From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id EEF796079E for ; Tue, 17 Nov 2020 17:12:12 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DFD6C134F8 for ; Tue, 17 Nov 2020 17:11:42 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5B679134EE for ; Tue, 17 Nov 2020 17:11:42 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E403643731 for ; Tue, 17 Nov 2020 17:11:36 +0100 (CET) To: Dominik Csapak , pmg-devel@lists.proxmox.com References: <20201117145743.10561-1-d.csapak@proxmox.com> <526e7bd6-7108-0034-a9a9-58d2481d1174@proxmox.com> <073e4e3c-fc11-7ea0-d754-1abc20e59bd5@proxmox.com> From: Thomas Lamprecht Message-ID: <3097d738-dc62-5f86-050d-7ed053bccf43@proxmox.com> Date: Tue, 17 Nov 2020 17:11:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Thunderbird/83.0 MIME-Version: 1.0 In-Reply-To: <073e4e3c-fc11-7ea0-d754-1abc20e59bd5@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.089 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.001 Looks like a legit reply (A) RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] [PATCH pmg-api/gui] add quarantine self service button X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Nov 2020 16:12:13 -0000 On 17.11.20 16:53, Dominik Csapak wrote: > On=C2=A011/17/20=C2=A04:29=C2=A0PM,=C2=A0Thomas=C2=A0Lamprecht=C2=A0wro= te: >> On=C2=A017.11.20=C2=A015:57,=C2=A0Dominik=C2=A0Csapak=C2=A0wrote: >>> adds=C2=A0an=C2=A0option/api=C2=A0call=C2=A0to=C2=A0request=C2=A0an=C2= =A0quarantine=C2=A0link=C2=A0for=C2=A0an >>> email=C2=A0whose=C2=A0domain=C2=A0is=C2=A0in=C2=A0the=C2=A0relay=C2=A0= domains >>> >>> for=C2=A0now,=C2=A0we=C2=A0do=C2=A0not=C2=A0expose=C2=A0that=C2=A0opt= ion=C2=A0to=C2=A0the=C2=A0ui,=C2=A0but=C2=A0this=C2=A0can=C2=A0easily=C2=A0= be >>> added=C2=A0if=C2=A0wanted >>> >>> NOTES=C2=A0on=C2=A0security: >>> >>> this=C2=A0adds=C2=A0a=C2=A0world=C2=A0reachable=C2=A0api=C2=A0call,=C2= =A0that=C2=A0can=C2=A0potentially=C2=A0send=C2=A0e-mails >>> to=C2=A0users=C2=A0that=C2=A0belong=C2=A0to=C2=A0a=C2=A0relay=C2=A0do= main >>> >>> this=C2=A0is=C2=A0ok,=C2=A0since=C2=A0anybody=C2=A0can=C2=A0already=C2= =A0send=C2=A0e-mails=C2=A0to=C2=A0the=C2=A0users >>> via=C2=A0normal=C2=A0smtp,=C2=A0and=C2=A0since=C2=A0the=C2=A0content=C2= =A0of=C2=A0the=C2=A0e-mail=C2=A0cannot=C2=A0be >>> controlled,=C2=A0the=C2=A0only=C2=A0thing=C2=A0a=C2=A0potential=C2=A0= attacker=C2=A0can=C2=A0do=C2=A0is=C2=A0a=C2=A0dos=C2=A0attack >>> (which=C2=A0can=C2=A0always=C2=A0be=C2=A0done=C2=A0via=C2=A0resource=C2= =A0exhaustion,=C2=A0e.g.=C2=A0send=C2=A0a=C2=A0lot=C2=A0of=C2=A0mail) >> >> But,=C2=A0isn't=C2=A0the=C2=A0difference=C2=A0that=C2=A0here=C2=A0the=C2= =A0server=C2=A0does=C2=A0it=C2=A0for=C2=A0me,=C2=A0no >> greylisting=C2=A0or=C2=A0similar=C2=A0involved?=C2=A0Also=C2=A0possibl= e=C2=A0lower=C2=A0payload=C2=A0required >> vs.=C2=A0doing=C2=A0the=C2=A0SMTP=C2=A0myself. >=20 > sure, but it is basically the same as a 'forgot password' link on any w= ebsite >=20 those often have captchas, though, at least if you retry a few times. > also=C2=A0i=C2=A0am=C2=A0not=C2=A0sure=C2=A0about=C2=A0the=C2=A0cost=C2= =A0of=C2=A0an=C2=A0tls+http=C2=A0call=C2=A0vs=C2=A0plain=C2=A0smtp... > (i=C2=A0guess=C2=A0that=C2=A0this=C2=A0difference=C2=A0will=C2=A0not=C2= =A0stop=C2=A0an=C2=A0attacker...) >=20 > in=C2=A0general=C2=A0you=C2=A0can=C2=A0always=C2=A0dos=C2=A0a=C2=A0syst= em,=C2=A0given=C2=A0enough=C2=A0network=C2=A0bandwidth... but misusing the PMG, a project to protect for mail spam, among other thi= ngs, to allow producing mail spam which gets relayed to the users behind a net= work is something completely different - normally you cannot send anything to = them if they do not open a connection to you, at least for most state full fir= ewall setups. Not saying this is outright bad, just that it cannot brushed off with "I = can produce network traffic otherwise" as the real target here can be somethi= ng where this may not be true without this feature. >> >> >>> >>> we=C2=A0could=C2=A0add=C2=A0more=C2=A0checks=C2=A0to=C2=A0make=C2=A0i= t=C2=A0more=C2=A0secure,=C2=A0but=C2=A0not=C2=A0so=C2=A0convenient: >> >> why=C2=A0not=C2=A0rate=C2=A0limit=C2=A0it=C2=A0to=C2=A0three=C2=A0per=C2= =A0day=C2=A0or=C2=A0so?=C2=A0not=C2=A0convenience=C2=A0reducing, >> we=C2=A0would=C2=A0need=C2=A0to=C2=A0safe=C2=A0the=C2=A0usage=C2=A0cou= nt=C2=A0somewhere=C2=A0though. >=20 > i=C2=A0thought=C2=A0of=C2=A0this,=C2=A0but=C2=A0would=C2=A0take=C2=A0a=C2= =A0little=C2=A0more=C2=A0time=C2=A0to=C2=A0develop=C2=A0;) > if=C2=A0wanted,=C2=A0i=C2=A0can=C2=A0of=C2=A0course=C2=A0implement=C2=A0= something=C2=A0like=C2=A0this,=C2=A0though > i=C2=A0am=C2=A0not=C2=A0sure=C2=A0where=C2=A0we=C2=A0would=C2=A0want=C2= =A0to=C2=A0save=C2=A0that=C2=A0info,=C2=A0and=C2=A0how=C2=A0much > time=C2=A0i'd=C2=A0need as long as this gets logged somewhere, even just HTTP access log (if rele= vant params are in the URL itself) then an admin could setup fail2ban and we w= ouldn't need to handle this ourself.