", undef,
1103 $value, $rcid, $name);
1109 my $ni = $cinfo->{master
};
1111 die "no master defined - unable to sync data from master\n" if !$ni;
1113 my $master_ip = $ni->{ip
};
1114 my $master_cid = $ni->{cid
};
1115 my $master_name = $ni->{name
};
1117 my $fn = "/tmp/masterdb$$.tar";
1120 my $dbname = $default_db_name;
1123 print STDERR
"copying master database from '${master_ip}'\n";
1125 open (my $fh, ">", $fn) || die "open '$fn' failed - $!\n";
1127 my $cmd = ['/usr/bin/ssh', '-o', 'BatchMode=yes',
1128 '-o', "HostKeyAlias=${master_name}", $master_ip,
1129 'pg_dump', $dbname, '-F', 'c' ];
1131 PVE
::Tools
::run_command
($cmd, output
=> '>&' . fileno($fh));
1137 print STDERR
"copying master database finished (got $size bytes)\n";
1139 print STDERR
"delete local database\n";
1141 postgres_admin_cmd
('dropdb', undef, $dbname , '--if-exists');
1143 print STDERR
"create new local database\n";
1145 postgres_admin_cmd
('createdb', undef, $dbname);
1147 print STDERR
"insert received data into local database\n";
1153 if ($line =~ m/restoring data for table \"(.+)\"/) {
1154 print STDERR
"restoring table $1\n";
1155 } elsif (!$mess && ($line =~ m/creating (INDEX|CONSTRAINT)/)) {
1156 $mess = "creating indexes";
1157 print STDERR
"$mess\n";
1164 errmsg
=> "pg_restore failed"
1167 postgres_admin_cmd
('pg_restore', $opts, '-d', $dbname, '-v', $fn);
1169 print STDERR
"run analyze to speed up database queries\n";
1171 postgres_admin_cmd
('psql', { input
=> 'analyze;' }, $dbname);
1173 update_client_clusterinfo
($master_cid);
1183 sub cluster_sync_status
{
1190 foreach my $ni (values %{$cinfo->{ids
}}) {
1191 next if $cinfo->{local}->{cid
} == $ni->{cid
}; # skip local CID
1192 $minmtime->{$ni->{cid
}} = 0;
1196 $dbh = open_ruledb
();
1198 my $sth = $dbh->prepare(
1199 "SELECT cid, MIN (ivalue) as minmtime FROM ClusterInfo " .
1200 "WHERE name = 'lastsync' AND ivalue > 0 " .
1205 while (my $info = $sth->fetchrow_hashref()) {
1206 foreach my $ni (values %{$cinfo->{ids
}}) {
1207 next if $cinfo->{local}->{cid
} == $ni->{cid
}; # skip local CID
1208 if ($ni->{cid
} == $info->{cid
}) { # node exists
1209 $minmtime->{$ni->{cid
}} = $info->{minmtime
};
1218 $dbh->disconnect() if $dbh;
1220 syslog
('err', $err) if $err;
1225 sub load_mail_data
{
1226 my ($dbh, $cid, $rid, $ticketid) = @_;
1228 my $sth = $dbh->prepare(
1229 "SELECT * FROM CMailStore, CMSReceivers WHERE " .
1230 "CID = ? AND RID = ? AND TicketID = ? AND " .
1231 "CID = CMailStore_CID AND RID = CMailStore_RID");
1232 $sth->execute($cid, $rid, $ticketid);
1234 my $res = $sth->fetchrow_hashref();
1238 die "no such mail (C${cid}R${rid}T${ticketid})\n" if !defined($res);
1246 # Note: we pass $ruledb when modifying SMTP whitelist
1247 if (defined($ruledb)) {
1249 my $rulecache = PMG
::RuleCache-
>new($ruledb);
1250 PMG
::Config
::rewrite_postfix_whitelist
($rulecache);
1253 warn "problems updating SMTP whitelist - $err";
1257 my $pid_file = '/var/run/pmg-smtp-filter.pid';
1258 my $pid = PVE
::Tools
::file_read_firstline
($pid_file);
1262 return 0 if $pid !~ m/^(\d+)$/;
1263 $pid = $1; # untaint
1265 return kill (10, $pid); # send SIGUSR1