mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Introduce ENABLE_DNSBL env (#2342)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
This commit is contained in:
parent
f68878a2c2
commit
9d5a9a16a0
|
@ -62,6 +62,16 @@ Amavis content filter (used for ClamAV & SpamAssassin)
|
||||||
- 1/2 => Show default informational output
|
- 1/2 => Show default informational output
|
||||||
- 3/4/5 => log debug information (very verbose)
|
- 3/4/5 => log debug information (very verbose)
|
||||||
|
|
||||||
|
##### ENABLE_DNSBL
|
||||||
|
|
||||||
|
This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix
|
||||||
|
and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen.
|
||||||
|
|
||||||
|
Note: Emails will be rejected, if they don't pass the block list checks!
|
||||||
|
|
||||||
|
- **0** => DNS block lists are disabled
|
||||||
|
- 1 => DNS block lists are enabled
|
||||||
|
|
||||||
##### ENABLE_CLAMAV
|
##### ENABLE_CLAMAV
|
||||||
|
|
||||||
- **0** => Clamav is disabled
|
- **0** => Clamav is disabled
|
||||||
|
@ -352,7 +362,7 @@ Note: this SpamAssassin setting needs `ENABLE_SPAMASSASSIN=1`
|
||||||
!!! note "This SpamAssassin setting needs `ENABLE_SPAMASSASSIN=1`"
|
!!! note "This SpamAssassin setting needs `ENABLE_SPAMASSASSIN=1`"
|
||||||
|
|
||||||
By default, `docker-mailserver` is configured to quarantine spam emails.
|
By default, `docker-mailserver` is configured to quarantine spam emails.
|
||||||
|
|
||||||
If emails are quarantined, they are compressed and stored in a location dependent on the `ONE_DIR` setting above. To inhibit this behaviour and deliver spam emails, set this to a very high value e.g. `100.0`.
|
If emails are quarantined, they are compressed and stored in a location dependent on the `ONE_DIR` setting above. To inhibit this behaviour and deliver spam emails, set this to a very high value e.g. `100.0`.
|
||||||
|
|
||||||
If `ONE_DIR=1` (default) the location is `/var/mail-state/lib-amavis/virusmails/`, or if `ONE_DIR=0`: `/var/lib/amavis/virusmails/`. These paths are inside the docker container.
|
If `ONE_DIR=1` (default) the location is `/var/mail-state/lib-amavis/virusmails/`, or if `ONE_DIR=0`: `/var/lib/amavis/virusmails/`. These paths are inside the docker container.
|
||||||
|
@ -483,6 +493,7 @@ The following variables overwrite the default values for ```/etc/dovecot/dovecot
|
||||||
- => Bind dn for LDAP connection. (e.g. `cn=admin,dc=domain,dc=com`)
|
- => Bind dn for LDAP connection. (e.g. `cn=admin,dc=domain,dc=com`)
|
||||||
|
|
||||||
##### DOVECOT_DNPASS
|
##### DOVECOT_DNPASS
|
||||||
|
|
||||||
- **empty** => same as `LDAP_BIND_PW`
|
- **empty** => same as `LDAP_BIND_PW`
|
||||||
- => Password for LDAP dn sepecifified in `DOVECOT_DN`.
|
- => Password for LDAP dn sepecifified in `DOVECOT_DN`.
|
||||||
|
|
||||||
|
|
|
@ -92,6 +92,13 @@ ENABLE_AMAVIS=1
|
||||||
# 3/4/5 => log debug information (very verbose)
|
# 3/4/5 => log debug information (very verbose)
|
||||||
AMAVIS_LOGLEVEL=0
|
AMAVIS_LOGLEVEL=0
|
||||||
|
|
||||||
|
# This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix
|
||||||
|
# and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen.
|
||||||
|
# Note: Emails will be rejected, if they don't pass the block list checks!
|
||||||
|
# **0** => DNS block lists are disabled
|
||||||
|
# 1 => DNS block lists are enabled
|
||||||
|
ENABLE_DNSBL=0
|
||||||
|
|
||||||
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
|
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
|
||||||
# cap_add:
|
# cap_add:
|
||||||
# - NET_ADMIN
|
# - NET_ADMIN
|
||||||
|
|
|
@ -23,6 +23,7 @@ VARS[DOVECOT_MAILBOX_FORMAT]="${DOVECOT_MAILBOX_FORMAT:=maildir}"
|
||||||
VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}"
|
VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}"
|
||||||
VARS[ENABLE_AMAVIS]="${ENABLE_AMAVIS:=1}"
|
VARS[ENABLE_AMAVIS]="${ENABLE_AMAVIS:=1}"
|
||||||
VARS[ENABLE_CLAMAV]="${ENABLE_CLAMAV:=0}"
|
VARS[ENABLE_CLAMAV]="${ENABLE_CLAMAV:=0}"
|
||||||
|
VARS[ENABLE_DNSBL]="${ENABLE_DNSBL:=0}"
|
||||||
VARS[ENABLE_FAIL2BAN]="${ENABLE_FAIL2BAN:=0}"
|
VARS[ENABLE_FAIL2BAN]="${ENABLE_FAIL2BAN:=0}"
|
||||||
VARS[ENABLE_FETCHMAIL]="${ENABLE_FETCHMAIL:=0}"
|
VARS[ENABLE_FETCHMAIL]="${ENABLE_FETCHMAIL:=0}"
|
||||||
VARS[ENABLE_LDAP]="${ENABLE_LDAP:=0}"
|
VARS[ENABLE_LDAP]="${ENABLE_LDAP:=0}"
|
||||||
|
@ -109,6 +110,7 @@ function register_functions
|
||||||
[[ ${ENABLE_SASLAUTHD} -eq 1 ]] && _register_setup_function '_setup_saslauthd'
|
[[ ${ENABLE_SASLAUTHD} -eq 1 ]] && _register_setup_function '_setup_saslauthd'
|
||||||
[[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_inet_protocols'
|
[[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_inet_protocols'
|
||||||
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
|
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
|
||||||
|
[[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable'
|
||||||
|
|
||||||
_register_setup_function '_setup_dkim'
|
_register_setup_function '_setup_dkim'
|
||||||
_register_setup_function '_setup_ssl'
|
_register_setup_function '_setup_ssl'
|
||||||
|
|
|
@ -1512,3 +1512,13 @@ function _setup_fail2ban
|
||||||
echo -e "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-common.local
|
echo -e "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-common.local
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _setup_dnsbl_disable
|
||||||
|
{
|
||||||
|
_notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)'
|
||||||
|
sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf
|
||||||
|
|
||||||
|
_notify 'task' 'Disabling postscreen DNS block lists'
|
||||||
|
postconf -e "postscreen_dnsbl_action = ignore"
|
||||||
|
postconf -e "postscreen_dnsbl_sites = "
|
||||||
|
}
|
||||||
|
|
61
test/mail_dnsbl.bats
Normal file
61
test/mail_dnsbl.bats
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
load 'test_helper/common'
|
||||||
|
|
||||||
|
CONTAINER="mail_dnsbl_enabled"
|
||||||
|
CONTAINER2="mail_dnsbl_disabled"
|
||||||
|
|
||||||
|
function setup_file() {
|
||||||
|
local PRIVATE_CONFIG
|
||||||
|
PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER}")"
|
||||||
|
|
||||||
|
docker run --rm -d --name "${CONTAINER}" \
|
||||||
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||||
|
-e ENABLE_DNSBL=1 \
|
||||||
|
-h mail.my-domain.com \
|
||||||
|
-t "${NAME}"
|
||||||
|
|
||||||
|
docker run --rm -d --name "${CONTAINER2}" \
|
||||||
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||||
|
-e ENABLE_DNSBL=0 \
|
||||||
|
-h mail.my-domain.com \
|
||||||
|
-t "${NAME}"
|
||||||
|
|
||||||
|
wait_for_smtp_port_in_container "${CONTAINER}"
|
||||||
|
wait_for_smtp_port_in_container "${CONTAINER2}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ENABLE_DNSBL=1
|
||||||
|
@test "checking enabled postfix DNS block list zen.spamhaus.org" {
|
||||||
|
run docker exec "${CONTAINER}" postconf smtpd_recipient_restrictions
|
||||||
|
assert_output --partial 'reject_rbl_client zen.spamhaus.org'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_action" {
|
||||||
|
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_action
|
||||||
|
assert_output 'postscreen_dnsbl_action = enforce'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
|
||||||
|
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_sites
|
||||||
|
assert_output 'postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4'
|
||||||
|
}
|
||||||
|
|
||||||
|
# ENABLE_DNSBL=0
|
||||||
|
@test "checking disabled postfix DNS block list zen.spamhaus.org" {
|
||||||
|
run docker exec "${CONTAINER2}" postconf smtpd_recipient_restrictions
|
||||||
|
refute_output --partial 'reject_rbl_client zen.spamhaus.org'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_action" {
|
||||||
|
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_action
|
||||||
|
assert_output 'postscreen_dnsbl_action = ignore'
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
|
||||||
|
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_sites
|
||||||
|
assert_output 'postscreen_dnsbl_sites ='
|
||||||
|
}
|
||||||
|
|
||||||
|
# cleanup
|
||||||
|
function teardown_file() {
|
||||||
|
docker rm -f "${CONTAINER}" "${CONTAINER2}"
|
||||||
|
}
|
|
@ -19,6 +19,7 @@ function setup_file() {
|
||||||
-e POSTGREY_MAX_AGE=35 \
|
-e POSTGREY_MAX_AGE=35 \
|
||||||
-e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \
|
-e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \
|
||||||
-e POSTGREY_TEXT="Delayed by Postgrey" \
|
-e POSTGREY_TEXT="Delayed by Postgrey" \
|
||||||
|
-e ENABLE_DNSBL=1 \
|
||||||
-e DMS_DEBUG=0 \
|
-e DMS_DEBUG=0 \
|
||||||
-h mail.my-domain.com -t "${NAME}"
|
-h mail.my-domain.com -t "${NAME}"
|
||||||
# using postfix availability as start indicator, this might be insufficient for postgrey
|
# using postfix availability as start indicator, this might be insufficient for postgrey
|
||||||
|
|
Loading…
Reference in a new issue