Updated rspamd config

modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl

@@ -7,7 +7,6 @@ clamav {
   symbol = "CLAM_VIRUS";
   type = "clamav";
   servers = "127.0.0.1:3310"
-
   patterns {
     # symbol_name = "pattern";
     JUST_EICAR = "Test.EICAR";

modoboa_installer/scripts/files/rspamd/local.d/arc.conf

@@ -1,3 +0,0 @@
-try_fallback = false;
-selector_map = "%selector_map_path";
-path_map = "%key_map_path";

modoboa_installer/scripts/files/rspamd/local.d/dmarc.conf.tpl

@@ -0,0 +1,21 @@
+reporting {
+  # Required attributes
+  enabled = true; # Enable reports in general
+  email = 'postmaster@%hostname'; # Source of DMARC reports
+  domain = '%hostname'; # Domain to serve
+  org_name = '%hostname'; # Organisation
+  # Optional parameters
+  #bcc_addrs = ["postmaster@example.com"]; # additional addresses to copy on reports
+  report_local_controller = false; # Store reports for local/controller scans (for testing only)
+  #helo = 'rspamd.localhost'; # Helo used in SMTP dialog
+  #smtp = '127.0.0.1'; # SMTP server IP
+  #smtp_port = 25; # SMTP server port
+  from_name = '%hostname DMARC REPORT'; # SMTP FROM
+  msgid_from = 'rspamd'; # Msgid format
+  #max_entries = 1k; # Maxiumum amount of entries per domain
+  #keys_expire = 2d; # Expire date for Redis keys
+  #only_domains = '/path/to/map'; # Only store reports from domains or eSLDs listed in this map
+  # Available from 3.3
+  #exclude_domains = '/path/to/map'; # Exclude reports from domains or eSLDs listed in this map
+  #exclude_domains = ["example.com", "another.com"]; # Alternative, use array to exclude reports from domains or eSLDs
+}

modoboa_installer/scripts/files/rspamd/local.d/force_actions.conf.tpl

@@ -0,0 +1,5 @@
+rules {
+  DMARC_POLICY_QUARANTINE {
+    action = "add header";
+  }
+}

modoboa_installer/scripts/rspamd.py

@@ -25,13 +25,19 @@ class Rspamd(base.Installer):
                     "local.d/arc.conf",
                     "local.d/mx_check.conf",
                     "local.d/spf.conf",
-                    "local.d/worker-controller.inc",
                     "local.d/worker-normal.inc",
                     "local.d/worker-proxy.inc",
                     "local.d/greylist.conf",
                     "local.d/milter_headers.conf",
                     "local.d/metrics.conf"]
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(self, *args, **kwargs)
+        self.generate_password_condition = (not self.upgrade or
+                                            utils.user_input(
+                                                "Do you want to (re)generate rspamd password ? (y/N)").lower().startswith("y")
+                                            )
+
     @property
     def config_dir(self):
         """Return appropriate config dir."""
@@ -83,23 +89,26 @@ class Rspamd(base.Installer):
             _config_files.append("local.d/rbl.conf")
         if self.app_config["whitelist_auth"].lower() == "true":
             _config_files.append("local.d/groups.conf")
+        if self.generate_password_condition:
+            _config_files.append("local.d/worker-controller.inc")
         return _config_files
 
     def get_template_context(self):
         _context = super().get_template_context()
-        code, controller_password = utils.exec_cmd(
-            r"rspamadm pw -p {}".format(self.app_config["password"]))
-        if code != 0:
-            utils.error("Error setting rspamd password. "
-                        "Please make sure it is not 'q1' or 'q2'."
-                        "Storing the password in plain. See"
-                        "https://rspamd.com/doc/quickstart.html#setting-the-controller-password")
-            _context["controller_password"] = self.app_config["password"]
-        else:
-            controller_password = controller_password.decode().replace("\n", "")
-            _context["controller_password"] = controller_password
         _context["greylisting_disabled"] = "" if not self.app_config["greylisting"].lower() == "true" else "#"
         _context["whitelist_auth_enabled"] = "" if self.app_config["whitelist_auth"].lower() == "true" else "#"
+        if self.generate_password_condition:
+            code, controller_password = utils.exec_cmd(
+                r"rspamadm pw -p {}".format(self.app_config["password"]))
+            if code != 0:
+                utils.error("Error setting rspamd password. "
+                            "Please make sure it is not 'q1' or 'q2'."
+                            "Storing the password in plain. See"
+                            "https://rspamd.com/doc/quickstart.html#setting-the-controller-password")
+                _context["controller_password"] = self.app_config["password"]
+            else:
+                controller_password = controller_password.decode().replace("\n", "")
+                _context["controller_password"] = controller_password
         return _context
 
     def post_run(self):