pmgpolicy: add IPv6 support

adds a new configuration flag in the 'mail' configuration section to
selectively enable greylisting for IPv6 and leaves its default as false to
maintain backward compatibility.

this change also enables SPF verification of IPv6 addresses if 'spf' is set
in the 'mail' section as a side-effect

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 458d88e984b621b7c3220dd729ca6f4044a156e2..7b9ca4803333252618f9a71b053a147b343115eb 100755 (executable)
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -605,10 +605,15 @@ sub properties {
            default => 1,
        },
        greylist => {
-           description => "Use Greylisting.",
+           description => "Use Greylisting for IPv4.",
            type => 'boolean',
            default => 1,
        },
+       greylist6 => {
+           description => "Use Greylisting for IPv6.",
+           type => 'boolean',
+           default => 0,
+       },
        helotests => {
            description => "Use SMTP HELO tests.",
            type => 'boolean',
@@ -666,6 +671,7 @@ sub options {
        max_smtpd_in => { optional => 1 },
        max_smtpd_out => { optional => 1 },
        greylist => { optional => 1 },
+       greylist6 => { optional => 1 },
        helotests => { optional => 1 },
        tls => { optional => 1 },
        tlslog => { optional => 1 },

diff --git a/src/bin/pmgpolicy b/src/bin/pmgpolicy
index b371525ca1822460890ffa9507328e8555ed33de..810f81f41496985814debfaff5e07a5f36c1e1e7 100755 (executable)
--- a/src/bin/pmgpolicy
+++ b/src/bin/pmgpolicy
@@ -15,7 +15,7 @@ use Time::HiRes qw(gettimeofday);
 use Time::Zone;
 
 use PVE::INotify;
-use PVE::Tools;
+use PVE::Tools qw($IPV4RE $IPV6RE);
 use PVE::SafeSyslog;
 
 use PMG::Utils;
@@ -318,10 +318,12 @@ sub load_config {
     my $pmg_cfg = PMG::Config->new ();
     $self->{use_spf} = $pmg_cfg->get('mail', 'spf');
     $self->{use_greylist} = $pmg_cfg->get('mail', 'greylist');
+    $self->{use_greylist6} = $pmg_cfg->get('mail', 'greylist6');
 
     if ($opt_testmode) {
        $self->{use_spf} = 1;
        $self->{use_greylist} = 1;
+       $self->{use_greylist6} = 1;
     }
 
     my $nodename = PVE::INotify::nodename();
@@ -551,9 +553,17 @@ sub greylist_value {
        return 'dunno';
     }
 
-    my ($net, $host) = $ip =~ m/(\d+\.\d+\.\d+)\.(\d+)/; # IPv4 for now
-    return 'dunno' if !defined($net);
-    my $masklen = 24;
+    my $masklen;
+    my $do_greylist = 0;
+    if ($ip =~ m/$IPV4RE/) {
+       $masklen = 24;
+       $do_greylist = $self->{use_greylist};
+    } elsif ($ip =~ m/$IPV6RE/) {
+       $masklen = 64;
+       $do_greylist = $self->{use_greylist6};
+    } else {
+       return 'dunno';
+    }
 
     my $spf_header;
 
@@ -647,7 +657,7 @@ sub greylist_value {
        $self->{cache}->{$instance}->{spf_header_added} = 1;
     }
 
-    return $res if !$self->{use_greylist};
+    return $res if !$do_greylist;
 
     my $defer_res = "defer_if_permit Service is unavailable (try later)";