mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-07-30 23:54:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Rspamd: replace reject_unknown_client_hostname with Rspamd HFILTER_HOSTNAME_UNKNOWN and make it configurable (#3248)

Browse source
This commit is contained in:
Georg Lauterbach 2023-04-11 18:51:23 +02:00 committed by GitHub
parent 806d3efef9
commit 9a284150b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 96 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

36
target/scripts/startup/setup.d/security/rspamd.sh
View file

@ -15,6 +15,7 @@ function _setup_rspamd
__rspamd__setup_default_modules
__rspamd__setup_learning
__rspamd__setup_greylisting
__rspamd__setup_hfilter_group
__rspamd__handle_user_modules_adjustments # must run last
_log 'trace' 'Rspamd setup finished'
@ -138,6 +139,9 @@ function __rspamd__setup_default_modules
{
__rspamd__log 'debug' 'Disabling default modules'
# This array contains all the modules we disable by default. They
# can be re-enabled later (in `__rspamd__handle_user_modules_adjustments`)
# with `rspamd-modules.conf`.
local DISABLE_MODULES=(
clickhouse
elastic
@ -202,7 +206,8 @@ EOF
fi
}
# Sets up greylisting based on the environment variable RSPAMD_GREYLISTING.
# Sets up greylisting with the greylisting module (see
# https://rspamd.com/doc/modules/greylisting.html).
function __rspamd__setup_greylisting
{
if [[ ${RSPAMD_GREYLISTING} -eq 1 ]]
@ -214,6 +219,35 @@ function __rspamd__setup_greylisting
fi
}
# This function handles setup of the Hfilter module (see
# https://www.rspamd.com/doc/modules/hfilter.html). This module is mainly
# used for hostname checks, and whether or not a reverse-DNS check
# succeeds.
function __rspamd__setup_hfilter_group
{
local MODULE_FILE='/etc/rspamd/local.d/hfilter_group.conf'
if [[ ${RSPAMD_HFILTER} -eq 1 ]]
then
__rspamd__log 'debug' 'Hfilter (group) module is enabled'
# Check if we received a number first
if [[ ! ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE} =~ ^[0-9][1-9]*$ ]]
then
__rspamd__log 'warn' "'RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE' is not a number (${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE}) but was expected to be!"
elif [[ ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE} -ne 6 ]]
then
__rspamd__log 'trace' "Adjusting score for 'HFILTER_HOSTNAME_UNKNOWN' in Hfilter group module to ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE}"
sed -i -E \
"s|(.*score =).*(# __TAG__HFILTER_HOSTNAME_UNKNOWN)|\1 ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE}; \2|g" \
"${MODULE_FILE}"
else
__rspamd__log 'trace' "Not adjusting score for 'HFILTER_HOSTNAME_UNKNOWN' in Hfilter group module"
fi
else
__rspamd__log 'debug' 'Disabling Hfilter (group) module'
rm -f "${MODULE_FILE}"
fi
}
# Parses `RSPAMD_CUSTOM_COMMANDS_FILE` and executed the directives given by the file.
# To get a detailed explanation of the commands and how the file works, visit
# https://docker-mailserver.github.io/docker-mailserver/edge/config/security/rspamd/#with-the-help-of-a-custom-file

2
target/scripts/startup/variables-stack.sh
View file

@ -56,6 +56,8 @@ function __environment_variables_general_setup
VARS[POSTGREY_TEXT]="${POSTGREY_TEXT:=Delayed by Postgrey}"
VARS[POSTSCREEN_ACTION]="${POSTSCREEN_ACTION:=enforce}"
VARS[RSPAMD_GREYLISTING]="${RSPAMD_GREYLISTING:=0}"
VARS[RSPAMD_HFILTER]="${RSPAMD_HFILTER:=1}"
VARS[RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE]="${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE:=6}"
VARS[RSPAMD_LEARN]="${RSPAMD_LEARN:=0}"
VARS[SA_KILL]=${SA_KILL:="10.0"}
VARS[SA_SPAM_SUBJECT]=${SA_SPAM_SUBJECT:="***SPAM*** "}