From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E73F06072E for ; Tue, 17 Nov 2020 15:58:16 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DC91212AC0 for ; Tue, 17 Nov 2020 15:57:46 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id D8D5412A94 for ; Tue, 17 Nov 2020 15:57:44 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A21084373D for ; Tue, 17 Nov 2020 15:57:44 +0100 (CET) From: Dominik Csapak To: pmg-devel@lists.proxmox.com Date: Tue, 17 Nov 2020 15:57:39 +0100 Message-Id: <20201117145743.10561-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.348 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [quarantine.pm, html.tt, pmgproxy.pm, httpserver.pm, pmgqm.pm, utils.pm, config.pm] Subject: [pmg-devel] [PATCH pmg-api/gui] add quarantine self service button X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 14:58:16 -0000 adds an option/api call to request an quarantine link for an email whose domain is in the relay domains for now, we do not expose that option to the ui, but this can easily be added if wanted NOTES on security: this adds a world reachable api call, that can potentially send e-mails to users that belong to a relay domain this is ok, since anybody can already send e-mails to the users via normal smtp, and since the content of the e-mail cannot be controlled, the only thing a potential attacker can do is a dos attack (which can always be done via resource exhaustion, e.g. send a lot of mail) we could add more checks to make it more secure, but not so convenient: * add an option for a admin-settable shared secret that users must enter (makes it harder for the user to self-service, since the user has to know the secret) * only allow it from 'trusted networks' (this makes probably no sense) * add an option to allow it from a specific subnet (similar to above, but seperate from mail flow, which could make sense, but is also not as convenient) for now all text is hardcoded, templates could be used later on (if users want that) also i am open for alternate wordings for all texts, i basically chose what came to mind first... changes from v1: * move config to 'spamquar' section * show button also on admin interface pmg-api: Dominik Csapak (3): refactor domain_regex to Utils add 'quarantinelink' to spamquar config api2/quarantine: add global sendlink api call src/PMG/API2/Quarantine.pm | 87 +++++++++++++++++++++++++++++++++++++ src/PMG/CLI/pmgqm.pm | 29 +------------ src/PMG/Config.pm | 6 +++ src/PMG/HTTPServer.pm | 1 + src/PMG/Service/pmgproxy.pm | 4 ++ src/PMG/Utils.pm | 26 +++++++++++ 6 files changed, 126 insertions(+), 27 deletions(-) pmg-gui: Dominik Csapak (1): add 'Request Quarantine Link' Button to LoginView js/LoginView.js | 31 +++++++++++++++++++++++++++++++ pmg-index.html.tt | 3 ++- 2 files changed, 33 insertions(+), 1 deletion(-) -- 2.20.1