Better configuration

modoboa_installer/config_dict_template.py

@@ -283,8 +283,6 @@ ConfigDictTemplate = [
             {
                 "option": "dbpassword",
                 "default": make_password,
-                "customizable": True,
-                "question": "Please enter amavis db password"
             },
         ],
     },

modoboa_installer/scripts/files/postfix/main.cf.tpl

@@ -124,6 +124,7 @@ strict_rfc821_envelopes = yes
 
 # Rspamd setup
 %{rspamd_enabled}smtpd_milters = inet:localhost:11332
+%{rspamd_enabled}non_smtpd_milters = inet:localhost:11332
 %{rspamd_enabled}milter_default_action = accept
 %{rspamd_enabled}milter_protocol = 6
 
@@ -160,14 +161,14 @@ smtpd_recipient_restrictions =
 %{rspamd_disabled}postscreen_dnsbl_threshold = 3
 %{rspamd_disabled}postscreen_dnsbl_action = enforce
 
-postscreen_greet_banner = Welcome, please wait... 
-postscreen_greet_action = enforce
+%{rspamd_disabled}postscreen_greet_banner = Welcome, please wait...
+%{rspamd_disabled}postscreen_greet_action = enforce
 
-postscreen_pipelining_enable = yes
-postscreen_pipelining_action = enforce
+%{rspamd_disabled}postscreen_pipelining_enable = yes
+%{rspamd_disabled}postscreen_pipelining_action = enforce
 
-postscreen_non_smtp_command_enable = yes
-postscreen_non_smtp_command_action = enforce
+%{rspamd_disabled}postscreen_non_smtp_command_enable = yes
+%{rspamd_disabled}postscreen_non_smtp_command_action = enforce
 
-postscreen_bare_newline_enable = yes
-postscreen_bare_newline_action = enforce
+%{rspamd_disabled}postscreen_bare_newline_enable = yes
+%{rspamd_disabled}postscreen_bare_newline_action = enforce

modoboa_installer/scripts/files/postfix/master.cf.tpl

@@ -9,7 +9,8 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
-smtp      inet  n       -       -       -       1       postscreen
+%{rspamd_disabled}smtp      inet  n       -       -       -       1       postscreen
+%{rspamd_enabled}smtp      inet  n       -       -       -       -       smtpd
 smtpd     pass  -       -       -       -       -       smtpd
 %{amavis_enabled}  -o smtpd_proxy_filter=inet:[127.0.0.1]:10024 
 %{amavis_enabled}  -o smtpd_proxy_options=speed_adjust

modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl

@@ -1,11 +1,14 @@
 clamav {
+  scan_mime_parts = true;
+  scan_text_mime = true;
+  scan_image_mime = true;
+
   symbol = "CLAM_VIRUS";
   type = "clamav";
-  servers = "127.0.0.1:3310";
+  servers = "/var/run/clamd.amavisd/clamd.sock";
+
   patterns {
     # symbol_name = "pattern";
-    JUST_EICAR = '^Eicar-Test-Signature$';
+    JUST_EICAR = "Test.EICAR";
   }
 }
-
-

modoboa_installer/scripts/files/rspamd/local.d/greylist.conf.tpl

@@ -1,2 +1,3 @@
+%{greylisting_disabled}enabled = false;
 servers = "127.0.0.1:6379";
 %{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"

modoboa_installer/scripts/files/rspamd/local.d/metrics.conf.tpl

@@ -0,0 +1,20 @@
+actions {
+    reject = 15; # normal value is 15, 150 so it will never be rejected
+    add_header = 6; # set to 0.1 for testing, 6 for normal operation.
+    rewrite_subject = 8; # Default: 8
+    greylist = 4; # Default: 4
+}
+
+group "antivirus" {
+  symbol "JUST_EICAR" {
+    weight = 10;
+    description = "Eicar test signature";
+  }
+  symbol "CLAM_VIRUS_FAIL" {
+    weight = 0;
+  }
+  symbol "CLAM_VIRUS" {
+    weight = 10;
+    description = "ClamAV found a Virus";
+  }
+}

modoboa_installer/scripts/files/rspamd/local.d/milter_headers.conf.tpl

@@ -0,0 +1,33 @@
+use = ["x-spam-status", "my-x-spam-score" ,"x-virus","authentication-results" ];
+extended_spam_headers = false;
+skip_local = false;
+skip_authenticated = false;
+
+# Write the score as a header
+custom {
+   my-x-spam-score = <<EOD
+     return function(task, common_meta)
+       local sc = common_meta['metric_score'] or task:get_metric_score()
+       -- return no error
+       return nil,
+       -- header(s) to add
+       {['X-Spam-Score'] = string.format('%.2f', sc[1])},
+       -- header(s) to remove
+       {['X-Spam-Score'] = 1},
+       -- metadata to store
+       {}
+   end
+EOD;
+}
+
+routines {
+  x-virus {
+    header = "X-Virus";
+    remove = 1;
+    symbols = ["CLAM_VIRUS", "JUST_EICAR"];
+  }
+}
+
+
+
+

modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc

@@ -1 +0,0 @@
-enable_password = %controller_password

modoboa_installer/scripts/postfix.py

@@ -61,7 +61,7 @@ class Postfix(base.Installer):
                 "modoboa", "instance_path"),
             "opendkim_port": self.config.get(
                 "opendkim", "port"),
-            "rspamd_disabled": "" if not self.config.get(
+            "rspamd_disabled": "" if not self.config.getboolean(
                 "rspamd", "enabled") else "#"
         })
         return context

modoboa_installer/scripts/rspamd.py

@@ -24,7 +24,10 @@ class Rspamd(base.Installer):
                     "local.d/spf.conf",
                     "local.d/worker-controller.inc",
                     "local.d/worker-normal.inc",
-                    "local.d/worker-proxy.inc"]
+                    "local.d/worker-proxy.inc",
+                    "local.d/greylist.conf",
+                    "local.d/milter_headers.conf",
+                    "local.d/metrics.conf"]
 
     @property
     def config_dir(self):
@@ -51,11 +54,9 @@ class Rspamd(base.Installer):
     def get_config_files(self):
         """Return appropriate config files."""
         _config_files = self.config_files
-        if self.config.get("clamav", "enabled"):
+        if self.config.getboolean("clamav", "enabled"):
             _config_files.append("local.d/antivirus.conf")
-        if self.app_config["dnsbl"]:
-            _config_files.append("local.d/greylisting.conf")
-        if not self.app_config["dnsbl"]:
+        if self.app_config["dnsbl"].lower() == "true":
             _config_files.append("local.d/rbl.conf")
         return _config_files
 
@@ -71,8 +72,16 @@ class Rspamd(base.Installer):
             _context["controller_password"] = password
         else:
             _context["controller_password"] = controller_password
+        _context["greylisting_disabled"] = "" if not self.app_config["greylisting"] else "#"
+        if not self.app_config["greylisting"]:
+            _context["postwhite_enabled"] = "#"
         return _context
 
+    def post_run(self):
+        """Additional tasks."""
+        if self.config("clamav", "enabled"):
+            install("clamav", self.config, self.upgrade, self.archive_path)
+
     def custom_backup(self, path):
         """Backup custom configuration if any."""
         custom_config_dir = os.path.join(self.config_dir,