From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with UTF8SMTPS id 62923606F5 for ; Tue, 17 Nov 2020 16:53:07 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with UTF8SMTP id 5652A1328F for ; Tue, 17 Nov 2020 16:53:07 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with UTF8SMTPS id 23D5913280 for ; Tue, 17 Nov 2020 16:53:06 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with UTF8SMTP id E507D43772; Tue, 17 Nov 2020 16:53:05 +0100 (CET) To: Thomas Lamprecht , pmg-devel@lists.proxmox.com References: <20201117145743.10561-1-d.csapak@proxmox.com> <526e7bd6-7108-0034-a9a9-58d2481d1174@proxmox.com> From: Dominik Csapak Message-ID: <073e4e3c-fc11-7ea0-d754-1abc20e59bd5@proxmox.com> Date: Tue, 17 Nov 2020 16:53:05 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Thunderbird/83.0 MIME-Version: 1.0 In-Reply-To: <526e7bd6-7108-0034-a9a9-58d2481d1174@proxmox.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.346 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [utils.pm, pmgqm.pm, config.pm, quarantine.pm, html.tt, httpserver.pm, pmgproxy.pm] Subject: Re: [pmg-devel] [PATCH pmg-api/gui] add quarantine self service button X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 15:53:07 -0000 On 11/17/20 4:29 PM, Thomas Lamprecht wrote: > On 17.11.20 15:57, Dominik Csapak wrote: >> adds an option/api call to request an quarantine link for an >> email whose domain is in the relay domains >> >> for now, we do not expose that option to the ui, but this can easily be >> added if wanted >> >> NOTES on security: >> >> this adds a world reachable api call, that can potentially send e-mails >> to users that belong to a relay domain >> >> this is ok, since anybody can already send e-mails to the users >> via normal smtp, and since the content of the e-mail cannot be >> controlled, the only thing a potential attacker can do is a dos attack >> (which can always be done via resource exhaustion, e.g. send a lot of mail) > > But, isn't the difference that here the server does it for me, no > greylisting or similar involved? Also possible lower payload required > vs. doing the SMTP myself. sure, but it is basically the same as a 'forgot password' link on any website also i am not sure about the cost of an tls+http call vs plain smtp... (i guess that this difference will not stop an attacker...) in general you can always dos a system, given enough network bandwidth... > > >> >> we could add more checks to make it more secure, but not so convenient: > > why not rate limit it to three per day or so? not convenience reducing, > we would need to safe the usage count somewhere though. i thought of this, but would take a little more time to develop ;) if wanted, i can of course implement something like this, though i am not sure where we would want to save that info, and how much time i'd need > >> * add an option for a admin-settable shared secret that users must enter >> (makes it harder for the user to self-service, since the user has to >> know the secret) >> * only allow it from 'trusted networks' (this makes probably no sense) >> * add an option to allow it from a specific subnet (similar to above, >> but seperate from mail flow, which could make sense, but is also >> not as convenient) >> >> for now all text is hardcoded, templates could be used later on >> (if users want that) >> >> also i am open for alternate wordings for all texts, i basically chose >> what came to mind first... >> >> changes from v1: >> * move config to 'spamquar' section >> * show button also on admin interface >> >> pmg-api: >> >> Dominik Csapak (3): >> refactor domain_regex to Utils >> add 'quarantinelink' to spamquar config >> api2/quarantine: add global sendlink api call >> >> src/PMG/API2/Quarantine.pm | 87 +++++++++++++++++++++++++++++++++++++ >> src/PMG/CLI/pmgqm.pm | 29 +------------ >> src/PMG/Config.pm | 6 +++ >> src/PMG/HTTPServer.pm | 1 + >> src/PMG/Service/pmgproxy.pm | 4 ++ >> src/PMG/Utils.pm | 26 +++++++++++ >> 6 files changed, 126 insertions(+), 27 deletions(-) >> >> pmg-gui: >> >> Dominik Csapak (1): >> add 'Request Quarantine Link' Button to LoginView >> >> js/LoginView.js | 31 +++++++++++++++++++++++++++++++ >> pmg-index.html.tt | 3 ++- >> 2 files changed, 33 insertions(+), 1 deletion(-) >> > >