feature: provide better rspamd suppport (#3016)

* added options to toggle OpenDKIM & OpenDMARC rspamd can provide DKIM signing and DMARC checking itself, so users should be able to disable OpenDKIM & OpenDMARC. The default is left at 1, so users have to to opt-in when the want to disable the features. * misc small enhancements * adjusted start of rspamd The order of starting redis + rspamd was reversed (now correct) and rspamd now starts with the correct user. * adjusted rspamd core configuration The main configuration was revised. This includes AV configuration as well as worker/proxy/controller configuration used to control the main rspamd processes. The configuration is not tested extensively, but well enough that I am confident to go forward with it until we declare rspamd support as stable. * update & improve the documentation * add tests These are some initial tests which test the most basic functionality. * tests(refactor): Improve consistency and documentation for test helpers (#3012) * added `ALWAYS_RUN` target `Makefile` recipies (#3013) This ensures the recipies are always run. Co-authored-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com> * adjusted rspamd test to refactored test helper functions * improve documentation * apply suggestions from code review (no. 1 by @polarthene) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * streamline heredoc (EOM -> EOF) * adjust rspamd test (remove unnecessary run arguments) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2025-08-03 17:44:49 +02:00 · 2023-01-25 10:28:59 +01:00 · 2023-01-25 10:28:59 +01:00 · 555fbb78c4
commit 555fbb78c4
parent 2033eeaf54
22 changed files with 324 additions and 50 deletions
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@ -71,20 +71,18 @@ Set the timezone. If this variable is unset, the container runtime will try to d

 ##### ENABLE_RSPAMD

+Enable or disable Rspamd.
+
 !!! warning "Current State"

-    Rspamd-support is under active development. Be aware that breaking changes can happen at any time. Moreover, you will _currently_ need to adjust Postfix's configuration _yourself_ if you want to use Rspamd; you may use [`user-patches.sh`][docs-userpatches].
+    Rspamd-support is under active development. Be aware that breaking changes can happen at any time.

-    You will need to add Rspamd to the `smtpd_milters` in Postfix's `main.cf`. This can easily be done with `sed`: `sed -i -E 's|^(smtpd_milters = .*)|\1,inet:localhost:11332|g' /etc/postfix/main.cf`. Moreover, have a look at the [integration of Rspamd into Postfx](https://rspamd.com/doc/integration.html). You will need to provide additional configuration files at the moment (to `/etc/rspamd/local.d/`) to make Rspamd run in milter-mode.
+    Currently, rspamd is integrated into Postfix as a milter. However, there is no official DKIM/DMARC support for rspamd in DMS as of now (WIP). To get more information, see [the detailed documentation page for Rspamd][docs-rspamd].

-[docs-userpatches]: ./advanced/override-defaults/user-patches.md
-
-!!! bug "Rspamd and DNS Block Lists"
+!!! warning "Rspamd and DNS Block Lists"

    When you use Rspamd, you might want to use the [RBL module](https://rspamd.com/doc/modules/rbl.html). If you do, make sure your DNS resolver is set up correctly (i.e. it should be a non-public recursive resolver). Otherwise, you [might not be able](https://www.spamhaus.org/faq/section/DNSBL%20Usage#365) to make use of the block lists.

-Enable or disable Rspamd.
-
 - **0** => disabled
 - 1 => enabled

@ -114,16 +112,30 @@ Note: Emails will be rejected, if they don't pass the block list checks!
 - **0** => DNS block lists are disabled
 - 1     => DNS block lists are enabled

-##### ENABLE_CLAMAV
+##### ENABLE_OPENDKIM

- **0** => ClamAV is disabled
- 1 => ClamAV is enabled
+Enables the OpenDKIM service.
+
+- **1** => Enabled
+- 0 => Disabled
+
+##### ENABLE_OPENDMARC
+
+Enables the OpenDMARC service.
+
+- **1** => Enabled
+- 0 => Disabled

 ##### ENABLE_POP3

 - **empty** => POP3 service disabled
 - 1 => Enables POP3 service

+##### ENABLE_CLAMAV
+
+- **0** => ClamAV is disabled
+- 1 => ClamAV is enabled
+
 ##### ENABLE_FAIL2BAN

 - **0** => fail2ban service disabled
@ -776,6 +788,7 @@ you to replace both instead of just the envelope sender.
 - **empty** => no default
 - password for default relay user

+[docs-rspamd]: ./security/rspamd.md
 [docs-faq-onedir]: ../faq.md#what-about-docker-datadmsmail-state-folder-varmail-state-internally
 [docs-tls]: ./security/ssl.md
 [docs-tls-letsencrypt]: ./security/ssl.md#lets-encrypt-recommended