pmg-api.git
2 weeks agodrop bogus comment part master
Thomas Lamprecht [Mon, 18 May 2020 12:33:05 +0000 (14:33 +0200)]
drop bogus comment part

introduced in commit 3ef629651148fffaf52446e56176664b6c948efe highly
probably by mistake, drop that part again.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 weeks agobump version to 6.2-4
Thomas Lamprecht [Thu, 14 May 2020 15:52:06 +0000 (17:52 +0200)]
bump version to 6.2-4

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 weeks agoapi: mail tracker: cleanup strang assginment of declaration pattern
Thomas Lamprecht [Wed, 13 May 2020 11:46:45 +0000 (13:46 +0200)]
api: mail tracker: cleanup strang assginment of declaration pattern

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 weeks agoMailTracker: handle before queue status
Stoiko Ivanov [Thu, 30 Apr 2020 15:01:51 +0000 (17:01 +0200)]
MailTracker: handle before queue status

corresponding to the patch for pmg-log-tracker, we need to translate the
before queue status to 'Accept' + the status of the relayed mail.

Reviewed-By: Mira Limbeck <m.limbeck@proxmox.com>
Tested-By: Mira Limbeck <m.limbeck@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
5 weeks agobump version to 6.2-3
Thomas Lamprecht [Fri, 24 Apr 2020 17:31:55 +0000 (19:31 +0200)]
bump version to 6.2-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 weeks agopmg-system-report: Add mailproxy whitelist
Stoiko Ivanov [Fri, 24 Apr 2020 17:01:02 +0000 (19:01 +0200)]
pmg-system-report: Add mailproxy whitelist

The pmg-system-report should report which objects are whitelisted during
the SMTP-dialog

the 3 files output contain all the information
(see PMG::Config::rewrite_postfix_whitelist) and should be faster than
opening and loading the Database

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
5 weeks agopmg-system-report: add apt sources
Stoiko Ivanov [Fri, 24 Apr 2020 17:01:01 +0000 (19:01 +0200)]
pmg-system-report: add apt sources

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
5 weeks agoAdd pmg-log-tracker to package versions
Stoiko Ivanov [Fri, 24 Apr 2020 17:01:00 +0000 (19:01 +0200)]
Add pmg-log-tracker to package versions

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
5 weeks agobump version to 6.2-3
Thomas Lamprecht [Fri, 24 Apr 2020 16:57:17 +0000 (18:57 +0200)]
bump version to 6.2-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 weeks agoapi tracker: split and order modules
Thomas Lamprecht [Fri, 24 Apr 2020 16:54:58 +0000 (18:54 +0200)]
api tracker: split and order modules

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 weeks agoapi tracker: raise parameter exception if endtime was older than starttime
Thomas Lamprecht [Fri, 24 Apr 2020 16:54:40 +0000 (18:54 +0200)]
api tracker: raise parameter exception if endtime was older than starttime

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 weeks agoAdd logrotate config for pmgproxy.log
Stoiko Ivanov [Fri, 24 Apr 2020 10:06:28 +0000 (12:06 +0200)]
Add logrotate config for pmgproxy.log

to keep the log from growing without end. Rotate monthly and keep 12 logs,
since the logs should not be too large (e.g. a productive instance, with
~20 users using the quarantine and some configuration changes amounts to
108M over 2.5 years)

the logrotate snippet is placed in /etc/logrotate.d/pmg-api by
dh_installlogrotate(1).

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
5 weeks agopmgsync.service: really order before postfix@-.service
Thomas Lamprecht [Fri, 24 Apr 2020 06:59:19 +0000 (08:59 +0200)]
pmgsync.service: really order before postfix@-.service

followup for commit 0c4cf3f2cfa2b40d4fb1ded7501989b884c73eae
which assumed that we can order on templated base units, which we
cannot (at least under the systemd version of buster). So depend on
the actual instance of the main postfix template.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 weeks agobump version to 6.2-2
Thomas Lamprecht [Thu, 23 Apr 2020 19:30:22 +0000 (21:30 +0200)]
bump version to 6.2-2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 weeks agopmgbanner: don't die if getting addr fails but running in container
Thomas Lamprecht [Thu, 23 Apr 2020 19:27:52 +0000 (21:27 +0200)]
pmgbanner: don't die if getting addr fails but running in container

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 weeks agopmgsync.service: order before postfix@.service
Stoiko Ivanov [Thu, 23 Apr 2020 08:21:16 +0000 (10:21 +0200)]
pmgsync.service: order before postfix@.service

pmgsync.service updates the database-schema (pmgdb init) and generates and
updates configuration files from the templates and reloads the respective
services.

When first booting up after installation, it adapts the config from what's
shipped in the default debian packages for the first time.

The postfix configuration is also rendered, including settings where a
restart is necessary (listening on the internal port (26)).

While the unit already starts before postfix.service, the postfix service
files are designed to start multiple instances of postfix via instantiation
(by default postfix@-.service is the single instance (and the service file
which actually starts postfix)).

Since both pmgsync and postfix@- have no ordering relation between them, they
are started in parallel, which leads to postfix starting with the stock config
upon first boot.

Tested by running the installer in debug mode and applying this patch in the
last debug shell.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agobump version to 6.2-1
Thomas Lamprecht [Tue, 21 Apr 2020 18:01:21 +0000 (20:01 +0200)]
bump version to 6.2-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agotest_greylist: remove use of system
Stoiko Ivanov [Tue, 21 Apr 2020 10:43:30 +0000 (12:43 +0200)]
test_greylist: remove use of system

the pmgpolicy daemon started for the tests needs to be stopped (by sending
a SIGTERM).
Instead of resorting to system, use perl's builtin kill.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agoenable policy if greylist6 is enabled
Stoiko Ivanov [Tue, 21 Apr 2020 10:43:29 +0000 (12:43 +0200)]
enable policy if greylist6 is enabled

the usepolicy variable is used by the templateing system to decide whether
pmgpolicy should be asked by postfix and should also be enabled if greylisting
is only active for ipv6.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agobump version to 6.1-9
Thomas Lamprecht [Mon, 20 Apr 2020 15:37:14 +0000 (17:37 +0200)]
bump version to 6.1-9

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agod/control: bump versioned dependency for pmg-docs
Thomas Lamprecht [Mon, 20 Apr 2020 15:33:11 +0000 (17:33 +0200)]
d/control: bump versioned dependency for pmg-docs

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agopmgpolicy: greylist_value: improve indentation of statements
Thomas Lamprecht [Mon, 20 Apr 2020 15:31:19 +0000 (17:31 +0200)]
pmgpolicy: greylist_value: improve indentation of statements

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agoadd tests for greylisting ipv6
Stoiko Ivanov [Mon, 20 Apr 2020 11:22:43 +0000 (13:22 +0200)]
add tests for greylisting ipv6

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agogreylist: make netmasks configurable
Stoiko Ivanov [Mon, 20 Apr 2020 11:22:42 +0000 (13:22 +0200)]
greylist: make netmasks configurable

Instead of hardcoding the netmask used for comparing greylistentries to
the current ip (24 for ipv4 and 64 for ipv6) - make them configurable in
pmg.conf

This should help with some cloud providers who send the same mail with
different ips from a large network - which all get greylisted separately.
In the worst case the sending cloud drops the mail, after it got defered
too often.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agopmgpolicy: add IPv6 support
Stoiko Ivanov [Mon, 20 Apr 2020 11:22:41 +0000 (13:22 +0200)]
pmgpolicy: add IPv6 support

adds a new configuration flag in the 'mail' configuration section to
selectively enable greylisting for IPv6 and leaves its default as false to
maintain backward compatibility.

this change also enables SPF verification of IPv6 addresses if 'spf' is set
in the 'mail' section as a side-effect

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agouse postgres inet functions for greylist matching
Stoiko Ivanov [Mon, 20 Apr 2020 11:22:40 +0000 (13:22 +0200)]
use postgres inet functions for greylist matching

In preparation for adding support for a configurable greylist netmask [0]
and greylisting for ipv6 hosts the width of the IPNet column of the cgreylist
table needs to be extended to 49 [1].

Instead of comparing the first 3 octets of a ipv4 address we store the
complete network definition (i.e. for 192.0.2.127/24 - 192.0.2.0/24)
The last octet is not saved, but written as 0 (the information is not
needed, and not used currently). The generation of the network is done
with postgresql's functions for the inet and cidr datatypes [2,3].

The change of the column width instead of using the inet datatype prevents
errors while syncing or downgrading, although older nodes in a cluster (or
downgraded nodes) will not match new records.

When syncing from a node with old-style data the rows are inserted in the
new format.

Upon upgrade (`pmgdb init` in the postinst script) the data is changed to
the new format and matched for duplicates (in case one node in the cluster
got upgraded and it's contents were synced we should not edit the data
again). This process does cause the Cgreylist table to be scanned, which
takes time linear in the number of rows (e.g. with a test-dataset of
~ 1 million rows the upgrade is blocked for ~50 seconds on an
average testinstallation).
Changing only the column datatype does not lock the table and is almost
instantenous [4].

[0] defining from which neighbors a mail is accepted on the second attempt
[1] INET6_ADDRSTRLEN is 46 + 4 for the netmask ('/128) - \0
[2] https://www.postgresql.org/docs/11/datatype-net-types.html
[3] https://www.postgresql.org/docs/11/functions-net.html
[4] Notes section of https://www.postgresql.org/docs/11/sql-altertable.html

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agotest_greylist: exit pmgpolicy on failed test
Stoiko Ivanov [Mon, 20 Apr 2020 11:22:39 +0000 (13:22 +0200)]
test_greylist: exit pmgpolicy on failed test

kill the pmgpolicy instance started for the tests before dying.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agoadd new What Object 'Match Archive Filename'
Dominik Csapak [Thu, 16 Apr 2020 08:59:40 +0000 (10:59 +0200)]
add new What Object 'Match Archive Filename'

This behaves like the 'ArchiveFilter' to 'ContentTypeFilter', in that
it matches the filenames in archives, as well as the filenames of
attachments (via filename property in the mime header).

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agocollect filenames on unpack
Dominik Csapak [Thu, 16 Apr 2020 08:59:39 +0000 (10:59 +0200)]
collect filenames on unpack

so that we can later match on them

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
7 weeks agobump version to 6.1-8
Thomas Lamprecht [Tue, 14 Apr 2020 08:11:12 +0000 (10:11 +0200)]
bump version to 6.1-8

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 weeks agofreshclam.conf.in: remove ReceiveTimeout option
Stoiko Ivanov [Fri, 3 Apr 2020 17:58:00 +0000 (19:58 +0200)]
freshclam.conf.in: remove ReceiveTimeout option

mirroring the changed default both in upstream [0] and debian [1].
Additionally since the upgrade to clamav 0.102.2 we had a number of reports
from users (both in forum and in our enterprise support), which noticed
that the upgrades don't work due to running into the timeout
(might be related to the use of libcurl in freshclam in 0.102.0)

absence of 'ReceiveTimeout' in freshclam.conf (5)  defaults to 0 (no timeout).

[0] https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
[1] apt changelog clamav-freshclam (for version 0.102.2+dfsg-1)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
7 weeks agofreshclam.conf.in: make ScriptedUpdates a variable
Stoiko Ivanov [Fri, 3 Apr 2020 17:57:59 +0000 (19:57 +0200)]
freshclam.conf.in: make ScriptedUpdates a variable

The 'ScriptedUpdate' setting in freshclam.conf (5) defines whether signature
updates should be fetched incrementally or whether the whole database should
be downloaded.

Since the upgrade of clamav to 0.102.1 led to some problems when downloading
the complete file [0], and some users who switched to incremental updates
later had problems with that, it seems the most comfortable and futureproof
solution is to have a simple way for users to selectively switch to
whichever mechanism works. AFAIR signature downloads of clamav also had
similar problems in previous versions.

Additionally the rendered boolean value was changed from 'yes' to 'true',
to be a bit more consistent with the other booleans in our template.

[0] https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
7 weeks agod/control: add dependecy to ucf
Thomas Lamprecht [Tue, 14 Apr 2020 08:29:33 +0000 (10:29 +0200)]
d/control: add dependecy to ucf

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 weeks agoUse ucf to handle template overrides
Stoiko Ivanov [Wed, 8 Apr 2020 17:40:51 +0000 (19:40 +0200)]
Use ucf to handle template overrides

ucf(1) is a utility to track changes in config files which are not shipped in
the debian package (but e.g. get generated through the postinst script)

While the template overriding mechanism of PMG does not directly write those
config files - users who override a config-file currently need to manually
compare the templates shipped in '/var/lib/pmg/templates' on every upgrade.

By selectively registering the existing template overrides with ucf, users get
asked once upon the next upgrade regarding their changes, and then will
always get prompted when the shipped default template changes.

The alternative of unconditionally registering all templates with ucf, as done
by dh_ucf (1), would copy all templates to /etc/pmg/templates, which I deemed
less elegant.

The postrm script's check for the existance of 'ucf' only should be sufficient,
since the other ucf executables used ('ucfq' and 'ucfr' are all shipped with
the 'ucf' package)

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
[ dropped some extra lines left over from v1 ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 weeks agoSkip writing default ports in spamreports
Stoiko Ivanov [Thu, 2 Apr 2020 17:51:45 +0000 (19:51 +0200)]
Skip writing default ports in spamreports

There is no need to explicitly add ':443' to the authority part of a
https URL (or a ':80' to a http one)..

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
Tested-By: Dominik Csapak <d.csapak@proxmox.com>
8 weeks agopmgqm: remove unused variable
Stoiko Ivanov [Thu, 2 Apr 2020 17:51:44 +0000 (19:51 +0200)]
pmgqm: remove unused variable

noticed while looking over the code - no other occurence of lastref in
the repository - so can safely be dropped.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
Tested-By: Dominik Csapak <d.csapak@proxmox.com>
8 weeks agoLDAPCache: combine ldaps/starttls branches for connect
Dominik Csapak [Fri, 3 Apr 2020 12:29:57 +0000 (14:29 +0200)]
LDAPCache: combine ldaps/starttls branches for connect

they are similar except the setting of the verify options, so
combine them as

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
8 weeks agofix #2661: reintroduce LDAPCache->ldap_connect
Dominik Csapak [Fri, 3 Apr 2020 07:16:27 +0000 (09:16 +0200)]
fix #2661: reintroduce LDAPCache->ldap_connect

this was removed and integrated into ldap_connect_and_bind, but
we used it outside in LDAPSet.pm

so reintroduce it again

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 months agoAdd tls options for lmtp to main.cf template
Stoiko Ivanov [Wed, 18 Mar 2020 10:23:46 +0000 (11:23 +0100)]
Add tls options for lmtp to main.cf template

With the addition of supporting lmtp as downstream server, we should also
set the relevant configuration options if TLS support is enabled.
(postfix does not use the smtp settings for lmtp)

Tested by sending a few mails to a downstream lmtp-server (dovecot)
and comparing the traffic with tcpdump/wireshark

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agoTLSPolicy: rename domain to destination
Stoiko Ivanov [Wed, 18 Mar 2020 10:23:45 +0000 (11:23 +0100)]
TLSPolicy: rename domain to destination

TLS policies are applied to destinations - for the outbound case these are
domains. However when setting a policy for a next-hop destination the
property name 'domain' is misleading, and should be renamed to 'destination'

In order to maintain backward compatibility in the API, we need to keep the
'domain' property in all return defintions, and also accept it (or the new
'destination') for the create call (all other calls get the destination from
the path)

the create call warns of the deprecation  if the domain property is provided
(which ends up in the journal), but still works.

We can then get rid of the 'domain' property with the release of PMG 7.0

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agofix #1948: allow setting TLS policy for transports
Stoiko Ivanov [Wed, 18 Mar 2020 10:23:44 +0000 (11:23 +0100)]
fix #1948: allow setting TLS policy for transports

As described in postfix TLS Readme [0] the key of the tls_policy table need
not be a destination domain - it can also contain an entry from the transport
table.

By adding a new format, which matches the current format of 'transport-domain'
and additionally the possible values for a smtp/lmtp next-hop (see `man smtp`)
users can now also set a stricter tls policy for their configured downstream
servers (e.g. to enforce TLS, or to disable it, if the downstream server's
TLS implementation is broken).

Tested locally by sending mails to a downstream server with policy 'may' set
(STARTTLS is used), and 'none' (mail goes unecrypted) - verified with tcpdump.

If a next-hop is provided it needs to be literally the same entry as present
in the transport table (w/o the 'smtp:' or 'lmtp:inet:' prefix) - i.e.
it is significant if the entry is enclosed in brackets, or if the (defacto
optional) 'ipv6:' prefix is present in the transport entry.

[0] http://www.postfix.org/TLS_README.html#client_tls_policy

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agoallow for optional 'ipv6:' prefix in transports
Stoiko Ivanov [Wed, 18 Mar 2020 10:23:43 +0000 (11:23 +0100)]
allow for optional 'ipv6:' prefix in transports

according to the smtp(8) and transport(5) manuals literal ipv6 addresses must
be written as '[ipv6:2001:db8::ff]', in accordance with rfc2821 [0].

Postfix does work irrespective of this prefix (as it has been working until
now), but we should allow for administrators to enter the addresses with the
prefix present.

[0] http://www.postfix.org/IPV6_README.html

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agoconfig write_transport_map: code cleanup
Thomas Lamprecht [Tue, 24 Mar 2020 12:29:54 +0000 (13:29 +0100)]
config write_transport_map: code cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agofix rendering of ipv(4|6) literal lmtp transports
Stoiko Ivanov [Wed, 18 Mar 2020 10:23:42 +0000 (11:23 +0100)]
fix rendering of ipv(4|6) literal lmtp transports

While reviewing support for lmtp as transport one thing I forgot to
test was adding a lmtp-transport pointing to an IPv6 address.

Using the use_mx flag (which only makes sense for domain-names) to
provide the information of whether the next-hop/hostname should be
written out in square brackets or not is a bit confusing, and leads
to ambiguous results when providing ipv6 literal addresses:
> host: 2001:db8:25::25
> port: 24
> gets rendered as
> lmtp:inet:2001:db8:25::25:24

Which postfix oddly enough parses 'correctly'; postfix splits on ':'
and uses the last part as port. For ip4 literals and dns-names this
works for ip6 literals it only works if you provide a port so it
makes more sense to always write ip(4|6) literals in brackets

By introducing a explicit flag "$bracket_host" and reordering the
conditions lmtp and smtp entries get rendered correctly (see `man
smtp`).

Additionally fixes an indentation glitch in read_transport_map.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agopmgspamreport: purge before sending reports
Stoiko Ivanov [Thu, 19 Mar 2020 13:02:27 +0000 (14:02 +0100)]
pmgspamreport: purge before sending reports

By cleaning the quarantine (database and files in spool directory), before
trying to send out mail we can prevent the file-system and database from
filling up because of an unrelated problem in sending out mails.

Originally discovered while analyzing why the quarantine spooldir on a
non-master node fills up, while being limted in size on the master-node:
the call to send out the reports errored out, because the node was not master.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agopmgqm: warn if not running on master
Stoiko Ivanov [Thu, 19 Mar 2020 13:02:26 +0000 (14:02 +0100)]
pmgqm: warn if not running on master

pmgqm should exit when running on a non-master node (instead of e.g. sending
out spam report mails multiple times).
However this condition should not be an error - a warning printed should
suffice.

changing the die to warn + return in the calls for 'status' and 'send'
achieves this effect.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agofix die statement in CLI/pmgqm
Stoiko Ivanov [Thu, 19 Mar 2020 13:02:25 +0000 (14:02 +0100)]
fix die statement in CLI/pmgqm

a '\' was forgotten before the final 'n' - making the error message also
print filename and linenumber.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
2 months agobump version to 6.1-7
Thomas Lamprecht [Mon, 9 Mar 2020 17:21:51 +0000 (18:21 +0100)]
bump version to 6.1-7

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoapi/quarantine: add deprecation fixme for old delete b/w-list entries endpoints
Thomas Lamprecht [Mon, 9 Mar 2020 17:11:34 +0000 (18:11 +0100)]
api/quarantine: add deprecation fixme for old delete b/w-list entries endpoints

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoapi/quarantine: mention that one can pass comma-separated list as addresses
Thomas Lamprecht [Mon, 9 Mar 2020 17:10:40 +0000 (18:10 +0100)]
api/quarantine: mention that one can pass comma-separated list as addresses

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoapi/quarantine: add safer endpoint for user white/blacklist address deletion
Dominik Csapak [Mon, 9 Mar 2020 11:18:16 +0000 (12:18 +0100)]
api/quarantine: add safer endpoint for user white/blacklist address deletion

having the entry as part of the url causes many problems since it can
contain special characters like '/.,' etc., and that can break API
call path-to-method resolution.

Passing it as parameter makes it easier for callers (frontends) and
safer for backend to use

Note that the new api calls overwrites the parameter pattern with '',
so no formatting limits for the entries

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[ Thomas: improved commit message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agod/control: bump versioned dependency of pve-common
Thomas Lamprecht [Mon, 9 Mar 2020 16:36:54 +0000 (17:36 +0100)]
d/control: bump versioned dependency of pve-common

The registration of the 'ldap-simple-attr' format moved over to
pve-common, ensure it's available.

Not a build-depends as section config formats are not checked
currently.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoremove ldap-simple-attr
Dominik Csapak [Fri, 6 Mar 2020 10:05:47 +0000 (11:05 +0100)]
remove ldap-simple-attr

which is now in pve-common

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 months agoAPI: access: whitespace cleanup
Thomas Lamprecht [Mon, 9 Mar 2020 11:16:28 +0000 (12:16 +0100)]
API: access: whitespace cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agopmgsh: fix 'help' command
Dominik Csapak [Mon, 9 Mar 2020 09:24:46 +0000 (10:24 +0100)]
pmgsh: fix 'help' command

we changed the RESTEnvironment a while ago to not have the 'hidepw'
parameter anymore, so remove it in pmgsh as well

this fixes executions of 'pmgsh help /path'

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 months agocheck if img tag has actually a 'src' attribute
Dominik Csapak [Wed, 4 Mar 2020 08:42:34 +0000 (09:42 +0100)]
check if img tag has actually a 'src' attribute

otherwise the journal gets flooded with

  Use of uninitialized value in pattern match (m//) [...]

when the user opens a preview which contains img tags without src attribute

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 months agod/control: bump versioned dependency to pve-common
Thomas Lamprecht [Sat, 7 Mar 2020 18:57:04 +0000 (19:57 +0100)]
d/control: bump versioned dependency to pve-common

to ensure we've the new LDAP module available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agouse new PVE::LDAP instead of Net::LDAP directly
Dominik Csapak [Fri, 6 Mar 2020 10:05:46 +0000 (11:05 +0100)]
use new PVE::LDAP instead of Net::LDAP directly

for things like connecting/binding/etc.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 months agofix #2525: encode notifications in UTF-8
Stoiko Ivanov [Mon, 24 Feb 2020 18:16:48 +0000 (19:16 +0100)]
fix #2525: encode notifications in UTF-8

the Notify action is one of the places where we already encode the data as
UTF-8, before writing it to the DB (and decoding it when reading).

as laid out in rt.cpan.org [0] Mime::Body does expect encoded bytes, and not
perl characters.

Tested by creating a notification with the body supplied in #2591 (which is a
duplicate of #2525) and additionally with cyrillic characters in the subject.

A minimal test case is a body consisting of a Euro sign (since its Unicode
codepoint is larger than one byte).

Should the table contain invalid UTF-8 sequences (AFAIU only possible by
direct DB-manipulation) the byte gets replaced with \x{fffd} (Unicode
replacement character).

[0] https://rt.cpan.org/Public/Bug/Display.html?id=105377#txn-1762112

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agofix #2622: include all spam levels in total spam statistic
Dominik Csapak [Tue, 3 Mar 2020 08:33:35 +0000 (09:33 +0100)]
fix #2622: include all spam levels in total spam statistic

by using 'LIMIT 10' for the spamlevels, we only got the first
10 spamlevels back from the database. This is only ok if there are
only <= 10 different spamlevels in the database, but not if there are
more, as then the bucket for spamlevel >= 10 missed entries.

The call site of this uses the combined spam count of this query
result for calculating the 'rest' (meaning the mails with spam level
0), but this is obviously wrong if not all spamlevels are counted so
simply return all available levels.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 months agobump version to 6.1-6
Wolfgang Bumiller [Fri, 28 Feb 2020 10:32:39 +0000 (11:32 +0100)]
bump version to 6.1-6

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agoadd pmg-smtp-filter ID to reply
Mira Limbeck [Tue, 18 Feb 2020 15:36:40 +0000 (16:36 +0100)]
add pmg-smtp-filter ID to reply

For the pmg-log-tracker to match the pmg-smtp-filter on a reject, we
need some kind of information. With the addition of the pmg-smtp-filter
ID we can match it the same way we do for an accept.

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agoreplace lookup_node_ip with get_ip_from_hostname from pve-common
Thomas Lamprecht [Fri, 21 Feb 2020 13:08:41 +0000 (14:08 +0100)]
replace lookup_node_ip with get_ip_from_hostname from pve-common

besides some irrelevant implementation details 'lookup_node_ip' is
identical to pve-common's get_ip_from_hostname, as they both rely on
'PVE::Tools::getaddrinfo_all' to get the addresses. So just reuse
the one from common instead of shipping a copy here.

The pve-common's one was recently improved by checking not only the
first IP it gets from getaddrinfo_all, but all and only complain if
none of those is a "real WAN (non-local)" IP. This will help
container installations of PMG with DHCP as their network
configuration option, as those often also have a hosts entry from
hostname to loopback addresses. Also, static setups often have both,
WAN and loopback addresses in /etc/hosts - as getaddrinfo_all gives
use them all do not just check the first.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agopveversion: track clamav and postgres version
Thomas Lamprecht [Wed, 12 Feb 2020 08:16:23 +0000 (09:16 +0100)]
pveversion: track clamav and postgres version

use postgres-11 as we depend on that one explicitly in d/control too,
so on upgrade we need to adapt it there too anyway.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoapi/apt: sort package list
Thomas Lamprecht [Wed, 12 Feb 2020 08:16:00 +0000 (09:16 +0100)]
api/apt: sort package list

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agobump version to 6.1-5
Thomas Lamprecht [Wed, 29 Jan 2020 20:33:59 +0000 (21:33 +0100)]
bump version to 6.1-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agod/control: bump versioned dependency to libpve-http-server-perl
Thomas Lamprecht [Wed, 29 Jan 2020 20:31:13 +0000 (21:31 +0100)]
d/control: bump versioned dependency to libpve-http-server-perl

for new extract_auth_value method which replaces extract_auth_cookie,
and change of auth_handler signature.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agoensure compatibility with libpve-http-server-perl
Fabian Grünbichler [Tue, 21 Jan 2020 12:54:30 +0000 (13:54 +0100)]
ensure compatibility with libpve-http-server-perl

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
4 months agofix postfix template for before-queue filtering
Stoiko Ivanov [Mon, 27 Jan 2020 14:40:13 +0000 (15:40 +0100)]
fix postfix template for before-queue filtering

Introducing before-queue support in e0cbdf9fc98178f97223922f305cc19d6d29262d
missed adapting the relevant settings in the template for 'main.cf'.

Since the settings were overridden in the smtpd instances the error only
shows for locally generated mail (e.g. from cronjobs):

```
warning: connect to transport private/scan: Connection refused
```

Instead of globally setting 'smtpd_proxy_filter' (and associated options) in
'main.cf', as is done for 'content_filter' (for afterqueue filtering), this
patch removes the global 'content_filter' setting. This is done since
'smtp_proxy_filter' only applies to smtp sessions [0] and all incoming smtpd
processes get the setting in 'master.cf.in'.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
[0] see http://www.postfix.org/SMTPD_PROXY_README.html - the proxy speaks
smtp, and it's answers are sent to the sending server.

4 months agod/control: bump versioned dependency for 6.0-11
Thomas Lamprecht [Tue, 28 Jan 2020 20:22:39 +0000 (21:22 +0100)]
d/control: bump versioned dependency for 6.0-11

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agoAPI2: Network: add vlan-raw-device && vlan-id options
Alexandre Derumier [Tue, 28 Jan 2020 10:24:32 +0000 (11:24 +0100)]
API2: Network: add vlan-raw-device && vlan-id options

Same than pve-manager

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
4 months agobump version to 6.1-4
Thomas Lamprecht [Thu, 23 Jan 2020 12:20:21 +0000 (13:20 +0100)]
bump version to 6.1-4

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agofix #1653: parse ipv6 xforward correctly
Dominik Csapak [Wed, 22 Jan 2020 13:26:29 +0000 (14:26 +0100)]
fix #1653: parse ipv6 xforward correctly

postfix prepends an ipv6 address in the xforward message with 'IPv6:'
we did not remove it and our later checks in who objects fail silently.

we now check if the addr is prefixed with this and remove it to
allow the who objects to work.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
4 months agofix disclaimer encoding for html entities
Dominik Csapak [Fri, 17 Jan 2020 09:52:47 +0000 (10:52 +0100)]
fix disclaimer encoding for html entities

we also want to encode the disclaimer for text/html parts and not
only for text/plain. while doing this, combine those two cases,
as they differ only by the variable to be encoded

this also fixes a missing charset, which we would ignore, but
should actually be treated as US-ASCII[0] so that an ascii disclaimer
still gets appended

the only (non-rfc-compliant) use case this breaks is if:
* the part has no charet defined (unusual)
* the clients of both the sender and receiver treat a missing charset
  as 'iso-8859-1' (non-rfc-compliant)
* the disclaimer contains characters from 'iso-8859-1' and was added
  to the pmg before encoding this to utf-8 (unlikely)

so i think we can ignore that case

0: https://tools.ietf.org/html/rfc1521

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
4 months agodkim: add selector list api call
Stoiko Ivanov [Tue, 14 Jan 2020 18:31:35 +0000 (19:31 +0100)]
dkim: add selector list api call

The fix for #2504 left the GUI with an unsatisfactory UX:
Users can change the selector to any newly created or existing one, but
don't know which ones exist (without looking on the commandline)

By adding a method under '/config/dkim/selectors' which lists all existing
files matching the pattern '/etc/pmg/dkim/.*\.private' the GUI can display
all currently existing selectors.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
4 months agofix #2504: do not overwrite existing selector key
Stoiko Ivanov [Tue, 14 Jan 2020 18:31:34 +0000 (19:31 +0100)]
fix #2504: do not overwrite existing selector key

This patch changes the behavior of DKIM selector creation. Instead of blindly
overwriting an already present file, add a force parameter to overwrite it (and
behave like the current code).

Overwriting an existing selector can potentially be quite destructive (e.g.
a setup where the admin has already posted the DNS-record for one selector to
many domains, then wants to quickly experiment with a larger keysize, and tries
to go back to the existing behavior).

The new behavior without force set to true, when a private key for the selector
already exists is to die if the file is either not a private RSA key, or has
the wrong size, or else just set the selector in pmg.conf

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
4 months agoapi2 : network : add mtu
Alexandre Derumier [Thu, 9 Jan 2020 13:25:15 +0000 (14:25 +0100)]
api2 : network : add mtu

min 1280 to handle ipv6 && ipv4
max 65520 (infinibad support it)

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
4 months agoapi2: network: add bond-primary option
Alexandre Derumier [Thu, 9 Jan 2020 13:25:14 +0000 (14:25 +0100)]
api2: network: add bond-primary option

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
4 months agod/control: bump version dependency to doc-generator
Thomas Lamprecht [Fri, 10 Jan 2020 10:48:07 +0000 (11:48 +0100)]
d/control: bump version dependency to doc-generator

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agowrite_transport_map: code cleanup
Thomas Lamprecht [Fri, 10 Jan 2020 10:43:46 +0000 (11:43 +0100)]
write_transport_map: code cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Originally-by: Stoiko Ivanov <s.ivanov@proxmox.com>
4 months agofollowup: indentation and description improvement
Thomas Lamprecht [Fri, 10 Jan 2020 10:43:14 +0000 (11:43 +0100)]
followup: indentation and description improvement

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Originally-by: Stoiko Ivanov <s.ivanov@proxmox.com>
4 months agoFeature #2438 add support for lmtp delivery to downstream servers
Julian Zehnter [Sun, 5 Jan 2020 14:53:07 +0000 (15:53 +0100)]
Feature #2438 add support for lmtp delivery to downstream servers

new feature lmtp support for simplifying setups
with lmtp capable downstream servers (e.g. dovecot)
Postfix support lmtp out of the box and can now deliver
mails directly to internal mailbox servers without
one more smtp connection

extending the api code for new lmtp option:
Config.pm:
Adding new variable "relayprotocol"
Extending the read_transport_map & write_transport_map
for parsing the /etc/pmg/transport

Transport.pm:
Add new protcol varialbe for smtp/lmtp setting
Generalizing some "SMTP" keywords

Templates:
Adapting the main.cf templates for adding the lmtp keyword

Signed-off-by: Julian Zehnter <pmg-devel@j-z.it>
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>
6 months agobump version to 6.1-3
Thomas Lamprecht [Thu, 28 Nov 2019 10:35:58 +0000 (11:35 +0100)]
bump version to 6.1-3

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agopmgproxy: implement cache workaround
Dominik Csapak [Thu, 28 Nov 2019 10:22:43 +0000 (11:22 +0100)]
pmgproxy: implement cache workaround

we include the version of the packages in the temlate, so that
we  can tell the browser that the file has changed and thus preventing
to load an old gui js file
the index template has to add the version to the get parameter

this is the same logic we use as in PVEs pveproxy

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
6 months agobump version to 6.1-2
Thomas Lamprecht [Fri, 22 Nov 2019 11:38:55 +0000 (12:38 +0100)]
bump version to 6.1-2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agoDon't add DKIM signature without domain
Stoiko Ivanov [Fri, 22 Nov 2019 09:40:57 +0000 (10:40 +0100)]
Don't add DKIM signature without domain

When the DKIMSign module fails to determine the domain for signing
(the one added to the header and used for retrieving the publickey record)
the code logs that no signing will take place, but only does not set the
domain - resulting in a generated and added signature with domain 'example.com'

Fixed by returning the success-status from signing_domain and only signing if
it was successful.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 months agomake clean: ignore non-existing PMG/pmgcfg.pm
Thomas Lamprecht [Tue, 19 Nov 2019 12:37:39 +0000 (13:37 +0100)]
make clean: ignore non-existing PMG/pmgcfg.pm

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agobump version to 6.1-1
Thomas Lamprecht [Tue, 19 Nov 2019 10:46:48 +0000 (11:46 +0100)]
bump version to 6.1-1

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agocreate pmg-scores.cf unconditionally
Stoiko Ivanov [Mon, 18 Nov 2019 09:03:17 +0000 (10:03 +0100)]
create pmg-scores.cf unconditionally

with the recent addtion of adjustable SA-rule scores, we introduced
'/etc/mail/spamassassin/pmg-scores.cf' as a new file and included it in the
cluster synchronization.

If the file does not exist the `rsync` command complains leading to misleading
errors in the journal.

Unconditionally creating the file (like we do for the already existing
'custom.cf') removes the warnings.

Reported-by: Martin Maurer <martin@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 months agoremove wronlgy commited test code again
Thomas Lamprecht [Fri, 15 Nov 2019 14:57:09 +0000 (15:57 +0100)]
remove wronlgy commited test code again

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agoclean: also cleanup generated pmgcfg
Thomas Lamprecht [Fri, 15 Nov 2019 13:02:21 +0000 (14:02 +0100)]
clean: also cleanup generated pmgcfg

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agobump version to 6.0-10
Thomas Lamprecht [Fri, 15 Nov 2019 12:10:04 +0000 (13:10 +0100)]
bump version to 6.0-10

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agod/control: bump versioned dependency of doc-gen
Thomas Lamprecht [Fri, 15 Nov 2019 12:08:17 +0000 (13:08 +0100)]
d/control: bump versioned dependency of doc-gen

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agoConfig: Add 'ndr_on_block' to $pmg_service_params
Stoiko Ivanov [Fri, 15 Nov 2019 10:41:15 +0000 (11:41 +0100)]
Config: Add 'ndr_on_block' to $pmg_service_params

The ndr_generation happens inside pmg-smtp-filter, so a change to that setting
should trigger a reload of pmg-smtp-filter.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 months agosync custom spamassassin scores to the slaves
Dominik Csapak [Thu, 14 Nov 2019 11:18:54 +0000 (12:18 +0100)]
sync custom spamassassin scores to the slaves

and set force_restart for pmg-smtp-filter to 1, so that it gets
restarted on the slaves as well

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
6 months agoadd SACustom Package and API Calls for custom SpamAssassin scores
Dominik Csapak [Thu, 14 Nov 2019 11:18:53 +0000 (12:18 +0100)]
add SACustom Package and API Calls for custom SpamAssassin scores

this uses our INotify interface to parse and write a custom sa config
in /etc/mail/spamassassin/pmg-scores.cf with a shadow file in
/var/cache/pmg-scores.cf (to track the diff)

add also api calls to create a new/delete/edit/revert/apply those custom
rules

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
6 months agoimplement force_restart for cluster sync
Dominik Csapak [Thu, 14 Nov 2019 11:18:52 +0000 (12:18 +0100)]
implement force_restart for cluster sync

the 'force_restart' hash was unused, but it is actually necessary to
restart the pmg-smtp-filter if the custom.cf has changed

use it for saving the daemon name that needs to be restarted, this
way we can reuse it in the future to force restart other daemons
or for different reasons if we need to

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
6 months agoadd support for before queue filtering
Stoiko Ivanov [Thu, 14 Nov 2019 16:35:07 +0000 (17:35 +0100)]
add support for before queue filtering

Support for rejecting mails during the SMTP-dialog with 550 (permanent failure)
instead of seemingly accepting the mail (250 OK) and dropping it if it is
rejected by the rule-system is also known as 'before queue filtering' [0].

This patch adds minimal support for before queue filtering to pmg-smtp-filter.

Since pmg-smtp-filter is currently called via LMTP (and the 'scan' service in
'master.cf') we can adapt the already existing branch dealing with SMTP to
send a 550 selectively.

We can reply with 554 (permfail) if all recepients are blocked.

In the case that some accept the mail, we reply with 250 OK.
Depending on the setting of 'ndr_on_block' we generate ndrs
for all blocking recepients. (This is also the behavior that postfix
has when not enabling receiver verification and the downstream server rejects
recepients).

Configuration of before-queue filtering is done via the
'before_queue_filtering' boolean in the 'mail' section of 'pmg.conf':

the before_queue_filtering flag is used when rendering '/etc/postfix/master.cf'
to adapt the needed config-options for both, inbound and outbound, smtpd
servers. The settings were adapted from [0].

[0] http://www.postfix.org/SMTPD_PROXY_README.html

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 months agoadd support for sending NDRs on Block
Stoiko Ivanov [Thu, 14 Nov 2019 16:35:06 +0000 (17:35 +0100)]
add support for sending NDRs on Block

This patch adds a flag to the mail-section of pmg.conf - 'ndr_on_block',
defaulting to false.

If enabled pmg-smtp-filter replies with 554 (permanent fail) for the recipient
who blocked the mail.

Since pmg-smtp-filter is currently called with LMTP it can respond with a
separate code for each recipient. Postfix records the answers and generates
and sends the NDR to the sender.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 months agoadd generate_ndr to PMG::SMTP
Stoiko Ivanov [Tue, 12 Nov 2019 14:16:13 +0000 (15:16 +0100)]
add generate_ndr to PMG::SMTP

In order to selectively accept and reject mails when multiple recipients
are present for a mail, without silently dropping mails to certain recipients
the sender needs to be informed about those recipients which did not receive
the mail (via a non-delivery report - NDR).

The format of delivery status notifications (of which an ndr is a subset) is
specified in RFC 6522 [0]. The format for the 'message/delivery-status'
MIME-Type is specified in RFC 6533 [1]

The message text was adapted from Postfix' default bounce-messages, however
we do not attach the original mail to the report. This is acceptable by [0]
and makes sense (not sending mail, which is likely spam or a virus, back to the
(potentially faked) sender).

[0] https://tools.ietf.org/html/rfc6522
[1] https://tools.ietf.org/html/rfc6533

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>