evgeny/modoboa-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Better configuration

Browse Source
This commit is contained in:
Spitap
2023-04-04 23:17:49 +02:00
committed by Antoine Nguyen
parent 45870e20ef
commit 1423fe0e6e
11 changed files with 218 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
installer.cfg Normal file
View File

@@ -0,0 +1,131 @@
[general]
hostname = mail.%(domain)s
[certificate]
generate = true
type = letsencrypt
[letsencrypt]
email = aa@aa.fr
[database]
engine = postgres
host = 127.0.0.1
install = true
[postgres]
user = postgres
password =
[mysql]
user = root
password = DPnHqZYHZ3gegiVT
charset = utf8
collation = utf8_general_ci
[fail2ban]
enabled = true
config_dir = /etc/fail2ban
max_retry = 20
ban_time = 3600
find_time = 30
[modoboa]
user = modoboa
home_dir = /srv/modoboa
venv_path = %(home_dir)s/env
instance_path = %(home_dir)s/instance
timezone = Europe/Paris
dbname = modoboa
dbuser = modoboa
dbpassword = Zj3PY6G2M8Hw6Gig
extensions = modoboa-rspamd modoboa-pdfcredentials modoboa-postfix-autoreply modoboa-sievefilters modoboa-webmail modoboa-contacts modoboa-radicale
devmode = false
[automx]
enabled = true
user = automx
config_dir = /etc
home_dir = /srv/automx
venv_path = %(home_dir)s/env
instance_path = %(home_dir)s/instance
[rspamd]
enabled = true
password = B7ugujmFa2LLwu93
dnsbl = true
dkim_keys_storage_dir = /var/lib/dkim
keys_path_map = /var/lib/dkim/keys.path.map
selectors_path_map = /var/lib/dkim/selectors.path.map
greylisting = true
[amavis]
enabled = false
user = amavis
max_servers = 2
dbname = amavis
dbuser = amavis
dbpassword = YSidxAfIqPC191Ir
[clamav]
enabled = true
user = clamav
[dovecot]
enabled = true
config_dir = /etc/dovecot
user = dovecot
home_dir = /srv/vmail
mailboxes_owner = vmail
extra_protocols =
postmaster_address = postmaster@%(domain)s
radicale_auth_socket_path = /var/run/dovecot/auth-radicale
[nginx]
enabled = true
config_dir = /etc/nginx
[razor]
enabled = true
config_dir = /etc/razor
[postfix]
enabled = true
config_dir = /etc/postfix
message_size_limit = 11534336
[postwhite]
enabled = true
config_dir = /etc
[spamassassin]
enabled = false
config_dir = /etc/mail/spamassassin
dbname = spamassassin
dbuser = spamassassin
dbpassword = s44EHekTTwOboebX
[uwsgi]
enabled = true
config_dir = /etc/uwsgi
nb_processes = 2
[radicale]
enabled = true
user = radicale
config_dir = /etc/radicale
home_dir = /srv/radicale
venv_path = %(home_dir)s/env
[opendkim]
enabled = false
user = opendkim
config_dir = /etc
port = 12345
keys_storage_dir = /var/lib/dkim
dbuser = opendkim
dbpassword = acTggtM3vZeVBYRn
[backup]
default_path = ./modoboa_backup/

2
modoboa_installer/config_dict_template.py
View File

@@ -283,8 +283,6 @@ ConfigDictTemplate = [
{ {
"option": "dbpassword", "option": "dbpassword",
"default": make_password, "default": make_password,
"customizable": True,
"question": "Please enter amavis db password"
}, },
], ],
}, },

17
modoboa_installer/scripts/files/postfix/main.cf.tpl
View File

@@ -124,6 +124,7 @@ strict_rfc821_envelopes = yes
# Rspamd setup # Rspamd setup
%{rspamd_enabled}smtpd_milters = inet:localhost:11332 %{rspamd_enabled}smtpd_milters = inet:localhost:11332
%{rspamd_enabled}non_smtpd_milters = inet:localhost:11332
%{rspamd_enabled}milter_default_action = accept %{rspamd_enabled}milter_default_action = accept
%{rspamd_enabled}milter_protocol = 6 %{rspamd_enabled}milter_protocol = 6
@@ -160,14 +161,14 @@ smtpd_recipient_restrictions =
%{rspamd_disabled}postscreen_dnsbl_threshold = 3 %{rspamd_disabled}postscreen_dnsbl_threshold = 3
%{rspamd_disabled}postscreen_dnsbl_action = enforce %{rspamd_disabled}postscreen_dnsbl_action = enforce
postscreen_greet_banner = Welcome, please wait... %{rspamd_disabled}postscreen_greet_banner = Welcome, please wait...
postscreen_greet_action = enforce %{rspamd_disabled}postscreen_greet_action = enforce
postscreen_pipelining_enable = yes %{rspamd_disabled}postscreen_pipelining_enable = yes
postscreen_pipelining_action = enforce %{rspamd_disabled}postscreen_pipelining_action = enforce
postscreen_non_smtp_command_enable = yes %{rspamd_disabled}postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_action = enforce %{rspamd_disabled}postscreen_non_smtp_command_action = enforce
postscreen_bare_newline_enable = yes %{rspamd_disabled}postscreen_bare_newline_enable = yes
postscreen_bare_newline_action = enforce %{rspamd_disabled}postscreen_bare_newline_action = enforce

3
modoboa_installer/scripts/files/postfix/master.cf.tpl
View File

@@ -9,7 +9,8 @@
# service type private unpriv chroot wakeup maxproc command + args # service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# ========================================================================== # ==========================================================================
smtp inet n - - - 1 postscreen %{rspamd_disabled}smtp inet n - - - 1 postscreen
%{rspamd_enabled}smtp inet n - - - - smtpd
smtpd pass - - - - - smtpd smtpd pass - - - - - smtpd
%{amavis_enabled} -o smtpd_proxy_filter=inet:[127.0.0.1]:10024 %{amavis_enabled} -o smtpd_proxy_filter=inet:[127.0.0.1]:10024
%{amavis_enabled} -o smtpd_proxy_options=speed_adjust %{amavis_enabled} -o smtpd_proxy_options=speed_adjust

11
modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
View File

@@ -1,11 +1,14 @@
clamav { clamav {
scan_mime_parts = true;
scan_text_mime = true;
scan_image_mime = true;
symbol = "CLAM_VIRUS"; symbol = "CLAM_VIRUS";
type = "clamav"; type = "clamav";
servers = "127.0.0.1:3310"; servers = "/var/run/clamd.amavisd/clamd.sock";
patterns { patterns {
# symbol_name = "pattern"; # symbol_name = "pattern";
JUST_EICAR = '^Eicar-Test-Signature$'; JUST_EICAR = "Test.EICAR";
} }
} }

1
modoboa_installer/scripts/files/rspamd/local.d/greylisting.conf.tpl → modoboa_installer/scripts/files/rspamd/local.d/greylist.conf.tpl
View File

@@ -1,2 +1,3 @@
%{greylisting_disabled}enabled = false;
servers = "127.0.0.1:6379"; servers = "127.0.0.1:6379";
%{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr" %{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"

20
modoboa_installer/scripts/files/rspamd/local.d/metrics.conf.tpl Normal file
View File

@@ -0,0 +1,20 @@
actions {
reject = 15; # normal value is 15, 150 so it will never be rejected
add_header = 6; # set to 0.1 for testing, 6 for normal operation.
rewrite_subject = 8; # Default: 8
greylist = 4; # Default: 4
}
group "antivirus" {
symbol "JUST_EICAR" {
weight = 10;
description = "Eicar test signature";
}
symbol "CLAM_VIRUS_FAIL" {
weight = 0;
}
symbol "CLAM_VIRUS" {
weight = 10;
description = "ClamAV found a Virus";
}
}

33
modoboa_installer/scripts/files/rspamd/local.d/milter_headers.conf.tpl Normal file
View File

@@ -0,0 +1,33 @@
use = ["x-spam-status", "my-x-spam-score" ,"x-virus","authentication-results" ];
extended_spam_headers = false;
skip_local = false;
skip_authenticated = false;
# Write the score as a header
custom {
my-x-spam-score = <<EOD
return function(task, common_meta)
local sc = common_meta['metric_score'] or task:get_metric_score()
-- return no error
return nil,
-- header(s) to add
{['X-Spam-Score'] = string.format('%.2f', sc[1])},
-- header(s) to remove
{['X-Spam-Score'] = 1},
-- metadata to store
{}
end
EOD;
}
routines {
x-virus {
header = "X-Virus";
remove = 1;
symbols = ["CLAM_VIRUS", "JUST_EICAR"];
}
}

1
modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc
View File

@@ -1 +0,0 @@
enable_password = %controller_password

2
modoboa_installer/scripts/postfix.py
View File

@@ -61,7 +61,7 @@ class Postfix(base.Installer):
"modoboa", "instance_path"), "modoboa", "instance_path"),
"opendkim_port": self.config.get( "opendkim_port": self.config.get(
"opendkim", "port"), "opendkim", "port"),
"rspamd_disabled": "" if not self.config.get( "rspamd_disabled": "" if not self.config.getboolean(
"rspamd", "enabled") else "#" "rspamd", "enabled") else "#"
}) })
return context return context

19
modoboa_installer/scripts/rspamd.py
View File

@@ -24,7 +24,10 @@ class Rspamd(base.Installer):
"local.d/spf.conf", "local.d/spf.conf",
"local.d/worker-controller.inc", "local.d/worker-controller.inc",
"local.d/worker-normal.inc", "local.d/worker-normal.inc",
"local.d/worker-proxy.inc"] "local.d/worker-proxy.inc",
"local.d/greylist.conf",
"local.d/milter_headers.conf",
"local.d/metrics.conf"]
@property @property
def config_dir(self): def config_dir(self):
@@ -51,11 +54,9 @@ class Rspamd(base.Installer):
def get_config_files(self): def get_config_files(self):
"""Return appropriate config files.""" """Return appropriate config files."""
_config_files = self.config_files _config_files = self.config_files
if self.config.get("clamav", "enabled"): if self.config.getboolean("clamav", "enabled"):
_config_files.append("local.d/antivirus.conf") _config_files.append("local.d/antivirus.conf")
if self.app_config["dnsbl"]: if self.app_config["dnsbl"].lower() == "true":
_config_files.append("local.d/greylisting.conf")
if not self.app_config["dnsbl"]:
_config_files.append("local.d/rbl.conf") _config_files.append("local.d/rbl.conf")
return _config_files return _config_files
@@ -71,8 +72,16 @@ class Rspamd(base.Installer):
_context["controller_password"] = password _context["controller_password"] = password
else: else:
_context["controller_password"] = controller_password _context["controller_password"] = controller_password
_context["greylisting_disabled"] = "" if not self.app_config["greylisting"] else "#"
if not self.app_config["greylisting"]:
_context["postwhite_enabled"] = "#"
return _context return _context
def post_run(self):
"""Additional tasks."""
if self.config("clamav", "enabled"):
install("clamav", self.config, self.upgrade, self.archive_path)
def custom_backup(self, path): def custom_backup(self, path):
"""Backup custom configuration if any.""" """Backup custom configuration if any."""
custom_config_dir = os.path.join(self.config_dir, custom_config_dir = os.path.join(self.config_dir,