updated rspamd config
This commit is contained in:
Spitap
@@ -254,6 +254,14 @@ ConfigDictTemplate = [
|
|||||||
{
|
{
|
||||||
"option": "greylisting",
|
"option": "greylisting",
|
||||||
"default": "true"
|
"default": "true"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "whitelist_auth",
|
||||||
|
"default": "true"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"option": "whitelist_auth_weigth",
|
||||||
|
"default": "-5"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -42,9 +42,10 @@ class Clamav(base.Installer):
|
|||||||
"""Additional tasks."""
|
"""Additional tasks."""
|
||||||
if package.backend.FORMAT == "deb":
|
if package.backend.FORMAT == "deb":
|
||||||
user = self.config.get(self.appname, "user")
|
user = self.config.get(self.appname, "user")
|
||||||
system.add_user_to_group(
|
if self.config.get("amavis", "enabled").lower() == "true":
|
||||||
user, self.config.get("amavis", "user")
|
system.add_user_to_group(
|
||||||
)
|
user, self.config.get("amavis", "user")
|
||||||
|
)
|
||||||
pattern = (
|
pattern = (
|
||||||
"s/^AllowSupplementaryGroups false/"
|
"s/^AllowSupplementaryGroups false/"
|
||||||
"AllowSupplementaryGroups true/")
|
"AllowSupplementaryGroups true/")
|
||||||
|
|||||||
@@ -2,10 +2,11 @@ clamav {
|
|||||||
scan_mime_parts = true;
|
scan_mime_parts = true;
|
||||||
scan_text_mime = true;
|
scan_text_mime = true;
|
||||||
scan_image_mime = true;
|
scan_image_mime = true;
|
||||||
|
retransmits = 2;
|
||||||
|
timeout = 30;
|
||||||
symbol = "CLAM_VIRUS";
|
symbol = "CLAM_VIRUS";
|
||||||
type = "clamav";
|
type = "clamav";
|
||||||
servers = "/var/run/clamd.amavisd/clamd.sock";
|
servers = "127.0.0.1:3310"
|
||||||
|
|
||||||
patterns {
|
patterns {
|
||||||
# symbol_name = "pattern";
|
# symbol_name = "pattern";
|
||||||
|
|||||||
@@ -1,3 +1,2 @@
|
|||||||
%{greylisting_disabled}enabled = false;
|
%{greylisting_disabled}enabled = false;
|
||||||
servers = "127.0.0.1:6379";
|
servers = "127.0.0.1:6379";
|
||||||
%{postwhite_enabled}whitelisted_ip = "/etc/postfix/postscreen_spf_whitelist.cidr"
|
|
||||||
|
|||||||
@@ -0,0 +1,5 @@
|
|||||||
|
symbols {
|
||||||
|
"WHITELIST_AUTHENTICATED" {
|
||||||
|
weight = %whitelist_auth_weigth;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
write_servers = "localhost";
|
||||||
|
read_servers = "localhost";
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
authenticated {
|
||||||
|
priority = high;
|
||||||
|
authenticated = yes;
|
||||||
|
apply {
|
||||||
|
groups_disabled = ["rbl", "spf"];
|
||||||
|
}
|
||||||
|
%{whitelist_auth_enabled} symbols ["WHITELIST_AUTHENTICATED"];
|
||||||
|
}
|
||||||
@@ -103,8 +103,18 @@ class Postfix(base.Installer):
|
|||||||
utils.exec_cmd("postalias {}".format(aliases_file))
|
utils.exec_cmd("postalias {}".format(aliases_file))
|
||||||
|
|
||||||
# Postwhite
|
# Postwhite
|
||||||
install("postwhite", self.config, self.upgrade, self.archive_path)
|
condition = (
|
||||||
|
not self.config.getboolean("rspamd", "enabled") and
|
||||||
|
self.config.getboolean("postwhite", "enabled")
|
||||||
|
)
|
||||||
|
if condition:
|
||||||
|
install("postwhite", self.config, self.upgrade, self.archive_path)
|
||||||
|
|
||||||
def backup(self, path):
|
def backup(self, path):
|
||||||
"""Launch postwhite backup."""
|
"""Launch postwhite backup."""
|
||||||
backup("postwhite", self.config, path)
|
condition = (
|
||||||
|
not self.config.getboolean("rspamd", "enabled") and
|
||||||
|
self.config.getboolean("postwhite", "enabled")
|
||||||
|
)
|
||||||
|
if condition:
|
||||||
|
backup("postwhite", self.config, path)
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import os
|
|||||||
|
|
||||||
from .. import package
|
from .. import package
|
||||||
from .. import utils
|
from .. import utils
|
||||||
|
from .. import system
|
||||||
|
|
||||||
from . import base
|
from . import base
|
||||||
from . import backup, install
|
from . import backup, install
|
||||||
@@ -34,6 +35,29 @@ class Rspamd(base.Installer):
|
|||||||
"""Return appropriate config dir."""
|
"""Return appropriate config dir."""
|
||||||
return "/etc/rspamd"
|
return "/etc/rspamd"
|
||||||
|
|
||||||
|
def install_packages(self):
|
||||||
|
status, codename = utils.exec_cmd("lsb_release -c -s")
|
||||||
|
|
||||||
|
if codename.lower() in ["bionic", "bookworm", "bullseye", "buster",
|
||||||
|
"focal", "jammy", "jessie", "sid", "stretch",
|
||||||
|
"trusty", "wheezy", "xenial"]:
|
||||||
|
utils.mkdir_safe("/etc/apt/keyrings")
|
||||||
|
|
||||||
|
if codename.lower() == "bionic":
|
||||||
|
package.backend.install("software-properties-common")
|
||||||
|
utils.exec_cmd("add-apt-repository ppa:ubuntu-toolchain-r/test")
|
||||||
|
|
||||||
|
utils.exec_cmd("wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|sudo apt-key add -")
|
||||||
|
utils.exec_cmd(f"echo \"deb http://apt.llvm.org/{codename}/ llvm-toolchain-{codename}-16 main\" | sudo tee /etc/apt/sources.list.d/llvm-16.list")
|
||||||
|
utils.exec_cmd(f"echo \"deb-src http://apt.llvm.org/{codename}/ llvm-toolchain-{codename}-16 main\" | sudo tee -a /etc/apt/sources.list.d/llvm-16.list")
|
||||||
|
|
||||||
|
utils.exec_cmd("wget -O- https://rspamd.com/apt-stable/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/rspamd.gpg > /dev/null")
|
||||||
|
utils.exec_cmd(f"echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ {codename} main\" | sudo tee /etc/apt/sources.list.d/rspamd.list")
|
||||||
|
utils.exec_cmd(f"echo \"deb-src [arch=amd64 signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ {codename} main\" | sudo tee -a /etc/apt/sources.list.d/rspamd.list")
|
||||||
|
package.backend.update()
|
||||||
|
|
||||||
|
return super().install_packages()
|
||||||
|
|
||||||
def install_config_files(self):
|
def install_config_files(self):
|
||||||
"""Make sure config directory exists."""
|
"""Make sure config directory exists."""
|
||||||
user = self.config.get("modoboa", "user")
|
user = self.config.get("modoboa", "user")
|
||||||
@@ -58,6 +82,8 @@ class Rspamd(base.Installer):
|
|||||||
_config_files.append("local.d/antivirus.conf")
|
_config_files.append("local.d/antivirus.conf")
|
||||||
if self.app_config["dnsbl"].lower() == "true":
|
if self.app_config["dnsbl"].lower() == "true":
|
||||||
_config_files.append("local.d/rbl.conf")
|
_config_files.append("local.d/rbl.conf")
|
||||||
|
if self.app_config["whitelist_auth"].lower() == "true":
|
||||||
|
_config_files.append("local.d/groups.conf")
|
||||||
return _config_files
|
return _config_files
|
||||||
|
|
||||||
def get_template_context(self):
|
def get_template_context(self):
|
||||||
@@ -72,13 +98,16 @@ class Rspamd(base.Installer):
|
|||||||
_context["controller_password"] = password
|
_context["controller_password"] = password
|
||||||
else:
|
else:
|
||||||
_context["controller_password"] = controller_password
|
_context["controller_password"] = controller_password
|
||||||
_context["greylisting_disabled"] = "" if not self.app_config["greylisting"] else "#"
|
_context["greylisting_disabled"] = "" if not self.app_config["greylisting"].lower() == "true" else "#"
|
||||||
if not self.app_config["greylisting"]:
|
_context["whitelist_auth_enabled"] = "" if self.app_config["whitelist_auth"].lower() == "true" else "#"
|
||||||
_context["postwhite_enabled"] = "#"
|
|
||||||
return _context
|
return _context
|
||||||
|
|
||||||
def post_run(self):
|
def post_run(self):
|
||||||
"""Additional tasks."""
|
"""Additional tasks."""
|
||||||
|
system.add_user_to_group(
|
||||||
|
self.config.get("modoboa", "user"),
|
||||||
|
"_rspamd"
|
||||||
|
)
|
||||||
if self.config("clamav", "enabled"):
|
if self.config("clamav", "enabled"):
|
||||||
install("clamav", self.config, self.upgrade, self.archive_path)
|
install("clamav", self.config, self.upgrade, self.archive_path)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user