[pmg-devel] [PATCH pmg-api 3/5] pmgpolicy: add IPv6 support

Stoiko Ivanov s.ivanov at proxmox.com
Wed Apr 15 12:53:16 CEST 2020


adds a new configuration flag in the 'mail' configuration section to
selectively enable greylisting for IPv6 and leaves its default as false to
maintain backward compatibility.

this change also enables SPF verification of IPv6 addresses if 'spf' is set
in the 'mail' section as a side-effect

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 src/PMG/Config.pm |  8 +++++++-
 src/bin/pmgpolicy | 20 +++++++++++++++-----
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 458d88e..7b9ca48 100755
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -605,10 +605,15 @@ sub properties {
 	    default => 1,
 	},
 	greylist => {
-	    description => "Use Greylisting.",
+	    description => "Use Greylisting for IPv4.",
 	    type => 'boolean',
 	    default => 1,
 	},
+	greylist6 => {
+	    description => "Use Greylisting for IPv6.",
+	    type => 'boolean',
+	    default => 0,
+	},
 	helotests => {
 	    description => "Use SMTP HELO tests.",
 	    type => 'boolean',
@@ -666,6 +671,7 @@ sub options {
 	max_smtpd_in => { optional => 1 },
 	max_smtpd_out => { optional => 1 },
 	greylist => { optional => 1 },
+	greylist6 => { optional => 1 },
 	helotests => { optional => 1 },
 	tls => { optional => 1 },
 	tlslog => { optional => 1 },
diff --git a/src/bin/pmgpolicy b/src/bin/pmgpolicy
index e49317e..4d3df7a 100755
--- a/src/bin/pmgpolicy
+++ b/src/bin/pmgpolicy
@@ -15,7 +15,7 @@ use Time::HiRes qw(gettimeofday);
 use Time::Zone;
 
 use PVE::INotify;
-use PVE::Tools;
+use PVE::Tools qw($IPV4RE $IPV6RE);
 use PVE::SafeSyslog;
 
 use PMG::Utils;
@@ -318,10 +318,12 @@ sub load_config {
     my $pmg_cfg = PMG::Config->new ();
     $self->{use_spf} = $pmg_cfg->get('mail', 'spf');
     $self->{use_greylist} = $pmg_cfg->get('mail', 'greylist');
+    $self->{use_greylist6} = $pmg_cfg->get('mail', 'greylist6');
 
     if ($opt_testmode) {
 	$self->{use_spf} = 1;
 	$self->{use_greylist} = 1;
+	$self->{use_greylist6} = 1;
     }
 
     my $nodename = PVE::INotify::nodename();
@@ -551,9 +553,17 @@ sub greylist_value {
 	return 'dunno';
     }
 
-    my ($net, $host) = $ip =~ m/(\d+\.\d+\.\d+)\.(\d+)/; # IPv4 for now
-    return 'dunno' if !defined($net);
-    my $masklen = 24;
+    my $masklen;
+    my $do_greylist = 0;
+    if ($ip =~ m/$IPV4RE/) {
+	$masklen = 24;
+	$do_greylist = $self->{use_greylist};
+    } elsif ($ip =~ m/$IPV6RE/) {
+	$masklen = 64;
+	$do_greylist = $self->{use_greylist6};
+    } else {
+	return 'dunno';
+    }
 
     my $spf_header;
 
@@ -645,7 +655,7 @@ sub greylist_value {
 	$self->{cache}->{$instance}->{spf_header_added} = 1;
     }
 
-    return $res if !$self->{use_greylist};
+    return $res if !$do_greylist;
 
     my $defer_res = "defer_if_permit Service is unavailable (try later)";
 
-- 
2.20.1




More information about the pmg-devel mailing list