2023-02-19 11:36:43 +00:00
#!/bin/bash
2023-04-11 07:16:57 +00:00
# Function called during global setup to handle the complete setup of Rspamd.
2023-05-25 23:01:41 +00:00
function _setup_rspamd( ) {
2023-05-24 07:06:59 +00:00
if _env_var_expect_zero_or_one 'ENABLE_RSPAMD' && [ [ ${ ENABLE_RSPAMD } -eq 1 ] ] ; then
2023-02-27 19:21:45 +00:00
_log 'debug' 'Enabling and configuring Rspamd'
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
__rspamd__log 'trace' '---------- Setup started ----------'
2023-02-26 10:42:14 +00:00
2023-04-23 13:14:36 +00:00
__rspamd__run_early_setup_and_checks # must run first
2023-04-11 07:16:57 +00:00
__rspamd__setup_redis
__rspamd__setup_postfix
__rspamd__setup_clamav
__rspamd__setup_default_modules
__rspamd__setup_learning
__rspamd__setup_greylisting
2023-04-11 16:51:23 +00:00
__rspamd__setup_hfilter_group
2023-04-23 13:14:36 +00:00
__rspamd__handle_user_modules_adjustments # must run last
2023-03-18 15:32:48 +00:00
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
__rspamd__log 'trace' '---------- Setup finished ----------'
2023-02-27 19:21:45 +00:00
else
_log 'debug' 'Rspamd is disabled'
fi
2023-02-26 10:42:14 +00:00
}
2023-02-19 11:36:43 +00:00
# Just a helper to prepend the log messages with `(Rspamd setup)` so
# users know exactly where the message originated from.
#
# @param ${1} = log level
# @param ${2} = message
function __rspamd__log { _log " ${ 1 :- } " " (Rspamd setup) ${ 2 :- } " ; }
2023-04-11 07:16:57 +00:00
# Helper for explicitly enabling or disabling a specific module.
2023-02-19 11:36:43 +00:00
#
2023-04-11 07:16:57 +00:00
# @param ${1} = module name
# @param ${2} = `true` when you want to enable the module (default),
# `false` when you want to disable the module [OPTIONAL]
# @param ${3} = whether to use `local` (default) or `override` [OPTIONAL]
2023-05-25 23:01:41 +00:00
function __rspamd__helper__enable_disable_module( ) {
2023-04-11 07:16:57 +00:00
local MODULE = ${ 1 : ?Module name must be provided }
local ENABLE_MODULE = ${ 2 :- true }
local LOCAL_OR_OVERRIDE = ${ 3 :- local }
local MESSAGE = 'Enabling'
2023-02-19 11:36:43 +00:00
2023-05-24 07:06:59 +00:00
if [ [ ! ${ ENABLE_MODULE } = ~ ^( true| false ) $ ] ] ; then
2023-04-11 07:16:57 +00:00
__rspamd__log 'warn' "__rspamd__helper__enable_disable_module got non-boolean argument for deciding whether module should be enabled or not"
return 1
2023-02-19 11:36:43 +00:00
fi
2023-04-11 07:16:57 +00:00
[ [ ${ ENABLE_MODULE } = = true ] ] || MESSAGE = 'Disabling'
__rspamd__log 'trace' " ${ MESSAGE } module ' ${ MODULE } ' "
cat >" /etc/rspamd/ ${ LOCAL_OR_OVERRIDE } .d/ ${ MODULE } .conf " << EOF
# documentation: https://rspamd.com/doc/modules/${MODULE}.html
enabled = ${ ENABLE_MODULE } ;
EOF
}
# Run miscellaneous early setup tasks and checks, such as creating files needed at runtime
# or checking for other anti-spam/anti-virus software.
2023-05-25 23:01:41 +00:00
function __rspamd__run_early_setup_and_checks( ) {
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
# Note: Variables not marked with `local` are
# used in other functions as well.
RSPAMD_LOCAL_D = '/etc/rspamd/local.d'
RSPAMD_OVERRIDE_D = '/etc/rspamd/override.d'
RSPAMD_DMS_D = '/tmp/docker-mailserver/rspamd'
local RSPAMD_DMS_OVERRIDE_D = " ${ RSPAMD_DMS_D } /override.d/ "
2023-04-11 07:16:57 +00:00
mkdir -p /var/lib/rspamd/
: >/var/lib/rspamd/stats.ucl
2023-05-24 07:06:59 +00:00
if [ [ -d ${ RSPAMD_DMS_OVERRIDE_D } ] ] ; then
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
__rspamd__log 'debug' " Found directory ' ${ RSPAMD_DMS_OVERRIDE_D } ' - linking it to ' ${ RSPAMD_OVERRIDE_D } ' "
2023-05-24 07:06:59 +00:00
if rmdir " ${ RSPAMD_OVERRIDE_D } " 2>/dev/null; then
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
ln -s " ${ RSPAMD_DMS_OVERRIDE_D } " " ${ RSPAMD_OVERRIDE_D } "
else
2023-05-11 16:08:54 +00:00
__rspamd__log 'warn' " Could not remove ' ${ RSPAMD_OVERRIDE_D } ' (not empty? not a directory?; did you restart properly?) - not linking ' ${ RSPAMD_DMS_OVERRIDE_D } ' "
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
fi
fi
2023-05-24 07:06:59 +00:00
if [ [ ${ ENABLE_AMAVIS } -eq 1 ] ] || [ [ ${ ENABLE_SPAMASSASSIN } -eq 1 ] ] ; then
2023-04-11 07:16:57 +00:00
__rspamd__log 'warn' 'Running Amavis/SA & Rspamd at the same time is discouraged'
2023-02-19 11:36:43 +00:00
fi
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
2023-05-24 07:06:59 +00:00
if [ [ ${ ENABLE_OPENDKIM } -eq 1 ] ] ; then
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
__rspamd__log 'warn' 'Running OpenDKIM & Rspamd at the same time is discouraged - we recommend Rspamd for DKIM checks (enabled with Rspamd by default) & signing'
fi
2023-05-24 07:06:59 +00:00
if [ [ ${ ENABLE_OPENDMARC } -eq 1 ] ] ; then
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
__rspamd__log 'warn' 'Running OpenDMARC & Rspamd at the same time is discouraged - we recommend Rspamd for DMARC checks (enabled with Rspamd by default)'
fi
2023-05-24 07:06:59 +00:00
if [ [ ${ ENABLE_POLICYD_SPF } -eq 1 ] ] ; then
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
__rspamd__log 'warn' 'Running policyd-spf & Rspamd at the same time is discouraged - we recommend Rspamd for SPF checks (enabled with Rspamd by default)'
fi
2023-05-24 07:06:59 +00:00
if [ [ ${ ENABLE_POSTGREY } -eq 1 ] ] && [ [ ${ RSPAMD_GREYLISTING } -eq 1 ] ] ; then
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
__rspamd__log 'warn' 'Running Postgrey & Rspamd at the same time is discouraged - we recommend Rspamd for greylisting'
fi
2023-04-11 07:16:57 +00:00
}
2023-03-01 15:24:59 +00:00
2023-04-11 07:16:57 +00:00
# Sets up Redis. In case the user does not use a dedicated Redis instance, we
# supply a configuration for our local Redis instance which is started later.
2023-05-25 23:01:41 +00:00
function __rspamd__setup_redis( ) {
2023-05-24 07:06:59 +00:00
if _env_var_expect_zero_or_one 'ENABLE_RSPAMD_REDIS' && [ [ ${ ENABLE_RSPAMD_REDIS } -eq 1 ] ] ; then
2023-04-11 07:16:57 +00:00
__rspamd__log 'debug' 'Internal Redis is enabled, adding configuration'
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
cat >" ${ RSPAMD_LOCAL_D } /redis.conf " << "EOF"
2023-03-01 15:24:59 +00:00
# documentation: https://rspamd.com/doc/configuration/redis.html
servers = "127.0.0.1:6379" ;
expand_keys = true;
EOF
2023-03-04 09:45:43 +00:00
# Here we adjust the Redis default configuration that we supply to Redis
# when starting it. Note that `/var/lib/redis/` is linked to
# `/var/mail-state/redis/` (for persisting it) if `ONE_DIR=1`.
2023-04-11 07:16:57 +00:00
sedfile -i -E \
2023-03-04 09:45:43 +00:00
-e 's|^(bind).*|\1 127.0.0.1|g' \
-e 's|^(daemonize).*|\1 no|g' \
-e 's|^(port).*|\1 6379|g' \
-e 's|^(loglevel).*|\1 warning|g' \
-e 's|^(logfile).*|\1 ""|g' \
-e 's|^(dir).*|\1 /var/lib/redis|g' \
-e 's|^(dbfilename).*|\1 dms-dump.rdb|g' \
/etc/redis/redis.conf
2023-03-01 15:24:59 +00:00
else
__rspamd__log 'debug' 'Rspamd will not use internal Redis (which has been disabled)'
fi
2023-02-19 11:36:43 +00:00
}
2023-04-11 07:16:57 +00:00
# Adjust Postfix's configuration files. We only need to append Rspamd at the end of
# `smtpd_milters` in `/etc/postfix/main.cf`.
2023-05-25 23:01:41 +00:00
function __rspamd__setup_postfix( ) {
2023-04-11 07:16:57 +00:00
__rspamd__log 'debug' "Adjusting Postfix's configuration"
2023-02-26 10:42:14 +00:00
2023-04-11 07:16:57 +00:00
postconf 'rspamd_milter = inet:localhost:11332'
2023-02-19 11:36:43 +00:00
# shellcheck disable=SC2016
2023-02-26 10:42:14 +00:00
sed -i -E 's|^(smtpd_milters =.*)|\1 \$rspamd_milter|g' /etc/postfix/main.cf
2023-02-19 11:36:43 +00:00
}
2023-04-11 07:16:57 +00:00
# If ClamAV is enabled, we will integrate it into Rspamd.
2023-05-25 23:01:41 +00:00
function __rspamd__setup_clamav( ) {
2023-05-24 07:06:59 +00:00
if _env_var_expect_zero_or_one 'ENABLE_CLAMAV' && [ [ ${ ENABLE_CLAMAV } -eq 1 ] ] ; then
2023-04-11 07:16:57 +00:00
__rspamd__log 'debug' 'Enabling ClamAV integration'
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
sedfile -i -E 's|^(enabled).*|\1 = true;|g' " ${ RSPAMD_LOCAL_D } /antivirus.conf "
2023-04-11 07:16:57 +00:00
# Rspamd uses ClamAV's UNIX socket, and to be able to read it, it must be in the same group
usermod -a -G clamav _rspamd
2023-05-12 14:04:41 +00:00
2023-05-24 07:06:59 +00:00
if [ [ ${ CLAMAV_MESSAGE_SIZE_LIMIT } != '25M' ] ] ; then
2023-05-12 14:04:41 +00:00
local SIZE_IN_BYTES
SIZE_IN_BYTES = $( numfmt --from= si " ${ CLAMAV_MESSAGE_SIZE_LIMIT } " )
__rspamd__log 'trace' " Adjusting maximum size for ClamAV to ${ SIZE_IN_BYTES } bytes ( ${ CLAMAV_MESSAGE_SIZE_LIMIT } ) "
sedfile -i -E " s|(.*max_size =).*|\1 ${ SIZE_IN_BYTES } ;| " " ${ RSPAMD_LOCAL_D } /antivirus.conf "
fi
2023-04-11 07:16:57 +00:00
else
__rspamd__log 'debug' 'Rspamd will not use ClamAV (which has not been enabled)'
2023-02-19 11:36:43 +00:00
fi
}
# Disables certain modules by default. This can be overwritten by the user later.
# We disable the modules listed in `DISABLE_MODULES` as we believe these modules
# are not commonly used and the average user does not need them. As a consequence,
# disabling them saves resources.
2023-05-25 23:01:41 +00:00
function __rspamd__setup_default_modules( ) {
2023-04-11 07:16:57 +00:00
__rspamd__log 'debug' 'Disabling default modules'
2023-04-11 16:51:23 +00:00
# This array contains all the modules we disable by default. They
# can be re-enabled later (in `__rspamd__handle_user_modules_adjustments`)
# with `rspamd-modules.conf`.
2023-02-19 11:36:43 +00:00
local DISABLE_MODULES = (
clickhouse
elastic
neural
reputation
spamassassin
url_redirector
metric_exporter
)
for MODULE in " ${ DISABLE_MODULES [@] } "
do
2023-04-11 07:16:57 +00:00
__rspamd__helper__enable_disable_module " ${ MODULE } " 'false'
2023-02-19 11:36:43 +00:00
done
}
2023-04-11 07:16:57 +00:00
# This function sets up intelligent learning of Junk, by
#
# 1. enabling auto-learn for the classifier-bayes module
# 2. setting up sieve scripts that detect when a user is moving e-mail
# from or to the "Junk" folder, and learning them as ham or spam.
2023-05-25 23:01:41 +00:00
function __rspamd__setup_learning( ) {
2023-05-24 07:06:59 +00:00
if _env_var_expect_zero_or_one 'RSPAMD_LEARN' && [ [ ${ RSPAMD_LEARN } -eq 1 ] ] ; then
2023-04-11 07:16:57 +00:00
__rspamd__log 'debug' 'Setting up intelligent learning of spam and ham'
local SIEVE_PIPE_BIN_DIR = '/usr/lib/dovecot/sieve-pipe'
ln -s " $( type -f -P rspamc) " " ${ SIEVE_PIPE_BIN_DIR } /rspamc "
sedfile -i -E 's|(mail_plugins =.*)|\1 imap_sieve|' /etc/dovecot/conf.d/20-imap.conf
sedfile -i -E '/^}/d' /etc/dovecot/conf.d/90-sieve.conf
cat >>/etc/dovecot/conf.d/90-sieve.conf << EOF
2023-05-13 11:59:16 +00:00
# From anyhwere to Junk
2023-04-11 07:16:57 +00:00
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:${ SIEVE_PIPE_BIN_DIR } /learn-spam.sieve
2023-05-13 11:59:16 +00:00
# From Junk to Inbox
imapsieve_mailbox2_name = INBOX
2023-04-11 07:16:57 +00:00
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${ SIEVE_PIPE_BIN_DIR } /learn-ham.sieve
}
EOF
cat >" ${ SIEVE_PIPE_BIN_DIR } /learn-spam.sieve " << EOF
require [ "vnd.dovecot.pipe" , "copy" , "imapsieve" ] ;
pipe :copy "rspamc" [ "-h" , "127.0.0.1:11334" , "learn_spam" ] ;
EOF
cat >" ${ SIEVE_PIPE_BIN_DIR } /learn-ham.sieve " << EOF
require [ "vnd.dovecot.pipe" , "copy" , "imapsieve" ] ;
pipe :copy "rspamc" [ "-h" , "127.0.0.1:11334" , "learn_ham" ] ;
EOF
sievec " ${ SIEVE_PIPE_BIN_DIR } /learn-spam.sieve "
sievec " ${ SIEVE_PIPE_BIN_DIR } /learn-ham.sieve "
else
__rspamd__log 'debug' 'Intelligent learning of spam and ham is disabled'
fi
}
2023-04-11 16:51:23 +00:00
# Sets up greylisting with the greylisting module (see
# https://rspamd.com/doc/modules/greylisting.html).
2023-05-25 23:01:41 +00:00
function __rspamd__setup_greylisting( ) {
2023-05-24 07:06:59 +00:00
if _env_var_expect_zero_or_one 'RSPAMD_GREYLISTING' && [ [ ${ RSPAMD_GREYLISTING } -eq 1 ] ] ; then
2023-04-11 07:16:57 +00:00
__rspamd__log 'debug' 'Enabling greylisting'
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
sedfile -i -E "s|(enabled =).*|\1 true;|g" " ${ RSPAMD_LOCAL_D } /greylist.conf "
2023-04-11 07:16:57 +00:00
else
__rspamd__log 'debug' 'Greylisting is disabled'
fi
}
2023-04-11 16:51:23 +00:00
# This function handles setup of the Hfilter module (see
# https://www.rspamd.com/doc/modules/hfilter.html). This module is mainly
# used for hostname checks, and whether or not a reverse-DNS check
# succeeds.
2023-05-25 23:01:41 +00:00
function __rspamd__setup_hfilter_group( ) {
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
local MODULE_FILE = " ${ RSPAMD_LOCAL_D } /hfilter_group.conf "
2023-05-24 07:06:59 +00:00
if _env_var_expect_zero_or_one 'RSPAMD_HFILTER' && [ [ ${ RSPAMD_HFILTER } -eq 1 ] ] ; then
2023-04-11 16:51:23 +00:00
__rspamd__log 'debug' 'Hfilter (group) module is enabled'
# Check if we received a number first
2023-05-24 07:06:59 +00:00
if _env_var_expect_integer 'RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE' && [ [ ${ RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE } -ne 6 ] ] ; then
2023-04-11 16:51:23 +00:00
__rspamd__log 'trace' " Adjusting score for 'HFILTER_HOSTNAME_UNKNOWN' in Hfilter group module to ${ RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE } "
sed -i -E \
" s|(.*score =).*(# __TAG__HFILTER_HOSTNAME_UNKNOWN)|\1 ${ RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE } ; \2|g " \
" ${ MODULE_FILE } "
else
__rspamd__log 'trace' "Not adjusting score for 'HFILTER_HOSTNAME_UNKNOWN' in Hfilter group module"
fi
else
__rspamd__log 'debug' 'Disabling Hfilter (group) module'
rm -f " ${ MODULE_FILE } "
fi
}
2023-02-19 11:36:43 +00:00
# Parses `RSPAMD_CUSTOM_COMMANDS_FILE` and executed the directives given by the file.
# To get a detailed explanation of the commands and how the file works, visit
# https://docker-mailserver.github.io/docker-mailserver/edge/config/security/rspamd/#with-the-help-of-a-custom-file
2023-05-25 23:01:41 +00:00
function __rspamd__handle_user_modules_adjustments( ) {
2023-02-19 11:36:43 +00:00
# Adds an option with a corresponding value to a module, or, in case the option
# is already present, overwrites it.
#
2023-04-23 12:02:56 +00:00
# @param ${1} = file name in ${RSPAMD_OVERRIDE_D}/
2023-02-19 11:36:43 +00:00
# @param ${2} = module name as it should appear in the log
# @patam ${3} = option name in the module
# @param ${4} = value of the option
#
# ## Note
#
2023-04-11 07:16:57 +00:00
# While this function is currently bound to the scope of `__rspamd__handle_user_modules_adjustments`,
2023-02-19 11:36:43 +00:00
# it is written in a versatile way (taking 4 arguments instead of assuming `ARGUMENT2` / `ARGUMENT3`
# are set) so that it may be used elsewhere if needed.
2023-05-25 23:01:41 +00:00
function __add_or_replace( ) {
2023-02-19 11:36:43 +00:00
local MODULE_FILE = ${ 1 : ?Module file name must be provided }
local MODULE_LOG_NAME = ${ 2 : ?Module log name must be provided }
local OPTION = ${ 3 : ?Option name must be provided }
local VALUE = ${ 4 : ?Value belonging to an option must be provided }
# remove possible whitespace at the end (e.g., in case ${ARGUMENT3} is empty)
VALUE = ${ VALUE % }
scripts: Rspamd stabilization pt. 1 (#3261)
* added checks whether OpenDKIM/OpenDMARC/policyd-spf are enabled
* added functions to check if VAR is 0/0 or an int
and also added tests.
I also adjusted the test file to not run in a container, because there
is no need. This also decreases test time, which, in turn, increases
maintainers' happiness.
* added more checks to Rspamd setup
I added the helpers from the previous commit to the Rspamd setup to make
the whole setup more robust, and indicate to the user that an ENV
variable's value is incorrect.
While we did not issues for this in the past, I believe it to be
worthwhile for the future.
* added canonical directory for users to place files in
This dir is canonical with DMS's optional configuration dirs, as it
lives in well-known volume mounts. Hence, users will not need to adjust
`/etc/rspamd/override.d` manually anymore, or mount a volume to this
place.
The docs explain this now, but the DKIM page needs a slight update on
this too I guess. I will follow-up here.
* misc minor improvements
* use variables for common directories
2023-04-23 10:22:54 +00:00
local FILE = " ${ RSPAMD_OVERRIDE_D } / ${ MODULE_FILE } "
2023-02-19 11:36:43 +00:00
[ [ -f ${ FILE } ] ] || touch " ${ FILE } "
2023-05-24 07:06:59 +00:00
if grep -q -E " ${ OPTION } .*=.* " " ${ FILE } " ; then
2023-02-19 11:36:43 +00:00
__rspamd__log 'trace' " Overwriting option ' ${ OPTION } ' with value ' ${ VALUE } ' for ${ MODULE_LOG_NAME } "
sed -i -E " s|([[:space:]]* ${ OPTION } ).*|\1 = ${ VALUE } ;|g " " ${ FILE } "
else
__rspamd__log 'trace' " Setting option ' ${ OPTION } ' for ${ MODULE_LOG_NAME } to ' ${ VALUE } ' "
echo " ${ OPTION } = ${ VALUE } ; " >>" ${ FILE } "
fi
}
2023-04-23 12:02:56 +00:00
local RSPAMD_CUSTOM_COMMANDS_FILE = " ${ RSPAMD_DMS_D } /custom-commands.conf "
local RSPAMD_CUSTOM_COMMANDS_FILE_OLD = " ${ RSPAMD_DMS_D } -modules.conf "
# We check for usage of the previous location of the commands file.
# This can be removed after the release of v14.0.0.
2023-05-24 07:06:59 +00:00
if [ [ -f ${ RSPAMD_CUSTOM_COMMANDS_FILE_OLD } ] ] ; then
2023-04-23 12:02:56 +00:00
__rspamd__log 'warn' " Detected usage of old file location for modules adjustment (' ${ RSPAMD_CUSTOM_COMMANDS_FILE_OLD } ') - please use the new location (' ${ RSPAMD_CUSTOM_COMMANDS_FILE } ') "
__rspamd__log 'warn' "Using old file location now (deprecated) - this will prevent startup in v13.0.0"
RSPAMD_CUSTOM_COMMANDS_FILE = ${ RSPAMD_CUSTOM_COMMANDS_FILE_OLD }
fi
2023-05-24 07:06:59 +00:00
if [ [ -f " ${ RSPAMD_CUSTOM_COMMANDS_FILE } " ] ] ; then
2023-04-23 12:02:56 +00:00
__rspamd__log 'debug' " Found file ' ${ RSPAMD_CUSTOM_COMMANDS_FILE } ' - parsing and applying it "
2023-02-19 11:36:43 +00:00
while read -r COMMAND ARGUMENT1 ARGUMENT2 ARGUMENT3
do
case " ${ COMMAND } " in
( 'disable-module' )
2023-04-11 07:16:57 +00:00
__rspamd__helper__enable_disable_module " ${ ARGUMENT1 } " 'false' 'override'
2023-02-19 11:36:43 +00:00
; ;
( 'enable-module' )
2023-04-11 07:16:57 +00:00
__rspamd__helper__enable_disable_module " ${ ARGUMENT1 } " 'true' 'override'
2023-02-19 11:36:43 +00:00
; ;
( 'set-option-for-module' )
__add_or_replace " ${ ARGUMENT1 } .conf " " module ' ${ ARGUMENT1 } ' " " ${ ARGUMENT2 } " " ${ ARGUMENT3 } "
; ;
( 'set-option-for-controller' )
__add_or_replace 'worker-controller.inc' 'controller worker' " ${ ARGUMENT1 } " " ${ ARGUMENT2 } ${ ARGUMENT3 } "
; ;
( 'set-option-for-proxy' )
__add_or_replace 'worker-proxy.inc' 'proxy worker' " ${ ARGUMENT1 } " " ${ ARGUMENT2 } ${ ARGUMENT3 } "
; ;
( 'set-common-option' )
__add_or_replace 'options.inc' 'common options' " ${ ARGUMENT1 } " " ${ ARGUMENT2 } ${ ARGUMENT3 } "
; ;
( 'add-line' )
__rspamd__log 'trace' " Adding complete line to ' ${ ARGUMENT1 } ' "
2023-04-23 12:02:56 +00:00
echo " ${ ARGUMENT2 } ${ ARGUMENT3 + ${ ARGUMENT3 } } " >>" ${ RSPAMD_OVERRIDE_D } / ${ ARGUMENT1 } "
2023-02-19 11:36:43 +00:00
; ;
( *)
__rspamd__log 'warn' " Command ' ${ COMMAND } ' is invalid "
continue
; ;
esac
done < <( _get_valid_lines_from_file " ${ RSPAMD_CUSTOM_COMMANDS_FILE } " )
fi
}