From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id F09D972B27 for ; Wed, 16 Jun 2021 13:10:33 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DB74310D39 for ; Wed, 16 Jun 2021 13:10:03 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id D5C6210D2B for ; Wed, 16 Jun 2021 13:10:02 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A76304405C for ; Wed, 16 Jun 2021 13:10:02 +0200 (CEST) To: Stoiko Ivanov , pmg-devel@lists.proxmox.com References: <20210517140257.3449-1-s.ivanov@proxmox.com> From: Dominik Csapak Message-ID: Date: Wed, 16 Jun 2021 13:10:01 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20210517140257.3449-1-s.ivanov@proxmox.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.965 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment NICE_REPLY_A -0.095 Looks like a legit reply (A) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [pmgqm.pm] Subject: Re: [pmg-devel] [PATCH pmg-api] fix #2013 spamreport: remove ticket if authmode is ldap X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2021 11:10:34 -0000 Looks good and works like intended, setting the authmode to ldap does not include the ticket anymore just want to comment that this is now the opposite behaviour of pmg <= 4 where setting authmode to ldap would not change the template, but not accept quarantine tickets anymore (which we should *probably* also do, since there may be some valid tickets around; but this can be a separate patch) Reviewed-By: Dominik Csapak Tested-By: Dominik Csapak On 5/17/21 4:02 PM, Stoiko Ivanov wrote: > Currently the 'authmode' setting for the spamquarantine is not used > anywhere. According to documentation setting it to 'ldap' should allow > access to the quarantine only with ldap credentials. > > This patch addresses the issue by not generating a quarantineticket, > and adapting all links accordingly if the authmode is 'ldap'. > > tested by changing the authmode and running > `pmgqm send -receiver -debug 1` > > Signed-off-by: Stoiko Ivanov > --- > src/PMG/CLI/pmgqm.pm | 21 ++++++++++++++++----- > 1 file changed, 16 insertions(+), 5 deletions(-) > > diff --git a/src/PMG/CLI/pmgqm.pm b/src/PMG/CLI/pmgqm.pm > index 39253db..1e21bf0 100755 > --- a/src/PMG/CLI/pmgqm.pm > +++ b/src/PMG/CLI/pmgqm.pm > @@ -70,8 +70,12 @@ sub get_item_data { > $item->{file} = $ref->{file}; > > my $basehref = "$data->{protocol_fqdn_port}/quarantine"; > - my $ticket = uri_escape($data->{ticket}); > - $item->{href} = "$basehref?ticket=$ticket&cselect=$item->{id}&date=$item->{date}"; > + if ($data->{authmode} ne 'ldap') { > + my $ticket = uri_escape($data->{ticket}); > + $item->{href} = "$basehref?ticket=$ticket&cselect=$item->{id}&date=$item->{date}"; > + } else { > + $item->{href} = "$basehref?cselect=$item->{id}&date=$item->{date}"; > + } > > return $item; > } > @@ -229,6 +233,8 @@ __PACKAGE__->register_method ({ > $protocol_fqdn_port .= ":$port"; > } > > + my $authmode = $cfg->get ('spamquar', 'authmode') // 'ticket'; > + > my $global_data = { > protocol => $protocol, > port => $port, > @@ -238,6 +244,7 @@ __PACKAGE__->register_method ({ > timespan => $timespan, > items => [], > protocol_fqdn_port => $protocol_fqdn_port, > + authmode => $authmode, > }; > > my $mailfrom = $cfg->get ('spamquar', 'mailfrom') // > @@ -306,9 +313,13 @@ __PACKAGE__->register_method ({ > $mailcount = 0; > > $data->{pmail} = $creceiver; > - $data->{ticket} = PMG::Ticket::assemble_quarantine_ticket($data->{pmail}); > - my $esc_ticket = uri_escape($data->{ticket}); > - $data->{managehref} = "$protocol_fqdn_port/quarantine?ticket=${esc_ticket}"; > + $data->{managehref} = "$protocol_fqdn_port/quarantine"; > + if ($data->{authmode} ne 'ldap') { > + $data->{ticket} = PMG::Ticket::assemble_quarantine_ticket($data->{pmail}); > + my $esc_ticket = uri_escape($data->{ticket}); > + $data->{managehref} .= "?ticket=${esc_ticket}"; > + } > + > } > > push @{$data->{items}}, get_item_data($data, $ref); >