mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Introduce ENABLE_DNSBL env (#2342)
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
This commit is contained in:
parent
f68878a2c2
commit
9d5a9a16a0
|
@ -62,6 +62,16 @@ Amavis content filter (used for ClamAV & SpamAssassin)
|
|||
- 1/2 => Show default informational output
|
||||
- 3/4/5 => log debug information (very verbose)
|
||||
|
||||
##### ENABLE_DNSBL
|
||||
|
||||
This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix
|
||||
and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen.
|
||||
|
||||
Note: Emails will be rejected, if they don't pass the block list checks!
|
||||
|
||||
- **0** => DNS block lists are disabled
|
||||
- 1 => DNS block lists are enabled
|
||||
|
||||
##### ENABLE_CLAMAV
|
||||
|
||||
- **0** => Clamav is disabled
|
||||
|
@ -483,6 +493,7 @@ The following variables overwrite the default values for ```/etc/dovecot/dovecot
|
|||
- => Bind dn for LDAP connection. (e.g. `cn=admin,dc=domain,dc=com`)
|
||||
|
||||
##### DOVECOT_DNPASS
|
||||
|
||||
- **empty** => same as `LDAP_BIND_PW`
|
||||
- => Password for LDAP dn sepecifified in `DOVECOT_DN`.
|
||||
|
||||
|
|
|
@ -92,6 +92,13 @@ ENABLE_AMAVIS=1
|
|||
# 3/4/5 => log debug information (very verbose)
|
||||
AMAVIS_LOGLEVEL=0
|
||||
|
||||
# This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix
|
||||
# and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen.
|
||||
# Note: Emails will be rejected, if they don't pass the block list checks!
|
||||
# **0** => DNS block lists are disabled
|
||||
# 1 => DNS block lists are enabled
|
||||
ENABLE_DNSBL=0
|
||||
|
||||
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
|
||||
# cap_add:
|
||||
# - NET_ADMIN
|
||||
|
|
|
@ -23,6 +23,7 @@ VARS[DOVECOT_MAILBOX_FORMAT]="${DOVECOT_MAILBOX_FORMAT:=maildir}"
|
|||
VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}"
|
||||
VARS[ENABLE_AMAVIS]="${ENABLE_AMAVIS:=1}"
|
||||
VARS[ENABLE_CLAMAV]="${ENABLE_CLAMAV:=0}"
|
||||
VARS[ENABLE_DNSBL]="${ENABLE_DNSBL:=0}"
|
||||
VARS[ENABLE_FAIL2BAN]="${ENABLE_FAIL2BAN:=0}"
|
||||
VARS[ENABLE_FETCHMAIL]="${ENABLE_FETCHMAIL:=0}"
|
||||
VARS[ENABLE_LDAP]="${ENABLE_LDAP:=0}"
|
||||
|
@ -109,6 +110,7 @@ function register_functions
|
|||
[[ ${ENABLE_SASLAUTHD} -eq 1 ]] && _register_setup_function '_setup_saslauthd'
|
||||
[[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_inet_protocols'
|
||||
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
|
||||
[[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable'
|
||||
|
||||
_register_setup_function '_setup_dkim'
|
||||
_register_setup_function '_setup_ssl'
|
||||
|
|
|
@ -1512,3 +1512,13 @@ function _setup_fail2ban
|
|||
echo -e "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-common.local
|
||||
fi
|
||||
}
|
||||
|
||||
function _setup_dnsbl_disable
|
||||
{
|
||||
_notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)'
|
||||
sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf
|
||||
|
||||
_notify 'task' 'Disabling postscreen DNS block lists'
|
||||
postconf -e "postscreen_dnsbl_action = ignore"
|
||||
postconf -e "postscreen_dnsbl_sites = "
|
||||
}
|
||||
|
|
61
test/mail_dnsbl.bats
Normal file
61
test/mail_dnsbl.bats
Normal file
|
@ -0,0 +1,61 @@
|
|||
load 'test_helper/common'
|
||||
|
||||
CONTAINER="mail_dnsbl_enabled"
|
||||
CONTAINER2="mail_dnsbl_disabled"
|
||||
|
||||
function setup_file() {
|
||||
local PRIVATE_CONFIG
|
||||
PRIVATE_CONFIG="$(duplicate_config_for_container . "${CONTAINER}")"
|
||||
|
||||
docker run --rm -d --name "${CONTAINER}" \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-e ENABLE_DNSBL=1 \
|
||||
-h mail.my-domain.com \
|
||||
-t "${NAME}"
|
||||
|
||||
docker run --rm -d --name "${CONTAINER2}" \
|
||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||
-e ENABLE_DNSBL=0 \
|
||||
-h mail.my-domain.com \
|
||||
-t "${NAME}"
|
||||
|
||||
wait_for_smtp_port_in_container "${CONTAINER}"
|
||||
wait_for_smtp_port_in_container "${CONTAINER2}"
|
||||
}
|
||||
|
||||
# ENABLE_DNSBL=1
|
||||
@test "checking enabled postfix DNS block list zen.spamhaus.org" {
|
||||
run docker exec "${CONTAINER}" postconf smtpd_recipient_restrictions
|
||||
assert_output --partial 'reject_rbl_client zen.spamhaus.org'
|
||||
}
|
||||
|
||||
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_action" {
|
||||
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_action
|
||||
assert_output 'postscreen_dnsbl_action = enforce'
|
||||
}
|
||||
|
||||
@test "checking enabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
|
||||
run docker exec "${CONTAINER}" postconf postscreen_dnsbl_sites
|
||||
assert_output 'postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4'
|
||||
}
|
||||
|
||||
# ENABLE_DNSBL=0
|
||||
@test "checking disabled postfix DNS block list zen.spamhaus.org" {
|
||||
run docker exec "${CONTAINER2}" postconf smtpd_recipient_restrictions
|
||||
refute_output --partial 'reject_rbl_client zen.spamhaus.org'
|
||||
}
|
||||
|
||||
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_action" {
|
||||
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_action
|
||||
assert_output 'postscreen_dnsbl_action = ignore'
|
||||
}
|
||||
|
||||
@test "checking disabled postscreen DNS block lists --> postscreen_dnsbl_sites" {
|
||||
run docker exec "${CONTAINER2}" postconf postscreen_dnsbl_sites
|
||||
assert_output 'postscreen_dnsbl_sites ='
|
||||
}
|
||||
|
||||
# cleanup
|
||||
function teardown_file() {
|
||||
docker rm -f "${CONTAINER}" "${CONTAINER2}"
|
||||
}
|
|
@ -19,6 +19,7 @@ function setup_file() {
|
|||
-e POSTGREY_MAX_AGE=35 \
|
||||
-e POSTGREY_AUTO_WHITELIST_CLIENTS=5 \
|
||||
-e POSTGREY_TEXT="Delayed by Postgrey" \
|
||||
-e ENABLE_DNSBL=1 \
|
||||
-e DMS_DEBUG=0 \
|
||||
-h mail.my-domain.com -t "${NAME}"
|
||||
# using postfix availability as start indicator, this might be insufficient for postgrey
|
||||
|
|
Loading…
Reference in a new issue