evgeny/modoboa-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated rspamd config

Browse Source
This commit is contained in:
Spitap
2023-06-21 16:04:38 +02:00
committed by Antoine Nguyen
parent 69a8f08246
commit 46bbb1039b
9 changed files with 74 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modoboa_installer/config_dict_template.py
View File

@@ -254,6 +254,14 @@ ConfigDictTemplate = [
{ {
"option": "greylisting", "option": "greylisting",
"default": "true" "default": "true"
},
{
"option": "whitelist_auth",
"default": "true"
},
{
"option": "whitelist_auth_weigth",
"default": "-5"
} }
], ],
}, },

1
modoboa_installer/scripts/clamav.py
View File

@@ -42,6 +42,7 @@ class Clamav(base.Installer):
"""Additional tasks.""" """Additional tasks."""
if package.backend.FORMAT == "deb": if package.backend.FORMAT == "deb":
user = self.config.get(self.appname, "user") user = self.config.get(self.appname, "user")
if self.config.get("amavis", "enabled").lower() == "true":
system.add_user_to_group( system.add_user_to_group(
user, self.config.get("amavis", "user") user, self.config.get("amavis", "user")
) )

5
modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
View File

@@ -2,10 +2,11 @@ clamav {
scan_mime_parts = true; scan_mime_parts = true;
scan_text_mime = true; scan_text_mime = true;
scan_image_mime = true; scan_image_mime = true;
retransmits = 2;
timeout = 30;
symbol = "CLAM_VIRUS"; symbol = "CLAM_VIRUS";
type = "clamav"; type = "clamav";
servers = "/var/run/clamd.amavisd/clamd.sock"; servers = "127.0.0.1:3310"
patterns { patterns {
# symbol_name = "pattern"; # symbol_name = "pattern";

1
modoboa_installer/scripts/files/rspamd/local.d/greylist.conf.tpl
View File

@@ -1,3 +1,2 @@
%{greylisting_disabled}enabled = false; %{greylisting_disabled}enabled = false;
servers = "127.0.0.1:6379"; servers = "127.0.0.1:6379";
%{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"

5
modoboa_installer/scripts/files/rspamd/local.d/groups.conf.tpl Normal file
View File

@@ -0,0 +1,5 @@
symbols {
"WHITELIST_AUTHENTICATED" {
weight = %whitelist_auth_weigth;
}
}

2
modoboa_installer/scripts/files/rspamd/local.d/redis.conf.tpl Normal file
View File

@@ -0,0 +1,2 @@
write_servers = "localhost";
read_servers = "localhost";

8
modoboa_installer/scripts/files/rspamd/local.d/settings.conf.tpl Normal file
View File

@@ -0,0 +1,8 @@
authenticated {
priority = high;
authenticated = yes;
apply {
groups_disabled = ["rbl", "spf"];
}
%{whitelist_auth_enabled} symbols ["WHITELIST_AUTHENTICATED"];
}

10
modoboa_installer/scripts/postfix.py
View File

@@ -103,8 +103,18 @@ class Postfix(base.Installer):
utils.exec_cmd("postalias {}".format(aliases_file)) utils.exec_cmd("postalias {}".format(aliases_file))
# Postwhite # Postwhite
condition = (
not self.config.getboolean("rspamd", "enabled") and
self.config.getboolean("postwhite", "enabled")
)
if condition:
install("postwhite", self.config, self.upgrade, self.archive_path) install("postwhite", self.config, self.upgrade, self.archive_path)
def backup(self, path): def backup(self, path):
"""Launch postwhite backup.""" """Launch postwhite backup."""
condition = (
not self.config.getboolean("rspamd", "enabled") and
self.config.getboolean("postwhite", "enabled")
)
if condition:
backup("postwhite", self.config, path) backup("postwhite", self.config, path)

35
modoboa_installer/scripts/rspamd.py
View File

@@ -4,6 +4,7 @@ import os
from .. import package from .. import package
from .. import utils from .. import utils
from .. import system
from . import base from . import base
from . import backup, install from . import backup, install
@@ -34,6 +35,29 @@ class Rspamd(base.Installer):
"""Return appropriate config dir.""" """Return appropriate config dir."""
return "/etc/rspamd" return "/etc/rspamd"
def install_packages(self):
status, codename = utils.exec_cmd("lsb_release -c -s")
if codename.lower() in ["bionic", "bookworm", "bullseye", "buster",
"focal", "jammy", "jessie", "sid", "stretch",
"trusty", "wheezy", "xenial"]:
utils.mkdir_safe("/etc/apt/keyrings")
if codename.lower() == "bionic":
package.backend.install("software-properties-common")
utils.exec_cmd("add-apt-repository ppa:ubuntu-toolchain-r/test")
utils.exec_cmd("wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|sudo apt-key add -")
utils.exec_cmd(f"echo \"deb http://apt.llvm.org/{codename}/ llvm-toolchain-{codename}-16 main\" | sudo tee /etc/apt/sources.list.d/llvm-16.list")
utils.exec_cmd(f"echo \"deb-src http://apt.llvm.org/{codename}/ llvm-toolchain-{codename}-16 main\" | sudo tee -a /etc/apt/sources.list.d/llvm-16.list")
utils.exec_cmd("wget -O- https://rspamd.com/apt-stable/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/rspamd.gpg > /dev/null")
utils.exec_cmd(f"echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ {codename} main\" | sudo tee /etc/apt/sources.list.d/rspamd.list")
utils.exec_cmd(f"echo \"deb-src [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ {codename} main\" | sudo tee -a /etc/apt/sources.list.d/rspamd.list")
package.backend.update()
return super().install_packages()
def install_config_files(self): def install_config_files(self):
"""Make sure config directory exists.""" """Make sure config directory exists."""
user = self.config.get("modoboa", "user") user = self.config.get("modoboa", "user")
@@ -58,6 +82,8 @@ class Rspamd(base.Installer):
_config_files.append("local.d/antivirus.conf") _config_files.append("local.d/antivirus.conf")
if self.app_config["dnsbl"].lower() == "true": if self.app_config["dnsbl"].lower() == "true":
_config_files.append("local.d/rbl.conf") _config_files.append("local.d/rbl.conf")
if self.app_config["whitelist_auth"].lower() == "true":
_config_files.append("local.d/groups.conf")
return _config_files return _config_files
def get_template_context(self): def get_template_context(self):
@@ -72,13 +98,16 @@ class Rspamd(base.Installer):
_context["controller_password"] = password _context["controller_password"] = password
else: else:
_context["controller_password"] = controller_password _context["controller_password"] = controller_password
_context["greylisting_disabled"] = "" if not self.app_config["greylisting"] else "#" _context["greylisting_disabled"] = "" if not self.app_config["greylisting"].lower() == "true" else "#"
if not self.app_config["greylisting"]: _context["whitelist_auth_enabled"] = "" if self.app_config["whitelist_auth"].lower() == "true" else "#"
_context["postwhite_enabled"] = "#"
return _context return _context
def post_run(self): def post_run(self):
"""Additional tasks.""" """Additional tasks."""
system.add_user_to_group(
self.config.get("modoboa", "user"),
"_rspamd"
)
if self.config("clamav", "enabled"): if self.config("clamav", "enabled"):
install("clamav", self.config, self.upgrade, self.archive_path) install("clamav", self.config, self.upgrade, self.archive_path)