Better configuration

2023-04-04 23:17:49 +02:00
parent 45870e20ef
commit 1423fe0e6e
11 changed files with 218 additions and 22 deletions
--- a/modoboa_installer/scripts/files/postfix/main.cf.tpl
+++ b/modoboa_installer/scripts/files/postfix/main.cf.tpl
@@ -124,6 +124,7 @@ strict_rfc821_envelopes = yes

 # Rspamd setup
 %{rspamd_enabled}smtpd_milters = inet:localhost:11332
+%{rspamd_enabled}non_smtpd_milters = inet:localhost:11332
 %{rspamd_enabled}milter_default_action = accept
 %{rspamd_enabled}milter_protocol = 6

@@ -160,14 +161,14 @@ smtpd_recipient_restrictions =
 %{rspamd_disabled}postscreen_dnsbl_threshold = 3
 %{rspamd_disabled}postscreen_dnsbl_action = enforce

-postscreen_greet_banner = Welcome, please wait... 
-postscreen_greet_action = enforce
+%{rspamd_disabled}postscreen_greet_banner = Welcome, please wait...
+%{rspamd_disabled}postscreen_greet_action = enforce

-postscreen_pipelining_enable = yes
-postscreen_pipelining_action = enforce
+%{rspamd_disabled}postscreen_pipelining_enable = yes
+%{rspamd_disabled}postscreen_pipelining_action = enforce

-postscreen_non_smtp_command_enable = yes
-postscreen_non_smtp_command_action = enforce
+%{rspamd_disabled}postscreen_non_smtp_command_enable = yes
+%{rspamd_disabled}postscreen_non_smtp_command_action = enforce

-postscreen_bare_newline_enable = yes
-postscreen_bare_newline_action = enforce
+%{rspamd_disabled}postscreen_bare_newline_enable = yes
+%{rspamd_disabled}postscreen_bare_newline_action = enforce
--- a/modoboa_installer/scripts/files/postfix/master.cf.tpl
+++ b/modoboa_installer/scripts/files/postfix/master.cf.tpl
@@ -9,7 +9,8 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
-smtp      inet  n       -       -       -       1       postscreen
+%{rspamd_disabled}smtp      inet  n       -       -       -       1       postscreen
+%{rspamd_enabled}smtp      inet  n       -       -       -       -       smtpd
 smtpd     pass  -       -       -       -       -       smtpd
 %{amavis_enabled}  -o smtpd_proxy_filter=inet:[127.0.0.1]:10024 
 %{amavis_enabled}  -o smtpd_proxy_options=speed_adjust
--- a/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
@@ -1,11 +1,14 @@
 clamav {
+  scan_mime_parts = true;
+  scan_text_mime = true;
+  scan_image_mime = true;
+
  symbol = "CLAM_VIRUS";
  type = "clamav";
-  servers = "127.0.0.1:3310";
+  servers = "/var/run/clamd.amavisd/clamd.sock";
+
  patterns {
    # symbol_name = "pattern";
-    JUST_EICAR = '^Eicar-Test-Signature$';
+    JUST_EICAR = "Test.EICAR";
  }
 }
-
-
--- a/modoboa_installer/scripts/files/rspamd/local.d/greylisting.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/greylisting.conf.tpl
@@ -1,2 +1,3 @@
+%{greylisting_disabled}enabled = false;
 servers = "127.0.0.1:6379";
 %{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"
--- a/modoboa_installer/scripts/files/rspamd/local.d/metrics.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/metrics.conf.tpl
@@ -0,0 +1,20 @@
+actions {
+    reject = 15; # normal value is 15, 150 so it will never be rejected
+    add_header = 6; # set to 0.1 for testing, 6 for normal operation.
+    rewrite_subject = 8; # Default: 8
+    greylist = 4; # Default: 4
+}
+
+group "antivirus" {
+  symbol "JUST_EICAR" {
+    weight = 10;
+    description = "Eicar test signature";
+  }
+  symbol "CLAM_VIRUS_FAIL" {
+    weight = 0;
+  }
+  symbol "CLAM_VIRUS" {
+    weight = 10;
+    description = "ClamAV found a Virus";
+  }
+}
--- a/modoboa_installer/scripts/files/rspamd/local.d/milter_headers.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/milter_headers.conf.tpl
@@ -0,0 +1,33 @@
+use = ["x-spam-status", "my-x-spam-score" ,"x-virus","authentication-results" ];
+extended_spam_headers = false;
+skip_local = false;
+skip_authenticated = false;
+
+# Write the score as a header
+custom {
+   my-x-spam-score = <<EOD
+     return function(task, common_meta)
+       local sc = common_meta['metric_score'] or task:get_metric_score()
+       -- return no error
+       return nil,
+       -- header(s) to add
+       {['X-Spam-Score'] = string.format('%.2f', sc[1])},
+       -- header(s) to remove
+       {['X-Spam-Score'] = 1},
+       -- metadata to store
+       {}
+   end
+EOD;
+}
+
+routines {
+  x-virus {
+    header = "X-Virus";
+    remove = 1;
+    symbols = ["CLAM_VIRUS", "JUST_EICAR"];
+  }
+}
+
+
+
+
--- a/modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc
+++ b/modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc
@@ -1 +0,0 @@
-enable_password = %controller_password