Added Rspamd installation
This commit is contained in:
Spitap
@@ -225,12 +225,45 @@ ConfigDictTemplate = [
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "amavis",
|
"name": "rspamd",
|
||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"option": "enabled",
|
"option": "enabled",
|
||||||
"default": "true",
|
"default": "true",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"option": "password",
|
||||||
|
"default": make_password,
|
||||||
|
}
|
||||||
|
{
|
||||||
|
"option": "dnsbl",
|
||||||
|
"default": "true",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "dkim_keys_storage_dir",
|
||||||
|
"default": "/var/lib/dkim"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "keys_path_map",
|
||||||
|
"default": "/var/lib/dkim/keys.path.map"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "selectors_path_map",
|
||||||
|
"default": "/var/lib/dkim/selectors.path.map"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "greylisting",
|
||||||
|
"default": "true"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "amavis",
|
||||||
|
"values": [
|
||||||
|
{
|
||||||
|
"option": "enabled",
|
||||||
|
"default": "false",
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"option": "user",
|
"option": "user",
|
||||||
"default": "amavis",
|
"default": "amavis",
|
||||||
@@ -366,7 +399,7 @@ ConfigDictTemplate = [
|
|||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"option": "enabled",
|
"option": "enabled",
|
||||||
"default": "true",
|
"default": "false",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"option": "config_dir",
|
"option": "config_dir",
|
||||||
@@ -435,7 +468,7 @@ ConfigDictTemplate = [
|
|||||||
"values": [
|
"values": [
|
||||||
{
|
{
|
||||||
"option": "enabled",
|
"option": "enabled",
|
||||||
"default": "true",
|
"default": "false",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"option": "user",
|
"option": "user",
|
||||||
|
|||||||
@@ -37,6 +37,13 @@ server {
|
|||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
%{rspamd_enabled} location /rspamd/ {
|
||||||
|
%{rspamd_enabled} proxy_pass http://localhost:11334/;
|
||||||
|
%{rspamd_enabled}
|
||||||
|
%{rspamd_enabled} proxy_set_header Host $host;
|
||||||
|
%{rspamd_enabled} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
%{rspamd_enabled} }
|
||||||
|
|
||||||
location ~ ^/(api|accounts) {
|
location ~ ^/(api|accounts) {
|
||||||
include uwsgi_params;
|
include uwsgi_params;
|
||||||
uwsgi_param UWSGI_SCRIPT instance.wsgi:application;
|
uwsgi_param UWSGI_SCRIPT instance.wsgi:application;
|
||||||
|
|||||||
@@ -122,6 +122,11 @@ strict_rfc821_envelopes = yes
|
|||||||
%{opendkim_enabled}milter_default_action = accept
|
%{opendkim_enabled}milter_default_action = accept
|
||||||
%{opendkim_enabled}milter_content_timeout = 30s
|
%{opendkim_enabled}milter_content_timeout = 30s
|
||||||
|
|
||||||
|
# Rspamd setup
|
||||||
|
%{rspamd_enabled}smtpd_milters = inet:localhost:11332
|
||||||
|
%{rspamd_enabled}milter_default_action = accept
|
||||||
|
%{rspamd_enabled}milter_protocol = 6
|
||||||
|
|
||||||
# List of authorized senders
|
# List of authorized senders
|
||||||
smtpd_sender_login_maps =
|
smtpd_sender_login_maps =
|
||||||
proxy:%{db_driver}:/etc/postfix/sql-sender-login-map.cf
|
proxy:%{db_driver}:/etc/postfix/sql-sender-login-map.cf
|
||||||
@@ -142,18 +147,18 @@ smtpd_recipient_restrictions =
|
|||||||
|
|
||||||
## Postcreen settings
|
## Postcreen settings
|
||||||
#
|
#
|
||||||
postscreen_access_list =
|
%{rspamd_disabled}postscreen_access_list =
|
||||||
permit_mynetworks
|
%{rspamd_disabled} permit_mynetworks
|
||||||
cidr:/etc/postfix/postscreen_spf_whitelist.cidr
|
%{rspamd_disabled} cidr:/etc/postfix/postscreen_spf_whitelist.cidr
|
||||||
postscreen_blacklist_action = enforce
|
%{rspamd_disabled}postscreen_blacklist_action = enforce
|
||||||
|
|
||||||
# Use some DNSBL
|
# Use some DNSBL
|
||||||
postscreen_dnsbl_sites =
|
%{rspamd_disabled}postscreen_dnsbl_sites =
|
||||||
zen.spamhaus.org=127.0.0.[2..11]*3
|
%{rspamd_disabled} zen.spamhaus.org=127.0.0.[2..11]*3
|
||||||
bl.spameatingmonkey.net=127.0.0.2*2
|
%{rspamd_disabled} bl.spameatingmonkey.net=127.0.0.2*2
|
||||||
bl.spamcop.net=127.0.0.2
|
%{rspamd_disabled} bl.spamcop.net=127.0.0.2
|
||||||
postscreen_dnsbl_threshold = 3
|
%{rspamd_disabled}postscreen_dnsbl_threshold = 3
|
||||||
postscreen_dnsbl_action = enforce
|
%{rspamd_disabled}postscreen_dnsbl_action = enforce
|
||||||
|
|
||||||
postscreen_greet_banner = Welcome, please wait...
|
postscreen_greet_banner = Welcome, please wait...
|
||||||
postscreen_greet_action = enforce
|
postscreen_greet_action = enforce
|
||||||
|
|||||||
@@ -0,0 +1,11 @@
|
|||||||
|
clamav {
|
||||||
|
symbol = "CLAM_VIRUS";
|
||||||
|
type = "clamav";
|
||||||
|
servers = "127.0.0.1:3310";
|
||||||
|
patterns {
|
||||||
|
# symbol_name = "pattern";
|
||||||
|
JUST_EICAR = '^Eicar-Test-Signature$';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
try_fallback = false;
|
||||||
|
selector_map = "%selectors_path_map";
|
||||||
|
path_map = "%keys_path_map";
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
servers = "127.0.0.1:6379";
|
||||||
|
%{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
enabled = true;
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
# to disable all predefined rules if the user doesn't want dnsbl
|
||||||
|
|
||||||
|
url_whitelist = [];
|
||||||
|
|
||||||
|
rbls {
|
||||||
|
}
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
spf_cache_size = 1k;
|
||||||
|
spf_cache_expire = 1d;
|
||||||
|
max_dns_nesting = 10;
|
||||||
|
max_dns_requests = 30;
|
||||||
|
min_cache_ttl = 5m;
|
||||||
|
disable_ipv6 = false;
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
enable_password = %controller_password
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
enable_password = %controller_password
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
enabled = false;
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
upstream "local" {
|
||||||
|
self_scan = yes;
|
||||||
|
}
|
||||||
@@ -60,7 +60,9 @@ class Postfix(base.Installer):
|
|||||||
"modoboa_instance_path": self.config.get(
|
"modoboa_instance_path": self.config.get(
|
||||||
"modoboa", "instance_path"),
|
"modoboa", "instance_path"),
|
||||||
"opendkim_port": self.config.get(
|
"opendkim_port": self.config.get(
|
||||||
"opendkim", "port")
|
"opendkim", "port"),
|
||||||
|
"rspamd_disabled": "" if not self.config.get(
|
||||||
|
"rspamd", "enabled") else "#"
|
||||||
})
|
})
|
||||||
return context
|
return context
|
||||||
|
|
||||||
|
|||||||
82
modoboa_installer/scripts/rspamd.py
Normal file
82
modoboa_installer/scripts/rspamd.py
Normal file
@@ -0,0 +1,82 @@
|
|||||||
|
"""Amavis related functions."""
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
from .. import package
|
||||||
|
from .. import utils
|
||||||
|
|
||||||
|
from . import base
|
||||||
|
from . import backup, install
|
||||||
|
|
||||||
|
|
||||||
|
class Rspamd(base.Installer):
|
||||||
|
|
||||||
|
"""Rspamd installer."""
|
||||||
|
|
||||||
|
appname = "rspamd"
|
||||||
|
packages = {
|
||||||
|
"deb": [
|
||||||
|
"rspamd", "redis"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
config_files = ["local.d/dkim_signing.conf",
|
||||||
|
"local.d/mx_check.conf",
|
||||||
|
"local.d/spf.conf",
|
||||||
|
"local.d/worker-controller.inc",
|
||||||
|
"local.d/worker-normal.inc",
|
||||||
|
"local.d/worker-proxy.inc"]
|
||||||
|
|
||||||
|
@property
|
||||||
|
def config_dir(self):
|
||||||
|
"""Return appropriate config dir."""
|
||||||
|
return "/etc/rspamd"
|
||||||
|
|
||||||
|
def get_config_files(self):
|
||||||
|
"""Return appropriate config files."""
|
||||||
|
_config_files = self.config_files
|
||||||
|
if self.config.get("clamav", "enabled"):
|
||||||
|
_config_files.append("local.d/antivirus.conf")
|
||||||
|
if self.app_config["dnsbl"]:
|
||||||
|
_config_files.append("local.d/greylisting.conf")
|
||||||
|
if not self.app_config["dnsbl"]:
|
||||||
|
_config_files.append("local.d/rbl.conf")
|
||||||
|
return _config_files
|
||||||
|
|
||||||
|
def get_template_context(self):
|
||||||
|
_context = super().get_template_context()
|
||||||
|
code, controller_password = utils.exec_cmd(
|
||||||
|
r"rspamadm pw -p {}".format(self.app_config["password"]))
|
||||||
|
if code != 0:
|
||||||
|
utils.error("Error setting rspamd password. "
|
||||||
|
"Please make sure it is not 'q1' or 'q2'."
|
||||||
|
"Storing the password in plain. See"
|
||||||
|
"https://rspamd.com/doc/quickstart.html#setting-the-controller-password")
|
||||||
|
_context["controller_password"] = password
|
||||||
|
else:
|
||||||
|
_context["controller_password"] = controller_password
|
||||||
|
return _context
|
||||||
|
|
||||||
|
def custom_backup(self, path):
|
||||||
|
"""Backup custom configuration if any."""
|
||||||
|
custom_config_dir = os.path.join(self.config_dir,
|
||||||
|
"/local.d/")
|
||||||
|
custom_backup_dir = os.path.join(path, "/rspamd/")
|
||||||
|
local_files = [f for f in os.listdir(custom_config_dir)
|
||||||
|
if os.path.isfile(custom_config_dir, f)
|
||||||
|
]
|
||||||
|
for file in local_files:
|
||||||
|
utils.copy_file(file, custom_backup_dir)
|
||||||
|
if len(local_files) != 0:
|
||||||
|
utils.success("Rspamd custom configuration saved!")
|
||||||
|
|
||||||
|
def restore(self):
|
||||||
|
"""Restore custom config files."""
|
||||||
|
custom_config_dir = os.path.join(self.config_dir,
|
||||||
|
"/local.d/")
|
||||||
|
custom_backup_dir = os.path.join(path, "/rspamd/")
|
||||||
|
backed_up_files = [f for f in os.listdir(custom_backup_dir)
|
||||||
|
if os.path.isfile(custom_backup_dir, f)
|
||||||
|
]
|
||||||
|
for file in backed_up_files:
|
||||||
|
utils.copy_file(file, custom_config_dir)
|
||||||
|
utils.success("Custom Rspamd configuration restored.")
|
||||||
Reference in New Issue
Block a user