feature: provide better rspamd suppport (#3016)

* added options to toggle OpenDKIM & OpenDMARC rspamd can provide DKIM signing and DMARC checking itself, so users should be able to disable OpenDKIM & OpenDMARC. The default is left at 1, so users have to to opt-in when the want to disable the features. * misc small enhancements * adjusted start of rspamd The order of starting redis + rspamd was reversed (now correct) and rspamd now starts with the correct user. * adjusted rspamd core configuration The main configuration was revised. This includes AV configuration as well as worker/proxy/controller configuration used to control the main rspamd processes. The configuration is not tested extensively, but well enough that I am confident to go forward with it until we declare rspamd support as stable. * update & improve the documentation * add tests These are some initial tests which test the most basic functionality. * tests(refactor): Improve consistency and documentation for test helpers (#3012) * added `ALWAYS_RUN` target `Makefile` recipies (#3013) This ensures the recipies are always run. Co-authored-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com> * adjusted rspamd test to refactored test helper functions * improve documentation * apply suggestions from code review (no. 1 by @polarthene) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * streamline heredoc (EOM -> EOF) * adjust rspamd test (remove unnecessary run arguments) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2025-08-03 01:24:52 +02:00 · 2023-01-25 10:28:59 +01:00 · 2023-01-25 10:28:59 +01:00 · 555fbb78c4
commit 555fbb78c4
parent 2033eeaf54
22 changed files with 324 additions and 50 deletions
--- a/test/test-files/email-templates/rspamd-spam.txt
+++ b/test/test-files/email-templates/rspamd-spam.txt
@ -0,0 +1,13 @@
+HELO mail.example.test
+MAIL FROM: spam@example.test
+RCPT TO: user1@localhost.localdomain
+DATA
+From: Docker Mail Server <spam@example.test>
+To: Existing Local User <user1@localhost.localdomain>
+Date: Sat, 21 Jan 2023 11:11:11 +0000
+Subject: Test Message rspamd-spam.txt
+This is a test mail.
+XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
+
+.
+QUIT
--- a/test/test-files/email-templates/rspamd-virus.txt
+++ b/test/test-files/email-templates/rspamd-virus.txt
@ -0,0 +1,12 @@
+HELO mail.example.test
+MAIL FROM: virus@example.test
+RCPT TO: user1@localhost.localdomain
+DATA
+From: Docker Mail Server <dockermailserver@external.tld>
+To: Existing Local User <user1@localhost.localdomain>
+Date: Sat, 21 Jan 2023 11:11:11 +0000
+Subject: Test Message rspamd-virus.txt
+X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
+
+.
+QUIT
--- a/test/tests/parallel/set1/spam_virus/rspamd.bats
+++ b/test/tests/parallel/set1/spam_virus/rspamd.bats
@ -0,0 +1,96 @@
+load "${REPOSITORY_ROOT}/test/helper/setup"
+load "${REPOSITORY_ROOT}/test/helper/common"
+
+BATS_TEST_NAME_PREFIX='[rspamd] '
+CONTAINER_NAME='dms-test_rspamd'
+
+function setup_file() {
+  _init_with_defaults
+
+  # Comment for maintainers about `PERMIT_DOCKER=host`:
+  # https://github.com/docker-mailserver/docker-mailserver/pull/2815/files#r991087509
+  local CUSTOM_SETUP_ARGUMENTS=(
+    --env ENABLE_CLAMAV=1
+    --env ENABLE_RSPAMD=1
+    --env ENABLE_OPENDKIM=0
+    --env ENABLE_OPENDMARC=0
+    --env PERMIT_DOCKER=host
+    --env LOG_LEVEL=trace
+  )
+
+  _common_container_setup 'CUSTOM_SETUP_ARGUMENTS'
+
+  # wait for ClamAV to be fully setup or we will get errors on the log
+  _repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
+
+  _wait_for_service redis
+  _wait_for_service rspamd
+  _wait_for_service postfix
+  _wait_for_smtp_port_in_container
+
+  # We will send 3 emails: the first one should pass just fine; the second one should
+  # be rejected due to spam; the third one should be rejected due to a virus.
+  _run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
+  assert_success
+  _run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/rspamd-spam.txt"
+  assert_success
+  _run_in_container_bash "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/rspamd-virus.txt"
+  assert_success
+
+  _wait_for_empty_mail_queue_in_container "${CONTAINER_NAME}"
+}
+
+function teardown_file() { _default_teardown ; }
+
+@test "Postfix's main.cf was adjusted" {
+  _run_in_container grep -q 'smtpd_milters = inet:localhost:11332' /etc/postfix/main.cf
+  assert_success
+}
+
+@test "logs exist and contains proper content" {
+  _should_contain_string_rspamd 'rspamd .* is loading configuration'
+  _should_contain_string_rspamd 'lua module clickhouse is disabled in the configuration'
+  _should_contain_string_rspamd 'lua module dkim_signing is disabled in the configuration'
+  _should_contain_string_rspamd 'lua module elastic is disabled in the configuration'
+  _should_contain_string_rspamd 'lua module rbl is disabled in the configuration'
+  _should_contain_string_rspamd 'lua module reputation is disabled in the configuration'
+  _should_contain_string_rspamd 'lua module spamassassin is disabled in the configuration'
+  _should_contain_string_rspamd 'lua module url_redirector is disabled in the configuration'
+  _should_contain_string_rspamd 'lua module metric_exporter is disabled in the configuration'
+}
+
+@test "normal mail passes fine" {
+  _should_contain_string_rspamd 'F (no action)'
+
+  run docker logs -n 100 "${CONTAINER_NAME}"
+  assert_success
+  assert_output --partial "stored mail into mailbox 'INBOX'"
+}
+
+@test "detects and rejects spam" {
+  _should_contain_string_rspamd 'S (reject)'
+  _should_contain_string_rspamd 'reject "Gtube pattern"'
+
+  run docker logs -n 100 "${CONTAINER_NAME}"
+  assert_success
+  assert_output --partial 'milter-reject'
+  assert_output --partial '5.7.1 Gtube pattern'
+}
+
+@test "detects and rejects virus" {
+  _should_contain_string_rspamd 'T (reject)'
+  _should_contain_string_rspamd 'reject "ClamAV FOUND VIRUS "Eicar-Signature"'
+
+  run docker logs -n 8 "${CONTAINER_NAME}"
+  assert_success
+  assert_output --partial 'milter-reject'
+  assert_output --partial '5.7.1 ClamAV FOUND VIRUS "Eicar-Signature"'
+  refute_output --partial "stored mail into mailbox 'INBOX'"
+}
+
+function _should_contain_string_rspamd() {
+  local STRING=${1:?No string provided to _should_contain_string_rspamd}
+
+  _run_in_container grep -q "${STRING}" /var/log/supervisor/rspamd.log
+  assert_success
+}
--- a/test/tests/parallel/set3/process-check-restart.bats
+++ b/test/tests/parallel/set3/process-check-restart.bats
@ -34,8 +34,6 @@ function teardown() { _default_teardown ; }

 # These processes should always be running:
 CORE_PROCESS_LIST=(
-  opendkim
-  opendmarc
  master
 )

@ -46,6 +44,8 @@ ENV_PROCESS_LIST=(
  dovecot
  fail2ban-server
  fetchmail
+  opendkim
+  opendmarc
  postgrey
  postsrsd
  saslauthd
@ -58,6 +58,8 @@ ENV_PROCESS_LIST=(
    --env ENABLE_CLAMAV=0
    --env ENABLE_FAIL2BAN=0
    --env ENABLE_FETCHMAIL=0
+    --env ENABLE_OPENDKIM=0
+    --env ENABLE_OPENDMARC=0
    --env ENABLE_POSTGREY=0
    --env ENABLE_SASLAUTHD=0
    --env ENABLE_SRS=0
@ -93,6 +95,8 @@ ENV_PROCESS_LIST=(
    --env ENABLE_AMAVIS=1
    --env ENABLE_FAIL2BAN=1
    --env ENABLE_FETCHMAIL=1
+    --env ENABLE_OPENDKIM=1
+    --env ENABLE_OPENDMARC=1
    --env FETCHMAIL_PARALLEL=1
    --env ENABLE_POSTGREY=1
    --env ENABLE_SASLAUTHD=1