Re: [pmg-devel] [PATCH pmg-api/gui] add quarantine self service button

[Stoiko Ivanov <s.ivanov@proxmox.com>]

Thanks for implementing this - many of our community will be happy!

Regarding the complete series:
applied the patch and tested it on my setup - works as advertised:
Reviewed-By: Stoiko Ivanov <s.ivanov@proxmox.com>
Tested-By: Stoiko Ivanov <s.ivanov@proxmox.com>

Have a few small nits/suggestions (will comment on the individual patches)
but those can be addressed later.



On Tue, 17 Nov 2020 09:05:09 +0100
Dominik Csapak <d.csapak@proxmox.com> wrote:

> adds an option/api call to request an quarantine link for an
> email whose domain is in the relay domains
> 
> for now, we do not expose that option to the ui, but this can easily be
> added if wanted
> 
> NOTES on security:
> 
> this adds a world reachable api call, that can potentially send e-mails
> to users that belong to a relay domain
> 
> this is ok, since anybody can already send e-mails to the users
> via normal smtp, and since the content of the e-mail cannot be
> controlled, the only thing a potential attacker can do is a dos attack
> (which can always be done via resource exhaustion, e.g. send a lot of mail)
> 
> we could add more checks to make it more secure, but not so convenient:
> * add an option for a admin-settable shared secret that users must enter
>   (makes it harder for the user to self-service, since the user has to
>   know the secret)
> * only allow it from 'trusted networks' (this makes probably no sense)
> * add an option to allow it from a specific subnet (similar to above,
>   but seperate from mail flow, which could make sense, but is also
>   not as convenient)
> 
> for now all text is hardcoded, templates could be used later on
> (if users want that)
> 
> also i am open for alternate wordings for all texts, i basically chose
> what came to mind first...
> 
> pmg-api:
> 
> Dominik Csapak (3):
>   refactor domain_regex to Utils
>   add 'quarantinelink' to admin config
>   api2/quarantine: add global sendlink api call
> 
>  src/PMG/API2/Quarantine.pm  | 87 +++++++++++++++++++++++++++++++++++++
>  src/PMG/CLI/pmgqm.pm        | 29 +------------
>  src/PMG/Config.pm           |  6 +++
>  src/PMG/HTTPServer.pm       |  1 +
>  src/PMG/Service/pmgproxy.pm |  4 ++
>  src/PMG/Utils.pm            | 26 +++++++++++
>  6 files changed, 126 insertions(+), 27 deletions(-)
> 
> pmg-gui:
> 
> Dominik Csapak (1):
>   add 'Request Quarantine Link' Button to LoginView
> 
>  js/LoginView.js   | 33 +++++++++++++++++++++++++++++++++
>  pmg-index.html.tt |  3 ++-
>  2 files changed, 35 insertions(+), 1 deletion(-)
>