pmg-api (8.0.9) bookworm; urgency=medium * implement "SMTP-smuggling" mitigation for external port - see https://www.postfix.org/smtp-smuggling.html for details -- Proxmox Support Team Fri, 22 Dec 2023 11:16:42 +0100 pmg-api (8.0.8) bookworm; urgency=medium * fix #4944: api/pbs remote: Add a port config * user quarantine: use raw pmail for ticket assembly * reduce the logging level of certain messages * apt: use `apt changelog` for changelog fetching * api/cli: acme: add eab parameters * api: acme: deprecate tos endpoint in favor of new meta endpoint * api: quarantine: include descriptions for KAM rules in the spaminfo * pmg7to8: Add check for dkms modules * pmg7to8: check for proper grub meta-package for bootmode -- Proxmox Support Team Wed, 20 Dec 2023 10:58:29 +0100 pmg-api (8.0.7) bookworm; urgency=medium * handle pve-kernel -> proxmox-kernel rename -- Proxmox Support Team Tue, 01 Aug 2023 11:53:07 +0200 pmg-api (8.0.6) bookworm; urgency=medium * cluster: fingerprint parsing: adapt to changed openssl output -- Proxmox Support Team Tue, 25 Jul 2023 11:32:42 +0200 pmg-api (8.0.5) bookworm; urgency=medium * cluster config: restrict slurp scope to avoid issue parsing network interfaces * pmg7to8: notify about unmodified templates * system report: skip irrelevant files in /etc/pmg/templates -- Proxmox Support Team Tue, 11 Jul 2023 17:53:49 +0200 pmg-api (8.0.4) bookworm; urgency=medium * fix #4815: pmgsh: fix calling the api paths directly * statistics: fix syntax of SQL query for virus info counter update -- Proxmox Support Team Mon, 03 Jul 2023 12:42:23 +0200 pmg-api (8.0.3) bookworm; urgency=medium * pmgpolicy, pmg-smtp-filter: set sensible PATH to ensure that standard system binaries can be executed even if just their base name is used. -- Proxmox Support Team Wed, 28 Jun 2023 17:42:32 +0200 pmg-api (8.0.2) bookworm; urgency=medium * make section match more precise when hard-coding 'use_bayes' & 'use_awl' properties * tell the systemd debhelper to not stop the no-start services on upgrade, avoiding noisy warnings for those with an associated timer and also that any currently running operation of those services gets aborted * enable TFA lockout, for the relatively low-entropy TOTP type after 8 consecutive tries, for all other types after 1000 consecutive tries, as they have much higher entropy * include tfa lock status in user list and add user tfa-unlock endpoint -- Proxmox Support Team Wed, 28 Jun 2023 11:12:57 +0200 pmg-api (8.0.1) bookworm; urgency=medium * include version metadata again in statically generated pmgcfg module again -- Proxmox Support Team Wed, 28 Jun 2023 08:04:50 +0200 pmg-api (8.0.0) bookworm; urgency=medium * d/postinst: remove re-generation of unique machine-ID for old ISOs * cluster: adapt invocation of rsync for the version in Debian 12 Bookworm * postgresql compat: cast results explicitly to integer to cope with PostgreSQL 15 changes where UNIX epochs are returned as float * auth: set PAM context to 'proxmox-mailgateway-auth' and set the rhost to the IP address the users connects with, allowing one to limit PAM login to certain networks. -- Proxmox Support Team Tue, 27 Jun 2023 18:20:30 +0200 pmg-api (8.0.0~1) bookworm; urgency=medium * re-build for Proxmox Mail Gateway 8 based on Debian 12 Bookworm * update postgresql dependency to 15 * postgresql.conf template: drop 'stats_temp_directory' config-setting as it was deprecated by upstream PostgreSQL 14 and removed with 15. * explicitly depend on rsyslog for the tracking center, as rsyslog doesn't gets installed by default in Debian 12 Bookworm anymore * config: disable awl and bayes by default * config: disable advanced statistic filters by default * debian/postinst: hard code old default values for 'advfilter', 'use_bayes' & 'use_awl' during upgrade to 8.0.0 * grant 'root' and 'www-data' users respective permissions on public schema for newly created databases -- Proxmox Support Team Mon, 26 Jun 2023 17:43:06 +0200 pmg-api (7.3-4) bullseye; urgency=medium * ruledb: match field: improve validation of regular expressions on addition, warn for existing invalid ones. * d/maintscripts: prevent aborting on errors in some commands -- Proxmox Support Team Fri, 02 Jun 2023 10:30:31 +0200 pmg-api (7.3-3) bullseye; urgency=medium * config schema: document postfix option for smtputf8 flag * quarantine: delete Delivered-To and Return-Path when reinjecting mails, fixing a (unpublished) regression with postfix's forwarding loop detection -- Proxmox Support Team Tue, 28 Mar 2023 07:42:19 +0200 pmg-api (7.3-2) bullseye; urgency=medium * config schema: extend documentation for options * templates: adapt to new path for KAM rules in proxmox-spamassassin * report: add `date -R` to general system info section -- Proxmox Support Team Mon, 27 Mar 2023 12:59:53 +0200 pmg-api (7.3-1) bullseye; urgency=medium * proxy: initialize the theme variable with an empty string * smtputf8: keep smtputf8 from incoming postfix, detect for local mail * config: make smtputf8 configurable through the API * reinject mail: improve error logging * quarantine: reuse the reinject local mail helper to profit from some of it's recent improvements like IPv6 or DSN. * api: quarantine: decode addresses before delivery/userlisting -- Proxmox Support Team Thu, 23 Mar 2023 17:29:01 +0100 pmg-api (7.2-5) bullseye; urgency=medium * fix #4536: parse original filenames from gzip files * proxy: add support for switching themes * ruledb: spam: adapt to spamassassin 4.0.0 * templates: sync spamassassin templates with 4.0.0 upstream * templates: enable DecodeShortUrls for SpamAssassin 4.0.0 * templates: enable DMARC plugin in v400.pre.in * fix #2437: config: Add new tls_inbound_domains postfix map and add API endpoint for managing entries * config: warn on parse errors for tls related config files * fix #4521: api/tasks: replace upid as filename for task log downloads -- Proxmox Support Team Tue, 21 Mar 2023 12:59:25 +0100 pmg-api (7.2-4) bullseye; urgency=medium * fix #4410: Remove non-null host bits from CIDR when writing postfix config * utils: skip checking headers for non-ascii characters as stop gap to avoid breaking mail flow of a few setups that have smtputf8 disabled in their postfix config (e.g., because their downstream servers do not support this) -- Proxmox Support Team Wed, 25 Jan 2023 11:01:14 +0100 pmg-api (7.2-3) bullseye; urgency=medium * keep directories in /etc/pmg for inotify when restoring from backup * rulecache: sort rules additionally by id * fix mailflow if smtputf8 is disabled * pmgdb dump: encode ruledata before printing -- Proxmox Support Team Tue, 27 Dec 2022 11:17:13 +0100 pmg-api (7.2-2) bullseye; urgency=medium * d/control: depend directly on libproxmox-acme-plugins -- Proxmox Support Team Wed, 30 Nov 2022 10:46:04 +0100 pmg-api (7.2-1) bullseye; urgency=medium * queue administration: try to decode utf8 * make tasklog downloadable in the PMG backend * user accesslists: reword logging and hits for newer SA rule sets * user-bl: use custom description of USER_IN_BLOCKLIST consistently -- Proxmox Support Team Tue, 29 Nov 2022 15:48:26 +0100 pmg-api (7.1-11) bullseye; urgency=medium * fix #3287: add `pmail` parameter to virus and attachment quarantine list to allow one to filter for a specific mail * fix #2541 ruledb: encode relevant values as utf-8 in database * fix #2465: handle smtputf8 addresses in all but who-objects of the rule-system -- Proxmox Support Team Thu, 24 Nov 2022 16:43:19 +0100 pmg-api (7.1-10) bullseye; urgency=medium * fix #4006: do not split from header on ', ' for spamreport mails * ruledb: modfield: properly handle fields spanning multiple lines * ruledb: add deprecation warnings for unused `ReportSpam`, `Attach` and `Counter` actions -- Proxmox Support Team Wed, 16 Nov 2022 09:03:52 +0100 pmg-api (7.1-9) bullseye; urgency=medium * api: quarantine: allow 'list attachments' endpoint for quarantine users, they can see them in the raw email display already anyway * api: quarantine: add 'content-disposition' field to response of 'list attachments' API * ruledb: modfield: properly encode field after variable substitution -- Proxmox Support Team Fri, 11 Nov 2022 13:48:23 +0100 pmg-api (7.1-8) bullseye; urgency=medium * api: apt versions: track proxmox-offline-mirror-helper * fix #4269: rule cache: from match: cope with undefined IP * rule database: notify: properly en-/decode the mail subject to avoid issues with non-ascii characters, like for example, the reported chinese characters. -- Proxmox Support Team Fri, 28 Oct 2022 11:42:15 +0200 pmg-api (7.1-7) bullseye; urgency=medium * d/control: recommend proxmox-offline-mirror-helper * d/postinst: migrate/update APT auth config -- Proxmox Support Team Wed, 14 Sep 2022 13:17:58 +0200 pmg-api (7.1-6) bullseye; urgency=medium * subscription: handle missing subscription info * fix #3915: remove obsolete /etc/apt/apt.conf.d/75pmgconf -- Proxmox Support Team Thu, 08 Sep 2022 15:04:49 +0200 pmg-api (7.1-5) bullseye; urgency=medium * add 'allow-subdomains' to webauthn schema * subscription: switch to rust, add offline key support -- Proxmox Support Team Tue, 6 Sep 2022 10:35:09 +0200 pmg-api (7.1-4) bullseye; urgency=medium * rulesystem: matchfield: match all headers not only the first * config: avoid adding a specific IPs or networks multiple times to the template variables * api: quarantine: load custom rules description so that they show up in the GUI too * pmg-daily: avoid short-circuting update of local channels * api: apt: switch to common Proxmox::RS::APT::Repositories package -- Proxmox Support Team Wed, 13 Jul 2022 11:15:00 +0200 pmg-api (7.1-3) bullseye; urgency=medium * fix duplicate 'x-ms-dos-executable' in default 'Dangerous Content' object * daily update timer: start already on 01:00 to avoid dst change issue * fix #3924: ldap: accept only valid email-address * Proxmox Backup Server integration: namespace support -- Proxmox Support Team Mon, 16 May 2022 12:20:42 +0200 pmg-api (7.1-2) bullseye; urgency=medium * fix #3758: allow empty `to` in noqueue case * postfix queue: add 'decode-headers' option for read endpoint * http server: pass TLS 1.3 ciphersuites and disable-TLS-1.2/1.3 options if set * utils: change working directory to root before executing postgres admin commands, to avoid that restrictions of the current CWD from the user doesn't cause failing the command. -- Proxmox Support Team Thu, 03 Feb 2022 11:37:51 +0100 pmg-api (7.1-1) bullseye; urgency=medium * rulesystem: limit linelength of disclaimer to 998 bytes * fix #3734: scrub CSS 'url' from style tags/attributes if view-images is disabled for the quarantine * fix #2795: add support for Delivery Status Notification (DSN) * add support for two factor authentication with TOTP, recovery codes and WebAuthn to the admin interface -- Proxmox Support Team Sun, 28 Nov 2021 21:04:58 +0100 pmg-api (7.0-9) bullseye; urgency=medium * fix #2071: RuleDB: ignore duplicate entries for Who objects * api: ldap config: sync with the complete config * fix #3712: strip any trailing dot from the search-domain when passing it to postifx * api: journal: stream the journal data to the client * api-daemons: make systemd restart them on-failure * api-dameons: set oom-policy to `continue` so that a single (replacable) worker getting OOM-killed does not bring down the whole service -- Proxmox Support Team Wed, 24 Nov 2021 19:13:29 +0100 pmg-api (7.0-8) bullseye; urgency=medium * api: apt: repos: avoid creating implicit default for enabled * api: apt: use pmg-style permission for endpoint schema to allow access to admins that aren't root@pam * prefer more flexible get_local_ip where possible, it still prefers the resolved hostname but falls back to configured or active IPs. Especially useful for evaluation and initial (CT template) setups. * pmgbanner: retry getting local IP for a bit in case of failure, this should be only relevant for evaluation and initial setups where the hostname may not yet resolve to the primary IP address. -- Proxmox Support Team Mon, 20 Sep 2021 08:17:18 +0200 pmg-api (7.0-7) bullseye; urgency=medium * pmgversion: do not show packages with residual config as being in an error installation state * api: apt versions: add ifupdown(2), libproxmox-acme-* and pmg-i18n to packages included in the version report. * api: implement live network reload with ifupdown2 -- Proxmox Support Team Mon, 19 Jul 2021 09:04:25 +0200 pmg-api (7.0-6) bullseye; urgency=medium * fix cluster join when large ssh-rsa keys are setup -- Proxmox Support Team Wed, 14 Jul 2021 17:54:03 +0200 pmg-api (7.0-5) bullseye; urgency=medium * d/control: recommend ifupdown2 and suggest zfsutils-linux * switch enterprise repository over to bullseye -- Proxmox Support Team Wed, 14 Jul 2021 11:58:48 +0200 pmg-api (7.0-3) bullseye; urgency=medium * acme: handle wildcard dns validation * api: apt: add calls for repositories status and basic manegement * api: services: return active- and unit-state infos * api: services: track chrony service -- Proxmox Support Team Tue, 13 Jul 2021 18:42:07 +0200 pmg-api (7.0-2) bullseye; urgency=medium * d/postinst: handle static machine-id from ISO 5.0 <= x <= 6.0 * cluster: fix missing import of helper module * config: freshclam: default to incremental downloads * utils: fix service alias lookup for service commands and status query -- Proxmox Support Team Sat, 03 Jul 2021 22:51:12 +0200 pmg-api (7.0-1) bullseye; urgency=medium * re-build for Proxmox Mail Gateway 7 based on Debian 11 Bullseye * pmgproxy: allow setting LISTEN_IP parameter * clamav: remove deprecated SafeBrowsing * api: nodes: drop deprecated 'upgrade' option of termproxy * TLSPolicy: drop deprecated 'domain' parameter * api: quarantine: drop deprecated b/w-list methods, and drop detail statistic methods (replaced by more flexible endpoints in 6.x) * update postgresql dependency to version 13 * greylisting: drop unneeded Host column form cgreylist table * api: nodeconfig: validate acme config before writing * fix #2013 spamreport: remove ticket if authmode is ldap * api: tasks: add 'since', 'until', task-type and 'status' filters -- Proxmox Support Team Mon, 28 Jun 2021 15:57:10 +0200 pmg-api (6.4-4) pmg; urgency=medium * fix #2228: spam quarantine: automatically deliver on whitelisting and delete on blacklisting a mail * acme: allow wildcard domain entries -- Proxmox Support Team Thu, 15 Apr 2021 15:19:00 +0200 pmg-api (6.4-3) pmg; urgency=medium * fix creating mailqueue spooldirs * rephrase backup notification template -- Proxmox Support Team Fri, 26 Mar 2021 19:09:41 +0100 pmg-api (6.4-2) pmg; urgency=medium * fix #3164: api: quarantine: allow to return spam from all users * ensure '/etc/pmg/acme/accounts' directory exists * certs: reload postfix to activate new certificate even if TLS config stayed the same * cluster: trust both, old and new certificate fingerprint of master during update -- Proxmox Support Team Tue, 23 Mar 2021 08:30:22 +0100 pmg-api (6.3-7) pmg; urgency=medium * implement Automatic Certificate Management Environment (ACME) for API and SMTP TLS certificates. Allowing one to use providers like Let's Encrypt for deployment and automatic renewal of trusted certificates. * cluster: automatically trigger an update of the pinned certificate fingerprint for a node in the cluster configuration on certificate change -- Proxmox Support Team Thu, 18 Mar 2021 11:05:17 +0100 pmg-api (6.3-6) pmg; urgency=medium * api: spamassassin: read local channels and include them in daily SA update * api: statistics: add central API enpoint for details, avoiding issues with certain characters in mail addresses * utils: allow / inside email address localpart * fix #3154: backup: add include-statistics to Proxmox Backup Server * fix #3146: backup: add email notifications -- Proxmox Support Team Fri, 05 Mar 2021 22:48:07 +0100 pmg-api (6.3-5) pmg; urgency=medium * utils: ignore leading whitespace in SpamAssassin rule description * api: termproxy: adapt to newer Proxmox VE and Proxmox Backup Server 'cmd' interface, to stay compatible -- Proxmox Support Team Wed, 25 Nov 2020 10:21:49 +0100 pmg-api (6.3-4) pmg; urgency=medium * integrate Proxmox Backup Server for automatic configuration backups * fix #3098: DKIM: sort domains by length first * backup: add Spam Assassin custom score file to backup * reinject email: fix connecting for ipv6-only hosts * fix #3141: do not split on ', ' for returning the from header * allow to enable a user self-service login for the user spam quarantine as opt-in config option -- Proxmox Support Team Wed, 18 Nov 2020 19:52:58 +0100 pmg-api (6.2-6) pmg; urgency=medium * fix #2785: prefix message-id in attachment-quarantine * add logging to disclaimer action -- Proxmox Support Team Wed, 23 Sep 2020 09:03:45 +0200 pmg-api (6.2-5) pmg; urgency=medium * fix #1976: optionally sort postfix queue result * allow to remove subscription * make regex test-match case-insensitive, like the real tests -- Proxmox Support Team Thu, 04 Jun 2020 16:48:26 +0200 pmg-api (6.2-4) pmg; urgency=medium * Mail Tracker: handle before queue status -- Proxmox Support Team Thu, 14 May 2020 17:51:25 +0200 pmg-api (6.2-3) pmg; urgency=medium * enable policy checking also if only IPv6 greylisting is enabled * improve ordering of system services * add logrotate config to monthly-rotate pmgproxy.log * api tracker: always check that specified 'endtime' is newer than 'starttime' * improve pmg-system-report with more relevant information -- Proxmox Support Team Fri, 24 Apr 2020 19:31:15 +0200 pmg-api (6.1-9) pmg; urgency=medium * add new 'Match Archive Filename' What Object * use postgres inet functions for greylist matching * pmgpolicy: add IPv6 support for greylisting * greylist: make netmasks configurable -- Proxmox Support Team Mon, 20 Apr 2020 17:37:09 +0200 pmg-api (6.1-8) pmg; urgency=medium * pmgqm: warn and exit if running on slave node * pmgspamreport: purge before sending reports * fix rendering of ipv(4|6) literal lmtp transports * fix #1948: allow setting TLS policy for transports * add TLS options for lmtp to main.cf template * fix #2661: reintroduce LDAPCache->ldap_connect * skip writing default ports in spamreports * use ucf to handle template overrides * freshclam.conf.in: make ScriptedUpdates a variable * freshclam.conf.in: remove ReceiveTimeout option -- Proxmox Support Team Tue, 14 Apr 2020 10:10:59 +0200 pmg-api (6.1-7) pmg; urgency=medium * fix #2622: include all spam levels from the ">= 10 score" bucket in total spam statistic * fix #2525: encode notifications in UTF-8 * check if img tag has actually a 'src' attribute to avoid warnings * pmgsh: fix 'help' command * api/quarantine: add new white/blacklist deletion API endpoints to allow one to avoid passing addresses in the API path. -- Proxmox Support Team Mon, 09 Mar 2020 18:21:55 +0100 pmg-api (6.1-6) pmg; urgency=medium * track clamav and postgres package version in versions api call * add queue id to pmg-smtp-filter replies for tracking in pmg-log-tracker * code cleanup -- Proxmox Support Team Fri, 28 Feb 2020 11:30:17 +0100 pmg-api (6.1-5) pmg; urgency=medium * fix postfix template for before-queue filtering * api2: Network: add vlan-raw-device and vlan-id options * ensure compatibility with libpve-http-server-perl -- Proxmox Support Team Wed, 29 Jan 2020 21:33:55 +0100 pmg-api (6.1-4) pmg; urgency=medium * fix #2438: add support for lmtp delivery to downstream servers * api2: network: add bond-primary and MTU option * fix #2504: do not overwrite existing DKIM selector key * dkim: add selector list api endpoint * fix disclaimer encoding for html entities * fix #1653: parse ipv6 xforward correctly -- Proxmox Support Team Thu, 23 Jan 2020 13:20:15 +0100 pmg-api (6.1-3) pmg; urgency=medium * improve browser-cache behavior for updates -- Proxmox Support Team Thu, 28 Nov 2019 11:35:53 +0100 pmg-api (6.1-2) pmg; urgency=medium * don not add DKIM signature if the DKIMSign module fails to determine the domain for signing -- Proxmox Support Team Fri, 22 Nov 2019 12:38:48 +0100 pmg-api (6.1-1) pmg; urgency=medium * create pmg-scores.cf unconditionally * bump version for Proxmox Mailgateway 6.1 -- Proxmox Support Team Tue, 19 Nov 2019 11:46:11 +0100 pmg-api (6.0-10) pmg; urgency=medium * add support for sending NDRs on Block * add support for before queue filtering * implement force_restart for cluster sync * add SACustom Package and API Calls for custom SpamAssassin scores * sync custom spamassassin scores to the cluster slaves -- Proxmox Support Team Fri, 15 Nov 2019 13:09:57 +0100 pmg-api (6.0-9) pmg; urgency=medium * DKIM-sign outbound mail if configured * add DKIM related API endpoints * fix #2371: reload pmg-smtp-filter on config change * add /etc/pmg/dkim to cluster-sync * Quarantine API: extend download call to download whole mails -- Proxmox Support Team Wed, 30 Oct 2019 18:31:14 +0100 pmg-api (6.0-8) pmg; urgency=medium * add attachment quarantine with API integration * fix API result verification for invalid mails -- Proxmox Support Team Tue, 22 Oct 2019 07:37:00 +0200 pmg-api (6.0-6) pmg; urgency=medium * fix #2224: override reference to openspf.org * fix #2360: cluster: reload pmg-smtp-filter on rulechange -- Proxmox Support Team Mon, 09 Sep 2019 08:05:52 +0200 pmg-api (6.0-5) pmg; urgency=medium * fix mimetypes API -- Proxmox Support Team Wed, 28 Aug 2019 14:31:38 +0200 pmg-api (6.0-4) pmg; urgency=medium * fix #2324 - improve docs on encrypted archives -- Proxmox Support Team Fri, 23 Aug 2019 10:50:42 +0200 pmg-api (6.0-3) pmg; urgency=medium * use hmac_sha_256 alogrithm for improved CSRF token security * pmgproxy: add link to extjs for pmg-docs' api-viewer -- Proxmox Support Team Sat, 17 Aug 2019 13:04:52 +0200 pmg-api (6.0-2) pmg; urgency=medium * adapt journalctl invocation to changed behavior with new systemd version of Debian Buster and make journal parsing more robust -- Proxmox Support Team Tue, 13 Aug 2019 15:48:59 +0200 pmg-api (6.0-1+2) pmg; urgency=medium * update PMG sources.list to buster * replace deprecated /var/run with /run * improve restart on upgrade behaviour * Who: Domain: improve speed * What: Spam: add uri hits to rule description * adapt postgresql.conf template to include current postgres version * adapt clamav.conf.in to new upstream version -- Proxmox Support Team Fri, 9 Aug 2019 08:58:05 +0200 pmg-api (6.0-1+1) pmg; urgency=medium * improve packaging compatibillity with postgres 11 slightly -- Proxmox Support Team Wed, 24 Jul 2019 21:11:24 +0200 pmg-api (6.0-1) pmg; urgency=medium * bump for Proxmox Mailgateway 6 based on Debian Buster -- Proxmox Support Team Wed, 24 Jul 2019 20:48:06 +0200 pmg-api (5.2-6) unstable; urgency=medium * fix #2276: restore line format for pmg-log-tracker -- Proxmox Support Team Fri, 12 Jul 2019 17:04:59 +0200 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog pmg-api`.