Added Rspamd installation

2023-04-04 17:34:48 +02:00
parent fbedc6a051
commit 4082d5790d
15 changed files with 178 additions and 14 deletions
--- a/modoboa_installer/scripts/files/nginx/modoboa.conf.tpl
+++ b/modoboa_installer/scripts/files/nginx/modoboa.conf.tpl
@@ -37,6 +37,13 @@ server {
        try_files $uri $uri/ =404;
    }

+%{rspamd_enabled}    location /rspamd/ {
+%{rspamd_enabled}        proxy_pass       http://localhost:11334/;
+%{rspamd_enabled}
+%{rspamd_enabled}        proxy_set_header Host      $host;
+%{rspamd_enabled}        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+%{rspamd_enabled}    }
+
    location ~ ^/(api|accounts) {
        include uwsgi_params;
        uwsgi_param UWSGI_SCRIPT instance.wsgi:application;
--- a/modoboa_installer/scripts/files/postfix/main.cf.tpl
+++ b/modoboa_installer/scripts/files/postfix/main.cf.tpl
@@ -122,6 +122,11 @@ strict_rfc821_envelopes = yes
 %{opendkim_enabled}milter_default_action = accept
 %{opendkim_enabled}milter_content_timeout = 30s

+# Rspamd setup
+%{rspamd_enabled}smtpd_milters = inet:localhost:11332
+%{rspamd_enabled}milter_default_action = accept
+%{rspamd_enabled}milter_protocol = 6
+
 # List of authorized senders
 smtpd_sender_login_maps =
        proxy:%{db_driver}:/etc/postfix/sql-sender-login-map.cf
@@ -142,18 +147,18 @@ smtpd_recipient_restrictions =

 ## Postcreen settings
 #
-postscreen_access_list =
-       permit_mynetworks
-       cidr:/etc/postfix/postscreen_spf_whitelist.cidr
-postscreen_blacklist_action = enforce 
+%{rspamd_disabled}postscreen_access_list =
+%{rspamd_disabled}       permit_mynetworks
+%{rspamd_disabled}      cidr:/etc/postfix/postscreen_spf_whitelist.cidr
+%{rspamd_disabled}postscreen_blacklist_action = enforce

 # Use some DNSBL
-postscreen_dnsbl_sites = 
-	zen.spamhaus.org=127.0.0.[2..11]*3
-	bl.spameatingmonkey.net=127.0.0.2*2
-	bl.spamcop.net=127.0.0.2
-postscreen_dnsbl_threshold = 3 
-postscreen_dnsbl_action = enforce 
+%{rspamd_disabled}postscreen_dnsbl_sites =
+%{rspamd_disabled}	zen.spamhaus.org=127.0.0.[2..11]*3
+%{rspamd_disabled}	bl.spameatingmonkey.net=127.0.0.2*2
+%{rspamd_disabled}	bl.spamcop.net=127.0.0.2
+%{rspamd_disabled}postscreen_dnsbl_threshold = 3
+%{rspamd_disabled}postscreen_dnsbl_action = enforce

 postscreen_greet_banner = Welcome, please wait... 
 postscreen_greet_action = enforce
--- a/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
@@ -0,0 +1,11 @@
+clamav {
+  symbol = "CLAM_VIRUS";
+  type = "clamav";
+  servers = "127.0.0.1:3310";
+  patterns {
+    # symbol_name = "pattern";
+    JUST_EICAR = '^Eicar-Test-Signature$';
+  }
+}
+
+
--- a/modoboa_installer/scripts/files/rspamd/local.d/dkim_signing.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/dkim_signing.conf.tpl
@@ -0,0 +1,3 @@
+try_fallback = false;
+selector_map = "%selectors_path_map";
+path_map = "%keys_path_map";
--- a/modoboa_installer/scripts/files/rspamd/local.d/greylisting.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/greylisting.conf.tpl
@@ -0,0 +1,2 @@
+servers = "127.0.0.1:6379";
+%{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"
--- a/modoboa_installer/scripts/files/rspamd/local.d/mx_check.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/mx_check.conf.tpl
@@ -0,0 +1 @@
+enabled = true;
--- a/modoboa_installer/scripts/files/rspamd/local.d/rbl.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/rbl.conf.tpl
@@ -0,0 +1,6 @@
+# to disable all predefined rules if the user doesn't want dnsbl
+
+url_whitelist = [];
+
+rbls {
+}
--- a/modoboa_installer/scripts/files/rspamd/local.d/spf.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/spf.conf.tpl
@@ -0,0 +1,6 @@
+spf_cache_size = 1k;
+spf_cache_expire = 1d;
+max_dns_nesting = 10;
+max_dns_requests = 30;
+min_cache_ttl = 5m;
+disable_ipv6 = false;
--- a/modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc
+++ b/modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc
@@ -0,0 +1 @@
+enable_password = %controller_password
--- a/modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/worker-controller.inc.tpl
@@ -0,0 +1 @@
+enable_password = %controller_password
--- a/modoboa_installer/scripts/files/rspamd/local.d/worker-normal.inc.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/worker-normal.inc.tpl
@@ -0,0 +1 @@
+enabled = false;
--- a/modoboa_installer/scripts/files/rspamd/local.d/worker-proxy.inc.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/worker-proxy.inc.tpl
@@ -0,0 +1,3 @@
+upstream "local" {
+  self_scan = yes;
+}
--- a/modoboa_installer/scripts/postfix.py
+++ b/modoboa_installer/scripts/postfix.py
@@ -60,7 +60,9 @@ class Postfix(base.Installer):
            "modoboa_instance_path": self.config.get(
                "modoboa", "instance_path"),
            "opendkim_port": self.config.get(
-                "opendkim", "port")
+                "opendkim", "port"),
+            "rspamd_disabled": "" if not self.config.get(
+                "rspamd", "enabled") else "#"
        })
        return context

--- a/modoboa_installer/scripts/rspamd.py
+++ b/modoboa_installer/scripts/rspamd.py
@@ -0,0 +1,82 @@
+"""Amavis related functions."""
+
+import os
+
+from .. import package
+from .. import utils
+
+from . import base
+from . import backup, install
+
+
+class Rspamd(base.Installer):
+
+    """Rspamd installer."""
+
+    appname = "rspamd"
+    packages = {
+        "deb": [
+            "rspamd", "redis"
+        ]
+    }
+    config_files = ["local.d/dkim_signing.conf",
+                    "local.d/mx_check.conf",
+                    "local.d/spf.conf",
+                    "local.d/worker-controller.inc",
+                    "local.d/worker-normal.inc",
+                    "local.d/worker-proxy.inc"]
+
+    @property
+    def config_dir(self):
+        """Return appropriate config dir."""
+        return "/etc/rspamd"
+
+    def get_config_files(self):
+        """Return appropriate config files."""
+        _config_files = self.config_files
+        if self.config.get("clamav", "enabled"):
+            _config_files.append("local.d/antivirus.conf")
+        if self.app_config["dnsbl"]:
+            _config_files.append("local.d/greylisting.conf")
+        if not self.app_config["dnsbl"]:
+            _config_files.append("local.d/rbl.conf")
+        return _config_files
+
+    def get_template_context(self):
+        _context = super().get_template_context()
+        code, controller_password = utils.exec_cmd(
+            r"rspamadm pw -p {}".format(self.app_config["password"]))
+        if code != 0:
+            utils.error("Error setting rspamd password. "
+                        "Please make sure it is not 'q1' or 'q2'."
+                        "Storing the password in plain. See"
+                        "https://rspamd.com/doc/quickstart.html#setting-the-controller-password")
+            _context["controller_password"] = password
+        else:
+            _context["controller_password"] = controller_password
+        return _context
+
+    def custom_backup(self, path):
+        """Backup custom configuration if any."""
+        custom_config_dir = os.path.join(self.config_dir,
+                                         "/local.d/")
+        custom_backup_dir = os.path.join(path, "/rspamd/")
+        local_files = [f for f in os.listdir(custom_config_dir)
+                       if os.path.isfile(custom_config_dir, f)
+                       ]
+        for file in local_files:
+            utils.copy_file(file, custom_backup_dir)
+        if len(local_files) != 0:
+            utils.success("Rspamd custom configuration saved!")
+
+    def restore(self):
+        """Restore custom config files."""
+        custom_config_dir = os.path.join(self.config_dir,
+                                         "/local.d/")
+        custom_backup_dir = os.path.join(path, "/rspamd/")
+        backed_up_files = [f for f in os.listdir(custom_backup_dir)
+                           if os.path.isfile(custom_backup_dir, f)
+                          ]
+        for file in backed_up_files:
+            utils.copy_file(file, custom_config_dir)
+            utils.success("Custom Rspamd configuration restored.")