From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4F29660CE7 for ; Wed, 18 Nov 2020 17:56:44 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 424C91E0DA for ; Wed, 18 Nov 2020 17:56:44 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 1CC1F1E0CE for ; Wed, 18 Nov 2020 17:56:43 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id DC0814399C for ; Wed, 18 Nov 2020 17:56:42 +0100 (CET) To: Dominik Csapak , pmg-devel@lists.proxmox.com References: <20201118105937.13079-1-d.csapak@proxmox.com> From: Thomas Lamprecht Message-ID: <7d838c29-773c-df19-caad-81d10be15264@proxmox.com> Date: Wed, 18 Nov 2020 17:56:41 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Thunderbird/83.0 MIME-Version: 1.0 In-Reply-To: <20201118105937.13079-1-d.csapak@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL -0.087 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [utils.pm, quarantine.pm, html.tt] Subject: [pmg-devel] applied: [PATCH pmg-api/gui v3] add quarantine self service button X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Nov 2020 16:56:44 -0000 On 18.11.20 11:59, Dominik Csapak wrote: > adds an option/api call to request an quarantine link for an > email whose domain is in the relay domains >=20 > for now, we do not expose that option to the ui, but this can easily be= > added if wanted >=20 > NOTES on security: >=20 > this adds a world reachable api call, that can potentially send e-mails= > to users that belong to a relay domain >=20 > we ratelimit 1 request/5sec and 1 request/user/hour so that a dos is in= feasible >=20 > for now all text is hardcoded, templates could be used later on > (if users want that) >=20 > changes from v2: > * introduce ratelimit > * factor out the sending sub (for readability) > * change the gui window to only have an 'OK' button (without reset) >=20 > changes from v1: > * move config to 'spamquar' section > * show button also on admin interface >=20 > pmg-api: >=20 > Dominik Csapak (3): > refactor domain_regex to Utils > add 'quarantinelink' to spamquar config > api2/quarantine: add global sendlink api call >=20 > src/PMG/API2/Quarantine.pm | 126 ++++++++++++++++++++++++++++++++++++= > src/PMG/CLI/pmgqm.pm | 29 +-------- > src/PMG/Config.pm | 6 ++ > src/PMG/HTTPServer.pm | 1 + > src/PMG/Service/pmgproxy.pm | 4 ++ > src/PMG/Utils.pm | 26 ++++++++ > 6 files changed, 165 insertions(+), 27 deletions(-) >=20 > pmg-gui: >=20 > Dominik Csapak (1): > add 'Request Quarantine Link' Button to LoginView >=20 > js/LoginView.js | 33 +++++++++++++++++++++++++++++++++ > pmg-index.html.tt | 3 ++- > 2 files changed, 35 insertions(+), 1 deletion(-) >=20 applied, with some followups: * use built-in time() to get seconds since epoch * sleep a bit, especially more on the rate limit cases * code consitency one thing which feels a bit "flawed" is the fact that if one knows or gue= sses correctly a valid domain, the can DOS this requester for all other valid = ones by simply looping and sending a request for "$name++@$domain" where $name ge= ts changed slightly each round - this way others race with them to get in between th= e small timeframe where the mtime is old enough again and the "attacker" gets thr= ough a request again. But, this can be somewhat solved by fail2ban and it's opt-in anyway.