adds a new configuration flag in the 'mail' configuration section to
selectively enable greylisting for IPv6 and leaves its default as false to
maintain backward compatibility.
this change also enables SPF verification of IPv6 addresses if 'spf' is set
in the 'mail' section as a side-effect
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
default => 1,
},
greylist => {
default => 1,
},
greylist => {
- description => "Use Greylisting.",
+ description => "Use Greylisting for IPv4.",
type => 'boolean',
default => 1,
},
type => 'boolean',
default => 1,
},
+ greylist6 => {
+ description => "Use Greylisting for IPv6.",
+ type => 'boolean',
+ default => 0,
+ },
helotests => {
description => "Use SMTP HELO tests.",
type => 'boolean',
helotests => {
description => "Use SMTP HELO tests.",
type => 'boolean',
max_smtpd_in => { optional => 1 },
max_smtpd_out => { optional => 1 },
greylist => { optional => 1 },
max_smtpd_in => { optional => 1 },
max_smtpd_out => { optional => 1 },
greylist => { optional => 1 },
+ greylist6 => { optional => 1 },
helotests => { optional => 1 },
tls => { optional => 1 },
tlslog => { optional => 1 },
helotests => { optional => 1 },
tls => { optional => 1 },
tlslog => { optional => 1 },
use Time::Zone;
use PVE::INotify;
use Time::Zone;
use PVE::INotify;
+use PVE::Tools qw($IPV4RE $IPV6RE);
use PVE::SafeSyslog;
use PMG::Utils;
use PVE::SafeSyslog;
use PMG::Utils;
my $pmg_cfg = PMG::Config->new ();
$self->{use_spf} = $pmg_cfg->get('mail', 'spf');
$self->{use_greylist} = $pmg_cfg->get('mail', 'greylist');
my $pmg_cfg = PMG::Config->new ();
$self->{use_spf} = $pmg_cfg->get('mail', 'spf');
$self->{use_greylist} = $pmg_cfg->get('mail', 'greylist');
+ $self->{use_greylist6} = $pmg_cfg->get('mail', 'greylist6');
if ($opt_testmode) {
$self->{use_spf} = 1;
$self->{use_greylist} = 1;
if ($opt_testmode) {
$self->{use_spf} = 1;
$self->{use_greylist} = 1;
+ $self->{use_greylist6} = 1;
}
my $nodename = PVE::INotify::nodename();
}
my $nodename = PVE::INotify::nodename();
- my ($net, $host) = $ip =~ m/(\d+\.\d+\.\d+)\.(\d+)/; # IPv4 for now
- return 'dunno' if !defined($net);
- my $masklen = 24;
+ my $masklen;
+ my $do_greylist = 0;
+ if ($ip =~ m/$IPV4RE/) {
+ $masklen = 24;
+ $do_greylist = $self->{use_greylist};
+ } elsif ($ip =~ m/$IPV6RE/) {
+ $masklen = 64;
+ $do_greylist = $self->{use_greylist6};
+ } else {
+ return 'dunno';
+ }
$self->{cache}->{$instance}->{spf_header_added} = 1;
}
$self->{cache}->{$instance}->{spf_header_added} = 1;
}
- return $res if !$self->{use_greylist};
+ return $res if !$do_greylist;
my $defer_res = "defer_if_permit Service is unavailable (try later)";
my $defer_res = "defer_if_permit Service is unavailable (try later)";