From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id F09D972B27
for <pmg-devel@lists.proxmox.com>; Wed, 16 Jun 2021 13:10:33 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id DB74310D39
for <pmg-devel@lists.proxmox.com>; Wed, 16 Jun 2021 13:10:03 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id D5C6210D2B
for <pmg-devel@lists.proxmox.com>; Wed, 16 Jun 2021 13:10:02 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A76304405C
for <pmg-devel@lists.proxmox.com>; Wed, 16 Jun 2021 13:10:02 +0200 (CEST)
To: Stoiko Ivanov <s.ivanov@proxmox.com>, pmg-devel@lists.proxmox.com
References: <20210517140257.3449-1-s.ivanov@proxmox.com>
From: Dominik Csapak <d.csapak@proxmox.com>
Message-ID: <ff48b18e-cbaa-ddc8-3d3c-7be483722c1b@proxmox.com>
Date: Wed, 16 Jun 2021 13:10:01 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <20210517140257.3449-1-s.ivanov@proxmox.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.965 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
NICE_REPLY_A -0.095 Looks like a legit reply (A)
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
information. [pmgqm.pm]
Subject: Re: [pmg-devel] [PATCH pmg-api] fix #2013 spamreport: remove ticket
if authmode is ldap
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
<pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2021 11:10:34 -0000
Looks good and works like intended, setting the authmode to
ldap does not include the ticket anymore
just want to comment that this is now the opposite behaviour
of pmg <= 4 where setting authmode to ldap would not
change the template, but not accept quarantine tickets anymore
(which we should *probably* also do, since there may be
some valid tickets around; but this can be a separate patch)
Reviewed-By: Dominik Csapak <d.csapak@proxmox.com>
Tested-By: Dominik Csapak <d.csapak@proxmox.com>
On 5/17/21 4:02 PM, Stoiko Ivanov wrote:
> Currently the 'authmode' setting for the spamquarantine is not used
> anywhere. According to documentation setting it to 'ldap' should allow
> access to the quarantine only with ldap credentials.
>
> This patch addresses the issue by not generating a quarantineticket,
> and adapting all links accordingly if the authmode is 'ldap'.
>
> tested by changing the authmode and running
> `pmgqm send -receiver <email-address> -debug 1`
>
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
> src/PMG/CLI/pmgqm.pm | 21 ++++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/src/PMG/CLI/pmgqm.pm b/src/PMG/CLI/pmgqm.pm
> index 39253db..1e21bf0 100755
> --- a/src/PMG/CLI/pmgqm.pm
> +++ b/src/PMG/CLI/pmgqm.pm
> @@ -70,8 +70,12 @@ sub get_item_data {
> $item->{file} = $ref->{file};
>
> my $basehref = "$data->{protocol_fqdn_port}/quarantine";
> - my $ticket = uri_escape($data->{ticket});
> - $item->{href} = "$basehref?ticket=$ticket&cselect=$item->{id}&date=$item->{date}";
> + if ($data->{authmode} ne 'ldap') {
> + my $ticket = uri_escape($data->{ticket});
> + $item->{href} = "$basehref?ticket=$ticket&cselect=$item->{id}&date=$item->{date}";
> + } else {
> + $item->{href} = "$basehref?cselect=$item->{id}&date=$item->{date}";
> + }
>
> return $item;
> }
> @@ -229,6 +233,8 @@ __PACKAGE__->register_method ({
> $protocol_fqdn_port .= ":$port";
> }
>
> + my $authmode = $cfg->get ('spamquar', 'authmode') // 'ticket';
> +
> my $global_data = {
> protocol => $protocol,
> port => $port,
> @@ -238,6 +244,7 @@ __PACKAGE__->register_method ({
> timespan => $timespan,
> items => [],
> protocol_fqdn_port => $protocol_fqdn_port,
> + authmode => $authmode,
> };
>
> my $mailfrom = $cfg->get ('spamquar', 'mailfrom') //
> @@ -306,9 +313,13 @@ __PACKAGE__->register_method ({
> $mailcount = 0;
>
> $data->{pmail} = $creceiver;
> - $data->{ticket} = PMG::Ticket::assemble_quarantine_ticket($data->{pmail});
> - my $esc_ticket = uri_escape($data->{ticket});
> - $data->{managehref} = "$protocol_fqdn_port/quarantine?ticket=${esc_ticket}";
> + $data->{managehref} = "$protocol_fqdn_port/quarantine";
> + if ($data->{authmode} ne 'ldap') {
> + $data->{ticket} = PMG::Ticket::assemble_quarantine_ticket($data->{pmail});
> + my $esc_ticket = uri_escape($data->{ticket});
> + $data->{managehref} .= "?ticket=${esc_ticket}";
> + }
> +
> }
>
> push @{$data->{items}}, get_item_data($data, $ref);
>