Reset Tickets used in Daily Spam Report

4920441

Member
Dec 7, 2021
16
1
8
54
Hi,

how can I reset the ticket used in the Daily Spam Report E-Mails?

Following Problem:

If you forward the Daily Spam Report to another person in mistake, the other person is able to edit your black and whitelist.

So, generating a new ticket pool should be the solution.

How do I achieve that?

Thanks a alot!

Cheers

4920441
 
Hi,

it seems impossible to do that.

The Ticket is generated somehow by taking the e-mail address, two timestamps and a comparison to the current (!) configured quarantine time.

So the following happens:

If you set the Quarantine Time to 60 Days, the ticket is "valid" for 60 days to get access to the users Quarantine, black- and whiteliste settings.
If you lower that to 1 day, the ticket is the same, but the calculated "valid" timestamp is invalid if it is older than 1 day.
So far so good.
But If you crank up the quarantine time again to a higher value (lets say 30 days) the ticket is valid again and the SAME ticket, which was invalid with the old quarantine settings is valid again..........

Thats not how you do it......

Is there a whislist for enhancements?

Cheers

4920441
 
it seems impossible to do that.
if you want to you can invalidate all current tickets by regenerating the auth-key -
Code:
rm /etc/pmg/pmg-authkey.key
rm /etc/pmg/pmg-authkey.pub
pmgconfig init

this will however invalidate all tickets

If you set the Quarantine Time to 60 Days, the ticket is "valid" for 60 days to get access to the users Quarantine, black- and whiteliste settings.
If you lower that to 1 day, the ticket is the same, but the calculated "valid" timestamp is invalid if it is older than 1 day.
So far so good.
But If you crank up the quarantine time again to a higher value (lets say 30 days) the ticket is valid again and the SAME ticket, which was invalid with the old quarantine settings is valid again..........
The issue here is that the ticket needs to remain valid for the quarantine lifetime.
Consider the following:
* userA@mydomain.example gets a mail in their quarantine and a report in the following night
* you extend the quarantine life-time to 60 days (from 7) - now userA@mydomain.example can not access the mail after the intial lifetime, despite the mails still being present (unless they get another report)

in other words the ticket validity being bound to the current quarantine lifetime makes it possible to access mails there as long as they are present

Alternatively you can enable LDAP authentication for the quarantine and not include a ticket in the reports as well - then your users will always have to authenticate (with the password from LDAP)

Is there a whislist for enhancements?
yes - https://bugzilla.proxmox.com


I hope this helps!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!