[pmg-devel] [PATCH pmg-api/gui/docs] enhance greylist (configurable mask + ipv6 support)

Stoiko Ivanov s.ivanov at proxmox.com
Wed Apr 15 12:53:13 CEST 2020 

This patchset started out as adding support for configuring the netmask used
for comparing triples of (ipnet,sender,receiver) while greylisting, because
some cloud providers send out the same mail from different outbound ips
(from a network which is larger then /19 - e.g. office365)

While looking through the code it seemed worthwhile to also add support for
greylisting ipv6 addresses.

As a sideeffect the use_spf flag in pmgpolicy now also works for ipv6
addresses.

One potential caveat compared to the current code is that it now could happen
that we have 2 triples with the same sender+receiver but different ips added to
the table in case those 2 ips send the mails to 2 different clusternodes
within 2 minutes (clustersync intervall).

I tested the changes in my (limited, but clustered) environment:
* sending from an ipv6 address not covered by the SPF record with hard fail
* sending from an ipv6 address covered by the SPF record with hard fail
* sending from different ipv6 addresses in the same configured network
* syncing between an updated master and old node
(all of the tests worked)

additionally the first patch for pmg-api fixes a glitch in test_greylist.pl
(not stopping the pmgpolicy server used for testing when an error is
encountered)

pmg-api:
Stoiko Ivanov (5):
  test_greylist: exit pmgpolicy on failed test
  Change greylisting table to use 'inet' for ips
  pmgpolicy: add IPv6 support
  greylist: make netmasks configurable
  add tests for greylisting ipv6

 src/PMG/Cluster.pm         | 30 +++++++++----
 src/PMG/Config.pm          | 24 ++++++++++-
 src/PMG/DBTools.pm         | 86 ++++++++++++++++++++++++++++----------
 src/bin/pmgpolicy          | 76 ++++++++++++++++++++-------------
 src/tests/test_greylist.pl | 41 ++++++++++++++++--
 5 files changed, 192 insertions(+), 65 deletions(-)

pmg-gui:
Stoiko Ivanov (1):
  MailProxyOptions: add greylist enhancements

 js/MailProxyOptions.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

pmg-docs:
Stoiko Ivanov (1):
  add new greylist params gen-pmg.conf.5.-opts.pl

 gen-pmg.conf.5-opts.pl | 3 +++
 1 file changed, 3 insertions(+)

-- 
2.20.1

More information about the pmg-devel mailing list