From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Dominik Csapak <d.csapak@proxmox.com>, pmg-devel@lists.proxmox.com
Subject: Re: [pmg-devel] [PATCH pmg-api/gui] add quarantine self service button
Date: Tue, 17 Nov 2020 17:11:35 +0100 [thread overview]
Message-ID: <3097d738-dc62-5f86-050d-7ed053bccf43@proxmox.com> (raw)
In-Reply-To: <073e4e3c-fc11-7ea0-d754-1abc20e59bd5@proxmox.com>
On 17.11.20 16:53, Dominik Csapak wrote:
> On 11/17/20 4:29 PM, Thomas Lamprecht wrote:
>> On 17.11.20 15:57, Dominik Csapak wrote:
>>> adds an option/api call to request an quarantine link for an
>>> email whose domain is in the relay domains
>>>
>>> for now, we do not expose that option to the ui, but this can easily be
>>> added if wanted
>>>
>>> NOTES on security:
>>>
>>> this adds a world reachable api call, that can potentially send e-mails
>>> to users that belong to a relay domain
>>>
>>> this is ok, since anybody can already send e-mails to the users
>>> via normal smtp, and since the content of the e-mail cannot be
>>> controlled, the only thing a potential attacker can do is a dos attack
>>> (which can always be done via resource exhaustion, e.g. send a lot of mail)
>>
>> But, isn't the difference that here the server does it for me, no
>> greylisting or similar involved? Also possible lower payload required
>> vs. doing the SMTP myself.
>
> sure, but it is basically the same as a 'forgot password' link on any website
>
those often have captchas, though, at least if you retry a few times.
> also i am not sure about the cost of an tls+http call vs plain smtp...
> (i guess that this difference will not stop an attacker...)
>
> in general you can always dos a system, given enough network bandwidth...
but misusing the PMG, a project to protect for mail spam, among other things,
to allow producing mail spam which gets relayed to the users behind a network
is something completely different - normally you cannot send anything to them
if they do not open a connection to you, at least for most state full firewall
setups.
Not saying this is outright bad, just that it cannot brushed off with "I can
produce network traffic otherwise" as the real target here can be something
where this may not be true without this feature.
>>
>>
>>>
>>> we could add more checks to make it more secure, but not so convenient:
>>
>> why not rate limit it to three per day or so? not convenience reducing,
>> we would need to safe the usage count somewhere though.
>
> i thought of this, but would take a little more time to develop ;)
> if wanted, i can of course implement something like this, though
> i am not sure where we would want to save that info, and how much
> time i'd need
as long as this gets logged somewhere, even just HTTP access log (if relevant
params are in the URL itself) then an admin could setup fail2ban and we wouldn't
need to handle this ourself.
next prev parent reply other threads:[~2020-11-17 16:12 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-17 14:57 Dominik Csapak
2020-11-17 14:57 ` [pmg-devel] [PATCH pmg-api v2 1/3] refactor domain_regex to Utils Dominik Csapak
2020-11-17 14:57 ` [pmg-devel] [PATCH pmg-api v2 2/3] add 'quarantinelink' to spamquar config Dominik Csapak
2020-11-17 14:57 ` [pmg-devel] [PATCH pmg-api v2 3/3] api2/quarantine: add global sendlink api call Dominik Csapak
2020-11-17 14:57 ` [pmg-devel] [PATCH pmg-gui v2 1/1] add 'Request Quarantine Link' Button to LoginView Dominik Csapak
2020-11-17 15:29 ` [pmg-devel] [PATCH pmg-api/gui] add quarantine self service button Thomas Lamprecht
2020-11-17 15:53 ` Dominik Csapak
2020-11-17 16:11 ` Thomas Lamprecht [this message]
2020-11-17 16:00 ` Stoiko Ivanov
2020-11-17 16:27 ` Dietmar Maurer
2020-11-17 16:38 ` Dietmar Maurer
2020-11-18 7:44 ` Thomas Lamprecht
2020-11-18 7:56 ` Dominik Csapak
2020-11-18 8:01 ` Thomas Lamprecht
2020-11-18 8:13 ` Dominik Csapak
-- strict thread matches above, loose matches on Subject: below --
2020-11-17 8:05 Dominik Csapak
2020-11-17 13:16 ` Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3097d738-dc62-5f86-050d-7ed053bccf43@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox