From 46bbb1039bb90e96976ae1c1597e967a4a21f5ae Mon Sep 17 00:00:00 2001
From: Spitap <dev@asdrip.fr>
Date: Wed, 21 Jun 2023 16:04:38 +0200
Subject: [PATCH] updated rspamd config

---
 modoboa_installer/config_dict_template.py     |  8 +++++
 modoboa_installer/scripts/clamav.py           |  7 ++--
 .../files/rspamd/local.d/antivirus.conf.tpl   |  5 +--
 .../files/rspamd/local.d/greylist.conf.tpl    |  1 -
 .../files/rspamd/local.d/groups.conf.tpl      |  5 +++
 .../files/rspamd/local.d/redis.conf.tpl       |  2 ++
 .../files/rspamd/local.d/settings.conf.tpl    |  8 +++++
 modoboa_installer/scripts/postfix.py          | 14 ++++++--
 modoboa_installer/scripts/rspamd.py           | 35 +++++++++++++++++--
 9 files changed, 74 insertions(+), 11 deletions(-)
 create mode 100644 modoboa_installer/scripts/files/rspamd/local.d/groups.conf.tpl
 create mode 100644 modoboa_installer/scripts/files/rspamd/local.d/redis.conf.tpl
 create mode 100644 modoboa_installer/scripts/files/rspamd/local.d/settings.conf.tpl

diff --git a/modoboa_installer/config_dict_template.py b/modoboa_installer/config_dict_template.py
index cfc9482..c7c1b97 100644
--- a/modoboa_installer/config_dict_template.py
+++ b/modoboa_installer/config_dict_template.py
@@ -254,6 +254,14 @@ ConfigDictTemplate = [
             {
                 "option": "greylisting",
                 "default": "true"
+            },
+            {
+                "option": "whitelist_auth",
+                "default": "true"
+            },
+            {
+                "option": "whitelist_auth_weigth",
+                "default": "-5"
             }
         ],
     },
diff --git a/modoboa_installer/scripts/clamav.py b/modoboa_installer/scripts/clamav.py
index 2ff4868..a62eda6 100644
--- a/modoboa_installer/scripts/clamav.py
+++ b/modoboa_installer/scripts/clamav.py
@@ -42,9 +42,10 @@ class Clamav(base.Installer):
         """Additional tasks."""
         if package.backend.FORMAT == "deb":
             user = self.config.get(self.appname, "user")
-            system.add_user_to_group(
-                user, self.config.get("amavis", "user")
-            )
+            if self.config.get("amavis", "enabled").lower() == "true":
+                system.add_user_to_group(
+                    user, self.config.get("amavis", "user")
+                )
             pattern = (
                 "s/^AllowSupplementaryGroups false/"
                 "AllowSupplementaryGroups true/")
diff --git a/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl b/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
index 9aafe74..5e50a4e 100644
--- a/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
@@ -2,10 +2,11 @@ clamav {
   scan_mime_parts = true;
   scan_text_mime = true;
   scan_image_mime = true;
-
+  retransmits = 2;
+  timeout = 30;
   symbol = "CLAM_VIRUS";
   type = "clamav";
-  servers = "/var/run/clamd.amavisd/clamd.sock";
+  servers = "127.0.0.1:3310"
 
   patterns {
     # symbol_name = "pattern";
diff --git a/modoboa_installer/scripts/files/rspamd/local.d/greylist.conf.tpl b/modoboa_installer/scripts/files/rspamd/local.d/greylist.conf.tpl
index cf6c036..bf90f46 100644
--- a/modoboa_installer/scripts/files/rspamd/local.d/greylist.conf.tpl
+++ b/modoboa_installer/scripts/files/rspamd/local.d/greylist.conf.tpl
@@ -1,3 +1,2 @@
 %{greylisting_disabled}enabled = false;
 servers = "127.0.0.1:6379";
-%{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"
diff --git a/modoboa_installer/scripts/files/rspamd/local.d/groups.conf.tpl b/modoboa_installer/scripts/files/rspamd/local.d/groups.conf.tpl
new file mode 100644
index 0000000..0e10663
--- /dev/null
+++ b/modoboa_installer/scripts/files/rspamd/local.d/groups.conf.tpl
@@ -0,0 +1,5 @@
+symbols {
+  "WHITELIST_AUTHENTICATED" {
+    weight = %whitelist_auth_weigth;
+  }
+}
diff --git a/modoboa_installer/scripts/files/rspamd/local.d/redis.conf.tpl b/modoboa_installer/scripts/files/rspamd/local.d/redis.conf.tpl
new file mode 100644
index 0000000..6b6c00d
--- /dev/null
+++ b/modoboa_installer/scripts/files/rspamd/local.d/redis.conf.tpl
@@ -0,0 +1,2 @@
+write_servers = "localhost";
+read_servers = "localhost";
diff --git a/modoboa_installer/scripts/files/rspamd/local.d/settings.conf.tpl b/modoboa_installer/scripts/files/rspamd/local.d/settings.conf.tpl
new file mode 100644
index 0000000..1eae1c0
--- /dev/null
+++ b/modoboa_installer/scripts/files/rspamd/local.d/settings.conf.tpl
@@ -0,0 +1,8 @@
+authenticated {
+  priority = high;
+  authenticated = yes;
+  apply {
+    groups_disabled = ["rbl", "spf"];
+  }
+%{whitelist_auth_enabled}  symbols ["WHITELIST_AUTHENTICATED"];
+}
diff --git a/modoboa_installer/scripts/postfix.py b/modoboa_installer/scripts/postfix.py
index 19e6427..ea56b75 100644
--- a/modoboa_installer/scripts/postfix.py
+++ b/modoboa_installer/scripts/postfix.py
@@ -103,8 +103,18 @@ class Postfix(base.Installer):
             utils.exec_cmd("postalias {}".format(aliases_file))
 
         # Postwhite
-        install("postwhite", self.config, self.upgrade, self.archive_path)
+        condition = (
+            not self.config.getboolean("rspamd", "enabled") and
+            self.config.getboolean("postwhite", "enabled")
+            )
+        if condition:
+            install("postwhite", self.config, self.upgrade, self.archive_path)
 
     def backup(self, path):
         """Launch postwhite backup."""
-        backup("postwhite", self.config, path)
+        condition = (
+            not self.config.getboolean("rspamd", "enabled") and
+            self.config.getboolean("postwhite", "enabled")
+            )
+        if condition:
+            backup("postwhite", self.config, path)
diff --git a/modoboa_installer/scripts/rspamd.py b/modoboa_installer/scripts/rspamd.py
index 1a4fbc0..7313ffa 100644
--- a/modoboa_installer/scripts/rspamd.py
+++ b/modoboa_installer/scripts/rspamd.py
@@ -4,6 +4,7 @@ import os
 
 from .. import package
 from .. import utils
+from .. import system
 
 from . import base
 from . import backup, install
@@ -34,6 +35,29 @@ class Rspamd(base.Installer):
         """Return appropriate config dir."""
         return "/etc/rspamd"
 
+    def install_packages(self):
+        status, codename = utils.exec_cmd("lsb_release -c -s")
+
+        if codename.lower() in ["bionic", "bookworm", "bullseye", "buster",
+                                "focal", "jammy", "jessie", "sid", "stretch",
+                                "trusty", "wheezy", "xenial"]:
+            utils.mkdir_safe("/etc/apt/keyrings")
+
+            if codename.lower() == "bionic":
+                package.backend.install("software-properties-common")
+                utils.exec_cmd("add-apt-repository ppa:ubuntu-toolchain-r/test")
+
+            utils.exec_cmd("wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|sudo apt-key add -")
+            utils.exec_cmd(f"echo \"deb http://apt.llvm.org/{codename}/ llvm-toolchain-{codename}-16 main\" | sudo tee /etc/apt/sources.list.d/llvm-16.list")
+            utils.exec_cmd(f"echo \"deb-src http://apt.llvm.org/{codename}/ llvm-toolchain-{codename}-16 main\"  | sudo tee -a /etc/apt/sources.list.d/llvm-16.list")
+
+            utils.exec_cmd("wget -O- https://rspamd.com/apt-stable/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/rspamd.gpg > /dev/null")
+            utils.exec_cmd(f"echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ {codename} main\" | sudo tee /etc/apt/sources.list.d/rspamd.list")
+            utils.exec_cmd(f"echo \"deb-src [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ {codename} main\"  | sudo tee -a /etc/apt/sources.list.d/rspamd.list")
+            package.backend.update()
+
+        return super().install_packages()
+
     def install_config_files(self):
         """Make sure config directory exists."""
         user = self.config.get("modoboa", "user")
@@ -58,6 +82,8 @@ class Rspamd(base.Installer):
             _config_files.append("local.d/antivirus.conf")
         if self.app_config["dnsbl"].lower() == "true":
             _config_files.append("local.d/rbl.conf")
+        if self.app_config["whitelist_auth"].lower() == "true":
+            _config_files.append("local.d/groups.conf")
         return _config_files
 
     def get_template_context(self):
@@ -72,13 +98,16 @@ class Rspamd(base.Installer):
             _context["controller_password"] = password
         else:
             _context["controller_password"] = controller_password
-        _context["greylisting_disabled"] = "" if not self.app_config["greylisting"] else "#"
-        if not self.app_config["greylisting"]:
-            _context["postwhite_enabled"] = "#"
+        _context["greylisting_disabled"] = "" if not self.app_config["greylisting"].lower() == "true" else "#"
+        _context["whitelist_auth_enabled"] = "" if self.app_config["whitelist_auth"].lower() == "true" else "#"
         return _context
 
     def post_run(self):
         """Additional tasks."""
+        system.add_user_to_group(
+            self.config.get("modoboa", "user"),
+            "_rspamd"
+            )
         if self.config("clamav", "enabled"):
             install("clamav", self.config, self.upgrade, self.archive_path)