Dominik Csapak [Mon, 25 Feb 2019 09:52:22 +0000 (10:52 +0100)]
Quarantine: reuse raw parameter for non htmlmail formatter
when we download a mail, we want the raw, unmodified header
and content in full size, so we reuse the raw parameter for
json/extjs formatter to get the full email, not only the first 4k
Dominik Csapak [Mon, 18 Feb 2019 16:12:10 +0000 (17:12 +0100)]
improve pmg-email-address regex
the '|' is not necessary since the first option is empty (mitigated by
the minLength of 3) and add the '\' to forbidden characters since
they make problems with browser requests (browsers convert '\' to '/')
Stoiko Ivanov [Mon, 11 Feb 2019 14:43:07 +0000 (15:43 +0100)]
extend `pmgdb dump`
add priority, direction and an active flag to `pmgdb dump` output.
pmgdb dump provides the complete ruleset including all rules and related
objects. The information whether a rule is active and in which direction it
works is necessary to get an overview about the setup for pmg-smtp-filter.
Additionally the priority was explicitly added to the output for easier matching
with the GUI.
Stoiko Ivanov [Mon, 11 Feb 2019 14:43:06 +0000 (15:43 +0100)]
close #1917: add pmg-system-report command
pmg-system-report gathers information about a PMG installation, like
pvereport does for PVE.
The name was chosen because pmgreport is already taken (for the daily
reportmails).
The DNS resolution check uses SpamAssassin's internal DnsResolver, since
SpamAssassin has a few pecularities, e.g. only using the first entry in
/etc/resolv.conf - see [0] and Mail::SpamAssassin::DnsResolver and
spam-detection is abysmal if SpamAssassin cannot resolve RBL-entries.
The SpamAssassin initialization is taken from pmg-smtp-filter (except that
local_tests_only is unconditionally disabled (otherwise it would not do DNS
Resolution).
Stoiko Ivanov [Fri, 8 Feb 2019 10:11:49 +0000 (11:11 +0100)]
add rule's score to pmg-smtp-filter logline
We already log which Spamassassin rules apply to a mail. Given that the scores
depend on configuration and setup (e.g. AWL) writing them in the log provides
a quick overview of Spamassassin performance, and spares admins and support from
having to gather the complete mail just for assessing Spamassessin.
fix #1974: postscreen_stat_graph: go through all entries
When the GUI requests the values for a whole month
containing a DST switch it will request a range a little
longer or shorter than a month, eg. 31.04166 days for
October 2018 in CET.
Since we use integer math to calculate the number of entries
we expect, the database then returns one more value than
expected, and we forget to fill in the last time value.
For example, requesting Oct. 2018 from CET causes the
equivalent of this query:
# pmgsh get /statistics/rejectcount --starttime=1538344800 --endtime=$[1541026800] --timespan=86400
400 Result verification failed
[31].time: property is missing and it is not optional
This also happens when for example taking the working range
for the month and simply subtracting 1 second from the
end-time. Our division will then round down by a day while
the database timestamps still cause that day to be included
in the result.
Dominik Csapak [Wed, 7 Nov 2018 14:47:56 +0000 (15:47 +0100)]
fix #1978: always give encoding/collate explicitly when creating db
already existing clusters still have the wrong encoding,
so if a user has a problem with it, they have to either recreate
the slave db with pmgdb delete && pmgdb init,
or remove the slave and add it again after this patch
add pmg_verify_tls_policy_strict and use it in API
This patch splits the parsing of tls_policies in 2 parts:
While reading we just require a line to start with one of the valid tls_policies,
while writing we only accept one of the policies w/o any attributes.
This should help users, who already have a manually crafted file in place, to
use API-calls for adding/modifying entries.
to handle /etc/pmg/tls_policy via API, using PMG::API2::Transport
as base/inspiration.
This enables PMG to enforce TLS on a per-domain basis.
See http://www.postfix.org/postconf.5.html#smtp_tls_policy_maps and
http://www.postfix.org/TLS_README.html#client_tls_policy for reference.
fix #1876: allow node status for admin/manager/auditors
users can already see the status for the local host
via /config/cluster/status or rrddata on all nodes
so allow them to directly get the status via /nodes/nodename/status
this fixes the permission error on the dashboard in clustered setups
Dominik Csapak [Thu, 1 Mar 2018 15:56:53 +0000 (16:56 +0100)]
fix #1679: do not delete old quarantine mails on cluster creation/join
we did cleanup the non-clustered spool dirs for the quarantines
which meant that if you create a cluster, all quarantine mails
before that point are deleted, but not removed from the database
instead leave the spool dir where it is, so they can be viewed at
least from the node where they got quarantined
Since we have both userid and username in the schema and
both have a minimum length of 4, creating a user named 'foo'
was previously possible because the 'username' property was
not checked. Loading the file back in then failed because at
load time, the username 'foo' was too short.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dominik Csapak [Wed, 31 Jan 2018 10:48:39 +0000 (11:48 +0100)]
fix bug #1643: add port and protocol to spamquarantine config
to change the links in the spamreport, this does not change
on which port/protocol the webinterface listens,
so we do not want to expose those options in the webinterface