evgeny/modoboa-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated rspamd config

Browse Source
This commit is contained in:
Spitfireap
2025-01-13 15:14:55 +01:00
committed by Antoine Nguyen
parent 7ae6196793
commit b9539fa33c
8 changed files with 91 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
README.rst
View File

@@ -9,8 +9,8 @@ An installer which deploy a complete mail server based on Modoboa.
This tool is still in beta stage, it has been tested on:
* Debian 10 and upper
* Ubuntu Bionic Beaver (18.04) and upper
* Debian 12 and upper
* Ubuntu Focal Fossa (20.04) and upper
.. warning::
@@ -43,7 +43,7 @@ The following components are installed by the installer:
* Nginx and uWSGI
* Postfix
* Dovecot
* Amavis (with SpamAssassin and ClamAV)
* Amavis (with SpamAssassin and ClamAV) or Rspamd
* automx (autoconfiguration service)
* OpenDKIM
* Radicale (CalDAV and CardDAV server)
@@ -229,6 +229,22 @@ If you want to use already generated certs, simply edit the
tls_cert_file_path = *path to tls fullchain file*
tls_key_file_path = *path to tls key file*
Antispam
========
You have 3 options regarding antispam : disabled, Amavis, Rspamd
Amavis
------
Amavis
Rspamd
------
Rspamd
.. |workflow| image:: https://github.com/modoboa/modoboa-installer/workflows/Modoboa%20installer/badge.svg
.. |codecov| image:: https://codecov.io/gh/modoboa/modoboa-installer/graph/badge.svg?token=Fo2o1GdHZq
:target: https://codecov.io/gh/modoboa/modoboa-installer

2
modoboa_installer/config_dict_template.py
View File

@@ -39,7 +39,7 @@ ConfigDictTemplate = [
},
{
"option": "type",
"default": "rspamd",
"default": "amavis",
"customizable": True,
"question": "Please select your antispam utility",
"values": ["rspamd", "amavis"],

1
modoboa_installer/scripts/files/rspamd/local.d/antivirus.conf.tpl
View File

@@ -7,7 +7,6 @@ clamav {
symbol = "CLAM_VIRUS";
type = "clamav";
servers = "127.0.0.1:3310"
patterns {
# symbol_name = "pattern";
JUST_EICAR = "Test.EICAR";

3
modoboa_installer/scripts/files/rspamd/local.d/arc.conf
View File

@@ -1,3 +0,0 @@
try_fallback = false;
selector_map = "%selector_map_path";
path_map = "%key_map_path";

21
modoboa_installer/scripts/files/rspamd/local.d/dmarc.conf.tpl Normal file
View File

@@ -0,0 +1,21 @@
reporting {
# Required attributes
enabled = true; # Enable reports in general
email = 'postmaster@%hostname'; # Source of DMARC reports
domain = '%hostname'; # Domain to serve
org_name = '%hostname'; # Organisation
# Optional parameters
#bcc_addrs = ["postmaster@example.com"]; # additional addresses to copy on reports
report_local_controller = false; # Store reports for local/controller scans (for testing only)
#helo = 'rspamd.localhost'; # Helo used in SMTP dialog
#smtp = '127.0.0.1'; # SMTP server IP
#smtp_port = 25; # SMTP server port
from_name = '%hostname DMARC REPORT'; # SMTP FROM
msgid_from = 'rspamd'; # Msgid format
#max_entries = 1k; # Maxiumum amount of entries per domain
#keys_expire = 2d; # Expire date for Redis keys
#only_domains = '/path/to/map'; # Only store reports from domains or eSLDs listed in this map
# Available from 3.3
#exclude_domains = '/path/to/map'; # Exclude reports from domains or eSLDs listed in this map
#exclude_domains = ["example.com", "another.com"]; # Alternative, use array to exclude reports from domains or eSLDs
}

5
modoboa_installer/scripts/files/rspamd/local.d/force_actions.conf.tpl Normal file
View File

@@ -0,0 +1,5 @@
rules {
DMARC_POLICY_QUARANTINE {
action = "add header";
}
}

15
modoboa_installer/scripts/rspamd.py
View File

@@ -25,13 +25,19 @@ class Rspamd(base.Installer):
"local.d/arc.conf",
"local.d/mx_check.conf",
"local.d/spf.conf",
"local.d/worker-controller.inc",
"local.d/worker-normal.inc",
"local.d/worker-proxy.inc",
"local.d/greylist.conf",
"local.d/milter_headers.conf",
"local.d/metrics.conf"]
def __init__(self, *args, **kwargs):
super().__init__(self, *args, **kwargs)
self.generate_password_condition = (not self.upgrade or
utils.user_input(
"Do you want to (re)generate rspamd password ? (y/N)").lower().startswith("y")
)
@property
def config_dir(self):
"""Return appropriate config dir."""
@@ -83,10 +89,15 @@ class Rspamd(base.Installer):
_config_files.append("local.d/rbl.conf")
if self.app_config["whitelist_auth"].lower() == "true":
_config_files.append("local.d/groups.conf")
if self.generate_password_condition:
_config_files.append("local.d/worker-controller.inc")
return _config_files
def get_template_context(self):
_context = super().get_template_context()
_context["greylisting_disabled"] = "" if not self.app_config["greylisting"].lower() == "true" else "#"
_context["whitelist_auth_enabled"] = "" if self.app_config["whitelist_auth"].lower() == "true" else "#"
if self.generate_password_condition:
code, controller_password = utils.exec_cmd(
r"rspamadm pw -p {}".format(self.app_config["password"]))
if code != 0:
@@ -98,8 +109,6 @@ class Rspamd(base.Installer):
else:
controller_password = controller_password.decode().replace("\n", "")
_context["controller_password"] = controller_password
_context["greylisting_disabled"] = "" if not self.app_config["greylisting"].lower() == "true" else "#"
_context["whitelist_auth_enabled"] = "" if self.app_config["whitelist_auth"].lower() == "true" else "#"
return _context
def post_run(self):

29
run.py
View File

@@ -85,8 +85,7 @@ def config_file_update_complete(backup_location):
utils.BLUE)
def main(input_args):
"""Install process."""
def parser_setup(input_args):
parser = argparse.ArgumentParser()
versions = (
["latest"] + list(compatibility_matrix.COMPATIBILITY_MATRIX.keys())
@@ -137,7 +136,12 @@ def main(input_args):
help="Skip the checks the installer performs initially")
parser.add_argument("domain", type=str,
help="The main domain of your future mail server")
args = parser.parse_args(input_args)
return parser.parse_args(input_args)
def main(input_args):
"""Install process."""
args = parser_setup(input_args)
if args.debug:
utils.ENV["debug"] = True
@@ -241,19 +245,28 @@ def main(input_args):
scripts.install(appname, config, args.upgrade, args.restore)
system.restart_service("cron")
package.backend.restore_system()
hostname = config.get("general", "hostname")
if not args.restore:
utils.success(
"Congratulations! You can enjoy Modoboa at https://{} (admin:password)"
.format(config.get("general", "hostname"))
f"Congratulations! You can enjoy Modoboa at https://{hostname} "
"(admin:password)"
)
if config.get("rspamd", "enabled"):
rspamd_password = config.get("rspamd", "password")
utils.success(
f"You can also enjoy rspamd at https://{config.get("general", "hostname")}/rspamd ({config.get("rspamd", "password")})"
f"You can also enjoy rspamd at https://{hostname}/rspamd "
f"(password: {rspamd_password})"
)
else:
utils.success(
"Restore complete! You can enjoy Modoboa at https://{} (same credentials as before)"
.format(config.get("general", "hostname"))
f"Restore complete! You can enjoy Modoboa at https://{hostname} "
"(same credentials as before)"
)
if config.get("rspamd", "enabled"):
rspamd_password = config.get("rspamd", "password")
utils.success(
f"You can also enjoy rspamd at https://{hostname}/rspamd "
"(password: {rspamd_password})"
)
utils.success(
"\n"