Merge pull request #1485 from youtous/feature-spam-to-junk

Feature: Spam to Junk folder
This commit is contained in:
Erik Wramner 2020-05-03 12:56:02 +02:00 committed by GitHub
commit a12cd9a26d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 202 additions and 15 deletions

View file

@ -125,6 +125,7 @@ RUN echo "0 */6 * * * clamav /usr/bin/freshclam --quiet" > /etc/cron.d/clamav-fr
# Configures Dovecot # Configures Dovecot
COPY target/dovecot/auth-passwdfile.inc target/dovecot/??-*.conf /etc/dovecot/conf.d/ COPY target/dovecot/auth-passwdfile.inc target/dovecot/??-*.conf /etc/dovecot/conf.d/
COPY target/dovecot/scripts/quota-warning.sh /usr/local/bin/quota-warning.sh COPY target/dovecot/scripts/quota-warning.sh /usr/local/bin/quota-warning.sh
COPY target/dovecot/sieve/* /usr/lib/dovecot/sieve-global/
WORKDIR /usr/share/dovecot WORKDIR /usr/share/dovecot
# hadolint ignore=SC2016,SC2086 # hadolint ignore=SC2016,SC2086
RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf && \ RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf && \

View file

@ -161,6 +161,7 @@ services:
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- ENABLE_SPAMASSASSIN=1 - ENABLE_SPAMASSASSIN=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_CLAMAV=1 - ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1 - ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1 - ENABLE_POSTGREY=1
@ -202,6 +203,7 @@ services:
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- ENABLE_SPAMASSASSIN=1 - ENABLE_SPAMASSASSIN=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_CLAMAV=1 - ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1 - ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1 - ENABLE_POSTGREY=1
@ -483,9 +485,26 @@ Finally the logrotate interval **may** affect the period for generated reports.
##### ENABLE_SPAMASSASSIN ##### ENABLE_SPAMASSASSIN
- **0** => Spamassassin is disabled - **0** => Spamassassin is disabled
- 1 => Spamassassin is enabled - 1 => Spamassassin is enabled
**/!\\ Spam delivery:** when Spamassassin is enabled, messages marked as spam WILL NOT BE DELIVERED.
Use `SPAMASSASSIN_SPAM_TO_INBOX=1` for receiving spam messages.
##### SPAMASSASSIN_SPAM_TO_INBOX
- **0** => Spam messages will be bounced (_rejected_) without any notification (_dangerous_).
- 1 => Spam messages will be delivered to the inbox and tagged as spam using `SA_SPAM_SUBJECT`.
##### MOVE_SPAM_TO_JUNK
- **1** => Spam messages will be delivered in the `Junk` folder.
- 0 => Spam messages will be delivered in the mailbox.
Note: this setting needs `SPAMASSASSIN_SPAM_TO_INBOX=1`
##### SA_TAG ##### SA_TAG
- **2.0** => add spam info headers if at, or above that level - **2.0** => add spam info headers if at, or above that level

View file

@ -177,9 +177,12 @@ POSTFIX_INET_PROTOCOLS=all
ENABLE_SPAMASSASSIN=0 ENABLE_SPAMASSASSIN=0
#If Enabled, SPAM goes to your inbox with added SPAM header, you can then move it to a specific SPAM folder with SIEVE rules # deliver spam messages in the inbox (eventually tagged using SA_SPAM_SUBJECT)
SPAMASSASSIN_SPAM_TO_INBOX=1 SPAMASSASSIN_SPAM_TO_INBOX=1
# spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required)
MOVE_SPAM_TO_JUNK=1
# add spam info headers if at, or above that level: # add spam info headers if at, or above that level:
SA_TAG=2.0 SA_TAG=2.0

View file

@ -4,6 +4,7 @@ use strict;
# Bounce spam, the default option for buster is D_PASS to deliver # Bounce spam, the default option for buster is D_PASS to deliver
$final_spam_destiny = D_BOUNCE; $final_spam_destiny = D_BOUNCE;
$final_bad_header_destiny = D_BOUNCE;
# Higher log level to get expected messages at startup # Higher log level to get expected messages at startup
$log_level = 2; $log_level = 2;

View file

@ -32,7 +32,7 @@ plugin {
# file names, using a normal 8bit per-character comparison. Multiple script # file names, using a normal 8bit per-character comparison. Multiple script
# file or directory paths can be specified by appending an increasing number. # file or directory paths can be specified by appending an increasing number.
#sieve_before = /usr/lib/dovecot/sieve-global/before.dovecot.sieve #sieve_before = /usr/lib/dovecot/sieve-global/before.dovecot.sieve
#sieve_before2 = #sieve_before2 = /usr/lib/dovecot/sieve-global/before.spam.sieve
#sieve_before3 = (etc...) #sieve_before3 = (etc...)
# Identical to sieve_before, only the specified scripts are executed after the # Identical to sieve_before, only the specified scripts are executed after the

View file

@ -0,0 +1,4 @@
require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}

View file

@ -39,7 +39,9 @@ DEFAULT_VARS["SRS_SENDER_CLASSES"]="${SRS_SENDER_CLASSES:="envelope_sender"}"
DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}" DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
DEFAULT_VARS["LOGROTATE_INTERVAL"]="${LOGROTATE_INTERVAL:=${REPORT_INTERVAL:-"daily"}}" DEFAULT_VARS["LOGROTATE_INTERVAL"]="${LOGROTATE_INTERVAL:=${REPORT_INTERVAL:-"daily"}}"
DEFAULT_VARS["LOGWATCH_INTERVAL"]="${LOGWATCH_INTERVAL:="none"}" DEFAULT_VARS["LOGWATCH_INTERVAL"]="${LOGWATCH_INTERVAL:="none"}"
DEFAULT_VARS["EXPLICITLY_DEFINED_SPAMASSASSIN_SPAM_TO_INBOX"]="$( [ -z "${SPAMASSASSIN_SPAM_TO_INBOX}" ] && echo "0" || echo "1" )" # used for backward compatibility
DEFAULT_VARS["SPAMASSASSIN_SPAM_TO_INBOX"]="${SPAMASSASSIN_SPAM_TO_INBOX:="0"}" DEFAULT_VARS["SPAMASSASSIN_SPAM_TO_INBOX"]="${SPAMASSASSIN_SPAM_TO_INBOX:="0"}"
DEFAULT_VARS["MOVE_SPAM_TO_JUNK"]="${MOVE_SPAM_TO_JUNK:="1"}"
DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}" DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
########################################################################## ##########################################################################
@ -627,6 +629,16 @@ function _setup_dovecot() {
else else
sed -i "s/ sieve_after =/ #sieve_after =/" /etc/dovecot/conf.d/90-sieve.conf sed -i "s/ sieve_after =/ #sieve_after =/" /etc/dovecot/conf.d/90-sieve.conf
fi fi
# sieve will move spams to .Junk folder when SPAMASSASSIN_SPAM_TO_INBOX=1 and MOVE_SPAM_TO_JUNK=1
if [ "$SPAMASSASSIN_SPAM_TO_INBOX" = 1 ] && [ "$MOVE_SPAM_TO_JUNK" = 1 ]; then
notify 'inf' "Spam messages will be moved to the Junk folder."
sed -i "s/#sieve_before2 =/sieve_before2 =/" /etc/dovecot/conf.d/90-sieve.conf
sievec /usr/lib/dovecot/sieve-global/before.spam.sieve
else
sed -i "s/ sieve_before2 =/ #sieve_before2 =/" /etc/dovecot/conf.d/90-sieve.conf
fi
chown docker:docker -R /usr/lib/dovecot/sieve* chown docker:docker -R /usr/lib/dovecot/sieve*
chmod 550 -R /usr/lib/dovecot/sieve* chmod 550 -R /usr/lib/dovecot/sieve*
chmod -f +x /usr/lib/dovecot/sieve-pipe/* chmod -f +x /usr/lib/dovecot/sieve-pipe/*
@ -1475,18 +1487,17 @@ function _setup_security_stack() {
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/ test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
if [ "$SPAMASSASSIN_SPAM_TO_INBOX" = "1" ]; then if [ "$SPAMASSASSIN_SPAM_TO_INBOX" = 1 ]; then
notify 'inf' "Configure Spamassassin/Amavis to put SPAM inbox" notify 'inf' "Configure Spamassassin/Amavis to put SPAM inbox"
bannedbouncecheck=`egrep "final_banned_destiny.*D_BOUNCE" /etc/amavis/conf.d/20-debian_defaults`
if [ -n "$bannedbouncecheck" ] ;
then
sed -i "/final_banned_destiny/ s|D_BOUNCE|D_REJECT|" /etc/amavis/conf.d/20-debian_defaults
fi
finalbouncecheck=`egrep "final_spam_destiny.*D_BOUNCE" /etc/amavis/conf.d/20-debian_defaults` sed -i "s/\$final_spam_destiny.*=.*$/\$final_spam_destiny = D_PASS;/g" /etc/amavis/conf.d/49-docker-mailserver
if [ -n "$finalbouncecheck" ] ; sed -i "s/\$final_bad_header_destiny.*=.*$/\$final_bad_header_destiny = D_PASS;/g" /etc/amavis/conf.d/49-docker-mailserver
then else
sed -i "/final_spam_destiny/ s|D_BOUNCE|D_PASS|" /etc/amavis/conf.d/20-debian_defaults sed -i "s/\$final_spam_destiny.*=.*$/\$final_spam_destiny = D_BOUNCE;/g" /etc/amavis/conf.d/49-docker-mailserver
sed -i "s/\$final_bad_header_destiny.*=.*$/\$final_bad_header_destiny = D_BOUNCE;/g" /etc/amavis/conf.d/49-docker-mailserver
if [ "${DEFAULT_VARS['EXPLICITLY_DEFINED_SPAMASSASSIN_SPAM_TO_INBOX']}" = 0 ]; then
notify 'warn' "Spam messages WILL NOT BE DELIVERED, you will NOT be notified of ANY message bounced. Please define SPAMASSASSIN_SPAM_TO_INBOX explicitly."
fi fi
fi fi

View file

@ -0,0 +1,71 @@
load 'test_helper/common'
# Test case
# ---------
# When SPAMASSASSIN_SPAM_TO_INBOX=0, spam messages must be bounced.
function setup() {
run_setup_file_if_necessary
}
function teardown() {
run_teardown_file_if_necessary
}
function setup_file() {
docker run -d --name mail_spam_bounced_defined \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_SPAMASSASSIN=1 \
-e SPAMASSASSIN_SPAM_TO_INBOX=0 \
-h mail.my-domain.com -t "${NAME}"
wait_for_finished_setup_in_container mail_spam_bounced_defined
docker run -d --name mail_spam_bounced_undefined \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_SPAMASSASSIN=1 \
-h mail.my-domain.com -t "${NAME}"
wait_for_finished_setup_in_container mail_spam_bounced_undefined
}
function teardown_file() {
docker rm -f mail_spam_bounced_defined
docker rm -f mail_spam_bounced_undefined
}
@test "first" {
skip 'this test must come first to reliably identify when to run setup_file'
}
@test "checking amavis: spam message is bounced" {
# this warning should only be raised when no explicit value for SPAMASSASSIN_SPAM_TO_INBOX is defined
run sh -c "docker logs mail_spam_bounced_defined | grep 'Spam messages WILL NOT BE DELIVERED'"
assert_failure
# send a spam message
run docker exec mail_spam_bounced_defined /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
run repeat_until_success_or_timeout 20 sh -c "docker logs mail_spam_bounced_defined | grep 'Blocked SPAM {NoBounceInbound,Quarantined}'"
assert_success
}
@test "checking amavis: spam message is bounced, undefined SPAMASSASSIN_SPAM_TO_INBOX raise a warning" {
run sh -c "docker logs mail_spam_bounced_undefined | grep 'Spam messages WILL NOT BE DELIVERED'"
assert_success
# send a spam message
run docker exec mail_spam_bounced_defined /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
run repeat_until_success_or_timeout 20 sh -c "docker logs mail_spam_bounced_defined | grep 'Blocked SPAM {NoBounceInbound,Quarantined}'"
assert_success
}
@test "last" {
skip 'this test is only there to reliably mark the end for the teardown_file'
}

View file

@ -0,0 +1,77 @@
load 'test_helper/common'
# Test case
# ---------
# When SPAMASSASSIN_SPAM_TO_INBOX=1, spam messages must be delivered and eventually (MOVE_SPAM_TO_JUNK=1) moved to the Junk folder.
function setup() {
run_setup_file_if_necessary
}
function teardown() {
run_teardown_file_if_necessary
}
function setup_file() {
docker run -d --name mail_spam_moved_junk \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_SPAMASSASSIN=1 \
-e SPAMASSASSIN_SPAM_TO_INBOX=1 \
-e MOVE_SPAM_TO_JUNK=1 \
-e SA_SPAM_SUBJECT="SPAM: " \
-h mail.my-domain.com -t "${NAME}"
wait_for_finished_setup_in_container mail_spam_moved_junk
docker run -d --name mail_spam_moved_new \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
-e ENABLE_SPAMASSASSIN=1 \
-e SPAMASSASSIN_SPAM_TO_INBOX=1 \
-e MOVE_SPAM_TO_JUNK=0 \
-e SA_SPAM_SUBJECT="SPAM: " \
-h mail.my-domain.com -t "${NAME}"
wait_for_finished_setup_in_container mail_spam_moved_new
}
function teardown_file() {
docker rm -f mail_spam_moved_new
docker rm -f mail_spam_moved_junk
}
@test "first" {
skip 'this test must come first to reliably identify when to run setup_file'
}
@test "checking amavis: spam message is delivered and moved to the Junk folder (MOVE_SPAM_TO_JUNK=1)" {
# send a spam message
run docker exec mail_spam_moved_junk /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
run repeat_until_success_or_timeout 20 sh -c "docker logs mail_spam_moved_junk | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
assert_success
# spam moved to Junk folder
run repeat_until_success_or_timeout 20 sh -c "docker exec mail_spam_moved_junk sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/.Junk/new/ -R'"
assert_success
}
@test "checking amavis: spam message is delivered to INBOX (MOVE_SPAM_TO_JUNK=0)" {
# send a spam message
run docker exec mail_spam_moved_new /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/amavis-spam.txt"
assert_success
run repeat_until_success_or_timeout 20 sh -c "docker logs mail_spam_moved_new | grep 'Passed SPAM {RelayedTaggedInbound,Quarantined}'"
assert_success
# spam moved to INBOX
run repeat_until_success_or_timeout 20 sh -c "docker exec mail_spam_moved_new sh -c 'grep \"Subject: SPAM: \" /var/mail/localhost.localdomain/user1/new/ -R'"
assert_success
}
@test "last" {
skip 'this test is only there to reliably mark the end for the teardown_file'
}