mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
feature: provide initial Rspamd support (#2902)
This commit is contained in:
parent
a00cdcdee9
commit
26ac48f34a
|
@ -65,6 +65,12 @@ RUN <<EOF
|
||||||
chmod 755 -R /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global
|
chmod 755 -R /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
# -----------------------------------------------
|
||||||
|
# --- Rspamd ------------------------------------
|
||||||
|
# -----------------------------------------------
|
||||||
|
|
||||||
|
COPY target/rspamd/local.d/ /etc/rspamd/local.d/
|
||||||
|
|
||||||
# -----------------------------------------------
|
# -----------------------------------------------
|
||||||
# --- LDAP & SpamAssassin's Cron ----------------
|
# --- LDAP & SpamAssassin's Cron ----------------
|
||||||
# -----------------------------------------------
|
# -----------------------------------------------
|
||||||
|
|
|
@ -67,6 +67,25 @@ Note: you probably want to [set `POSTFIX_INET_PROTOCOLS=ipv4`](#postfix_inet_pro
|
||||||
|
|
||||||
Set the timezone. If this variable is unset, the container runtime will try to detect the time using `/etc/localtime`, which you can alternatively mount into the container. The value of this variable must follow the pattern `AREA/ZONE`, i.e. of you want to use Germany's time zone, use `Europe/Berlin`. You can lookup all available timezones [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List).
|
Set the timezone. If this variable is unset, the container runtime will try to detect the time using `/etc/localtime`, which you can alternatively mount into the container. The value of this variable must follow the pattern `AREA/ZONE`, i.e. of you want to use Germany's time zone, use `Europe/Berlin`. You can lookup all available timezones [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List).
|
||||||
|
|
||||||
|
##### ENABLE_RSPAMD
|
||||||
|
|
||||||
|
!!! warning "Current State"
|
||||||
|
|
||||||
|
Rspamd-support is under active development. Be aware that breaking changes can happen at any time. Moreover, you will _currently_ need to adjust Postfix's configuration _yourself_ if you want to use Rspamd; you may use [`user-patches.sh`][docs-userpatches].
|
||||||
|
|
||||||
|
You will need to add Rspamd to the `smtpd_milters` in Postfix's `main.cf`. This can easily be done with `sed`: `sed -i -E 's|^(smtpd_milters = .*)|\1,inet:localhost:11332|g' /etc/postfix/main.cf`. Moreover, have a look at the [integration of Rspamd into Postfx](https://rspamd.com/doc/integration.html). You will need to provide additional configuration files at the moment (to `/etc/rspamd/local.d/`) to make Rspamd run in milter-mode.
|
||||||
|
|
||||||
|
[docs-userpatches]: ./advanced/override-defaults/user-patches.md
|
||||||
|
|
||||||
|
!!! bug "Rspamd and DNS Block Lists"
|
||||||
|
|
||||||
|
When you use Rspamd, you might want to use the [RBL module](https://rspamd.com/doc/modules/rbl.html). If you do, make sure your DNS resolver is set up correctly (i.e. it should be a non-public recursive resolver). Otherwise, you [might not be able](https://www.spamhaus.org/faq/section/DNSBL%20Usage#365) to make use of the block lists.
|
||||||
|
|
||||||
|
Enable or disable Rspamd.
|
||||||
|
|
||||||
|
- **0** => disabled
|
||||||
|
- 1 => enabled
|
||||||
|
|
||||||
##### ENABLE_AMAVIS
|
##### ENABLE_AMAVIS
|
||||||
|
|
||||||
Amavis content filter (used for ClamAV & SpamAssassin)
|
Amavis content filter (used for ClamAV & SpamAssassin)
|
||||||
|
|
|
@ -103,6 +103,11 @@ ENABLE_SRS=0
|
||||||
ENABLE_POP3=
|
ENABLE_POP3=
|
||||||
ENABLE_CLAMAV=0
|
ENABLE_CLAMAV=0
|
||||||
|
|
||||||
|
# Enables Rspamd
|
||||||
|
# **0** => disabled
|
||||||
|
# 1 => enabled
|
||||||
|
ENABLE_RSPAMD=0
|
||||||
|
|
||||||
# Amavis content filter (used for ClamAV & SpamAssassin)
|
# Amavis content filter (used for ClamAV & SpamAssassin)
|
||||||
# 0 => Disabled
|
# 0 => Disabled
|
||||||
# 1 => Enabled
|
# 1 => Enabled
|
||||||
|
|
10
target/rspamd/local.d/disabled/antivirus.conf
Normal file
10
target/rspamd/local.d/disabled/antivirus.conf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# documentation: https://rspamd.com/doc/modules/antivirus.html
|
||||||
|
|
||||||
|
ClamAV {
|
||||||
|
action = "reject";
|
||||||
|
scan_mime_parts = true;
|
||||||
|
message = '${SCANNER}: virus found: "${VIRUS}"';
|
||||||
|
type = "clamav";
|
||||||
|
log_clean = false;
|
||||||
|
servers = "127.0.0.1:3310";
|
||||||
|
}
|
6
target/rspamd/local.d/logging.inc
Normal file
6
target/rspamd/local.d/logging.inc
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
# documentation: https://rspamd.com/doc/configuration/logging.html
|
||||||
|
|
||||||
|
type = "console";
|
||||||
|
level = "notice";
|
||||||
|
color = true;
|
||||||
|
systemd = false;
|
1
target/rspamd/local.d/options.inc
Normal file
1
target/rspamd/local.d/options.inc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
pidfile = false;
|
4
target/rspamd/local.d/redis.conf
Normal file
4
target/rspamd/local.d/redis.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# documentation: https://rspamd.com/doc/configuration/redis.html
|
||||||
|
|
||||||
|
servers = "127.0.0.1:6379";
|
||||||
|
expand_keys = true;
|
|
@ -129,6 +129,21 @@ function _install_dovecot
|
||||||
apt-get "${QUIET}" --no-install-recommends install "${DOVECOT_PACKAGES[@]}"
|
apt-get "${QUIET}" --no-install-recommends install "${DOVECOT_PACKAGES[@]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _install_rspamd
|
||||||
|
{
|
||||||
|
_log 'trace' 'Adding Rspamd package signatures'
|
||||||
|
curl -sSfL https://rspamd.com/apt-stable/gpg.key | gpg --dearmor >/etc/apt/trusted.gpg.d/rspamd.gpg
|
||||||
|
|
||||||
|
echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/rspamd.gpg] http://rspamd.com/apt-stable/ bullseye main" \
|
||||||
|
>/etc/apt/sources.list.d/rspamd.list
|
||||||
|
echo "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/rspamd.gpg] http://rspamd.com/apt-stable/ bullseye main" \
|
||||||
|
>>/etc/apt/sources.list.d/rspamd.list
|
||||||
|
|
||||||
|
_log 'debug' 'Installing Rspamd'
|
||||||
|
apt-get "${QUIET}" update
|
||||||
|
apt-get "${QUIET}" --no-install-recommends install rspamd redis-server
|
||||||
|
}
|
||||||
|
|
||||||
function _install_fail2ban
|
function _install_fail2ban
|
||||||
{
|
{
|
||||||
local FAIL2BAN_DEB_URL='https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb'
|
local FAIL2BAN_DEB_URL='https://github.com/fail2ban/fail2ban/releases/download/1.0.2/fail2ban_1.0.2-1.upstream1_all.deb'
|
||||||
|
@ -180,5 +195,6 @@ _pre_installation_steps
|
||||||
_install_postfix
|
_install_postfix
|
||||||
_install_packages
|
_install_packages
|
||||||
_install_dovecot
|
_install_dovecot
|
||||||
|
_install_rspamd
|
||||||
_install_fail2ban
|
_install_fail2ban
|
||||||
_post_installation_steps
|
_post_installation_steps
|
||||||
|
|
|
@ -91,6 +91,7 @@ function _environment_variables_general_setup
|
||||||
VARS[ENABLE_POP3]="${ENABLE_POP3:=0}"
|
VARS[ENABLE_POP3]="${ENABLE_POP3:=0}"
|
||||||
VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
|
VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
|
||||||
VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
|
VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
|
||||||
|
VARS[ENABLE_RSPAMD]="${ENABLE_RSPAMD:=0}"
|
||||||
VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
|
VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
|
||||||
VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
|
VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
|
||||||
VARS[ENABLE_SPAMASSASSIN_KAM]="${ENABLE_SPAMASSASSIN_KAM:=0}"
|
VARS[ENABLE_SPAMASSASSIN_KAM]="${ENABLE_SPAMASSASSIN_KAM:=0}"
|
||||||
|
|
|
@ -101,6 +101,7 @@ function _register_functions
|
||||||
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
|
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
|
||||||
[[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable'
|
[[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable'
|
||||||
[[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]] && _register_setup_function '_setup_clamav_sizelimit'
|
[[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]] && _register_setup_function '_setup_clamav_sizelimit'
|
||||||
|
[[ ${ENABLE_RSPAMD} -eq 1 ]] && _register_setup_function '_setup_rspamd'
|
||||||
|
|
||||||
_register_setup_function '_setup_dkim'
|
_register_setup_function '_setup_dkim'
|
||||||
_register_setup_function '_setup_ssl'
|
_register_setup_function '_setup_ssl'
|
||||||
|
@ -165,6 +166,12 @@ function _register_functions
|
||||||
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
|
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
|
||||||
[[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
|
[[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
|
||||||
|
|
||||||
|
if [[ ${ENABLE_RSPAMD} -eq 1 ]]
|
||||||
|
then
|
||||||
|
_register_start_daemon '_start_daemon_rspamd'
|
||||||
|
_register_start_daemon '_start_daemon_redis'
|
||||||
|
fi
|
||||||
|
|
||||||
# needs to be started before SASLauthd
|
# needs to be started before SASLauthd
|
||||||
_register_start_daemon '_start_daemon_opendkim'
|
_register_start_daemon '_start_daemon_opendkim'
|
||||||
_register_start_daemon '_start_daemon_opendmarc'
|
_register_start_daemon '_start_daemon_opendmarc'
|
||||||
|
|
|
@ -35,6 +35,8 @@ function _start_daemon_postsrsd { _default_start_daemon 'postsrsd' ;
|
||||||
function _start_daemon_postfix { _default_start_daemon 'postfix' ; }
|
function _start_daemon_postfix { _default_start_daemon 'postfix' ; }
|
||||||
function _start_daemon_rsyslog { _default_start_daemon 'rsyslog' ; }
|
function _start_daemon_rsyslog { _default_start_daemon 'rsyslog' ; }
|
||||||
function _start_daemon_update_check { _default_start_daemon 'update-check' ; }
|
function _start_daemon_update_check { _default_start_daemon 'update-check' ; }
|
||||||
|
function _start_daemon_rspamd { _default_start_daemon 'rspamd' ; }
|
||||||
|
function _start_daemon_redis { _default_start_daemon 'redis' ; }
|
||||||
|
|
||||||
function _start_daemon_saslauthd
|
function _start_daemon_saslauthd
|
||||||
{
|
{
|
||||||
|
|
|
@ -33,6 +33,8 @@ function _misc_save_states
|
||||||
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && FILES+=('lib/fail2ban')
|
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && FILES+=('lib/fail2ban')
|
||||||
[[ ${ENABLE_FETCHMAIL} -eq 1 ]] && FILES+=('lib/fetchmail')
|
[[ ${ENABLE_FETCHMAIL} -eq 1 ]] && FILES+=('lib/fetchmail')
|
||||||
[[ ${ENABLE_POSTGREY} -eq 1 ]] && FILES+=('lib/postgrey')
|
[[ ${ENABLE_POSTGREY} -eq 1 ]] && FILES+=('lib/postgrey')
|
||||||
|
[[ ${ENABLE_RSPAMD} -ne 1 ]] && FILES+=('lib/rspamd')
|
||||||
|
# [[ ${ENABLE_RSPAMD} -ne 1 ]] && FILES+=('lib/redis')
|
||||||
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && FILES+=('lib/spamassassin')
|
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && FILES+=('lib/spamassassin')
|
||||||
[[ ${SMTP_ONLY} -ne 1 ]] && FILES+=('lib/dovecot')
|
[[ ${SMTP_ONLY} -ne 1 ]] && FILES+=('lib/dovecot')
|
||||||
|
|
||||||
|
|
|
@ -89,6 +89,27 @@ function _setup_amavis
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _setup_rspamd
|
||||||
|
{
|
||||||
|
_log 'warn' 'Rspamd support is under active development, expect breaking changes at any time'
|
||||||
|
|
||||||
|
if [[ ${ENABLE_AMAVIS} -eq 1 ]] || [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]
|
||||||
|
then
|
||||||
|
_shutdown 'You cannot run Amavis/SpamAssassin and Rspamd at the same time'
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ${ENABLE_CLAMAV} -eq 1 ]]
|
||||||
|
then
|
||||||
|
_log 'debug' 'Rspamd will use ClamAV'
|
||||||
|
mv /etc/rspamd/local.d/disabled/antivirus.conf /etc/rspamd/local.d/antivirus.conf
|
||||||
|
else
|
||||||
|
_log 'debug' 'Rspamd will not use ClamAV (which has not been enabled)'
|
||||||
|
fi
|
||||||
|
|
||||||
|
_log 'warn' 'Only running with default configuration'
|
||||||
|
_log 'warn' 'You will need to adjust the Postfix configuration yourself to use Rspamd as of now'
|
||||||
|
}
|
||||||
|
|
||||||
function _setup_dmarc_hostname
|
function _setup_dmarc_hostname
|
||||||
{
|
{
|
||||||
_log 'debug' 'Setting up DMARC'
|
_log 'debug' 'Setting up DMARC'
|
||||||
|
|
|
@ -96,6 +96,24 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
stderr_logfile=/var/log/supervisor/%(program_name)s.log
|
stderr_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
command=/usr/sbin/amavisd-new foreground
|
command=/usr/sbin/amavisd-new foreground
|
||||||
|
|
||||||
|
[program:rspamd]
|
||||||
|
startsecs=0
|
||||||
|
stopwaitsecs=55
|
||||||
|
autostart=false
|
||||||
|
autorestart=true
|
||||||
|
stdout_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
|
stderr_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
|
command=/usr/bin/rspamd --no-fork --user=rspamd --group=rspamd
|
||||||
|
|
||||||
|
[program:redis]
|
||||||
|
startsecs=0
|
||||||
|
stopwaitsecs=55
|
||||||
|
autostart=false
|
||||||
|
autorestart=true
|
||||||
|
stdout_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
|
stderr_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
|
command=redis-server --daemonize no --bind 127.0.0.1 --port 6379 --loglevel warning
|
||||||
|
|
||||||
[program:fetchmail]
|
[program:fetchmail]
|
||||||
startsecs=0
|
startsecs=0
|
||||||
stopwaitsecs=55
|
stopwaitsecs=55
|
||||||
|
|
Loading…
Reference in a new issue