Stores your subscription key and status.
+`/etc/pmg/tls_policy`::
+
+TLS policy for outbound connections.
+
`/etc/pmg/transports`::
Message delivery transport setup.
a well known, fast and flexible template processing system. You can
find the default templates in `/var/lib/pmg/templates/`. Please do not
modify them directly, because your modification would get lost on the
-next update. Instead, copy them to `/etc/pmg/templates/`, then apply
-your changes there.
+next update. Instead, copy the template you wish to change to
+`/etc/pmg/templates/`, then apply your changes there.
Templates can access any configuration setting, and you can use the
`pmgconfig dump` command to get a list of all variable names:
# pmgconfig sync --restart 1
----
-Above commands also restarts services if underlying configuration
+The above command also restarts services if the underlying configuration
files are changed. Please note that this is automatically done when
you change the configuration using the GUI or API.
synced from the master node to all cluster members.
+[[pmgconfig_systemconfig]]
System Configuration
--------------------
endif::manvolnum[]
Normally the network and time is already configured when you visit the
-GUI. The installer asks for those setting and sets up the correct
+GUI. The installer asks for those settings and sets up the correct
values.
The default setup uses a single Ethernet adapter and static IP
Mail Proxy Configuration
------------------------
+[[pmgconfig_mailproxy_relaying]]
Relaying
~~~~~~~~
include::pmg.mail-relaying-conf-opts.adoc[]
+[[pmgconfig_mailproxy_relay_domains]]
Relay Domains
~~~~~~~~~~~~~
other domains.
+[[pmgconfig_mailproxy_ports]]
Ports
~~~~~
include::pmg.mail-ports-conf-opts.adoc[]
+[[pmgconfig_mailproxy_options]]
Options
~~~~~~~
include::pmg.mail-options-conf-opts.adoc[]
+[[pmgconfig_mailproxy_transports]]
Transports
~~~~~~~~~~
just single email addresses) of your additional e-mail servers.
+[[pmgconfig_mailproxy_networks]]
Networks
~~~~~~~~
it’s not needed to add them in this list.
+[[pmgconfig_mailproxy_tls]]
TLS
~~~
TLS, {pmg} automatically generates a new self signed
certificate for you (`/etc/pmg/pmg-tls.pem`).
-{pmg} uses opportunistic TLS encryption. The SMTP transaction is
+{pmg} uses opportunistic TLS encryption by default. The SMTP transaction is
encrypted if the 'STARTTLS' ESMTP feature is supported by the remote
-server. Otherwise, messages are sent in the clear.
+server. Otherwise, messages are sent in the clear.
+You can set a different TLS policy per desitination domain, should you for
+example need to prevent e-mail delivery without encryption, or to work around
+a broken 'STARTTLS' ESMTP implementation. See {postfix_tls_readme} for details
+on the supported policies.
Enable TLS logging::
for you) you should always add those servers here.
+[[pmgconfig_spamdetector]]
Spam Detector Configuration
---------------------------
include::pmg.spam-conf-opts.adoc[]
+[[pmgconfig_spamdetector_quarantine]]
Quarantine
~~~~~~~~~~
about the personal spam messages received the last day. That report is
only sent if there are new messages in the quarantine.
+Some options are only available in the config file `/etc/pmg/pmg.conf`,
+and not in the webinterface.
+
include::pmg.spamquar-conf-opts.adoc[]
+[[pmgconfig_clamav]]
Virus Detector Configuration
----------------------------
+[[pmgconfig_clamav_options]]
Options
~~~~~~~
trigger manual updates there.
+[[pmgconfig_clamav_quarantine]]
Quarantine
~~~~~~~~~~
This is only for advanced users. To add or change the Proxmox
{spamassassin} configuration please login to the console via SSH. Go
-to directory `/etc/mail/spamassasin/`. In this directory there are several
+to directory `/etc/mail/spamassassin/`. In this directory there are several
files (`init.pre`, `local.cf`, ...) – do not change them.
To add your special configuration, you have to create a new file and
master node to all cluster members.
+[[pmgconfig_custom_check]]
+Custom Check Interface
+----------------------
+
+For use cases which are not handled by the {pmg} Virus Detector and
+{spamassassin} configuration, advanced users can create a custom check
+executable which, if enabled will be called before the Virus Detector and before
+passing an e-mail through the Rule System. The custom check API is kept as
+simple as possible, while still providing a great deal of control over the
+treatment of an e-mail. Its input is passed via two CLI arguments:
+
+* the 'api-version' (currently `v1`) - for potential future change of the
+ invocation
+
+* the 'queue-file-name' - a filename, which contains the complete e-mail as
+ rfc822/eml file
+
+The expected output need to be printed on STDOUT and consists of two lines:
+
+* the 'api-version' (currently 'v1') - see above
+
+* one of the following 3 results:
+** 'OK' - e-mail is ok
+** 'VIRUS: <virusdescription>' - e-mail is treated as if it contained a virus
+ (the virusdescription is logged and added to the e-mail's headers)
+** 'SCORE: <number>' - <number> is added (negative numbers are also possible)
+ to the e-mail's spamscore
+
+The check is run with a 5 minute timeout - if it is exceeded the check
+executable is killed and the e-mail is treated as OK.
+
+All output written to STDERR by the check is written with priority 'err' to the
+journal/mail.log.
+
+A simple sample script following the API (and yielding a random result) for
+reference:
+
+----
+#!/bin/sh
+
+echo "called with $*" 1>&2
+
+if [ "$#" -ne 2 ]; then
+ echo "usage: $0 APIVERSION QUEUEFILENAME" 1>&2
+ exit 1
+fi
+
+apiver="$1"
+shift
+
+if [ "$apiver" != "v1" ]; then
+ echo "wrong APIVERSION: $apiver" 1>&2
+ exit 2
+fi
+
+queue_file="$1"
+
+echo "v1"
+
+choice=$(shuf -i 0-3 -n1)
+
+case "$choice" in
+ 0)
+ echo OK
+ ;;
+ 1)
+ echo SCORE: 4
+ ;;
+ 2)
+ echo VIRUS: Random Virus
+ ;;
+ 3) #timeout-test
+ for i in $(seq 1 7); do
+ echo "custom checking mail: $queue_file - minute $i" 1>&2
+ sleep 60
+ done
+ ;;
+esac
+
+exit 0
+----
+
+The custom check needs to be enabled in the admin section of `/etc/pmg/pmg.conf`
+
+----
+section: admin
+ custom_check 1
+----
+
+The location of the custom check executable can also be set there with the key
+`custom_check_path` and defaults to `/usr/local/bin/pmg-custom-check`.
+
+
User Management
---------------
User management in {pmg} consists of three types of users/accounts:
+[[pmgconfig_localuser]]
Local Users
~~~~~~~~~~~
For details of the fields see xref:pmg_user_configuration_file[user.conf]
+[[pmgconfig_ldap]]
LDAP/Active Directory
~~~~~~~~~~~~~~~~~~~~~
interface. After that, you can create rules targeting LDAP users and groups.
+[[pmgconfig_fetchmail]]
Fetchmail
~~~~~~~~~