Rspamd: more features (#3159)

2025-07-12 18:34:52 +02:00 · 2023-03-18 23:32:48 +08:00 · 2023-03-18 23:32:48 +08:00 · e58dd1b95b
commit e58dd1b95b
parent e890ba46a3
20 changed files with 339 additions and 109 deletions
--- a/target/scripts/startup/setup.d/dovecot.sh
+++ b/target/scripts/startup/setup.d/dovecot.sh
@ -40,54 +40,6 @@ function _setup_dovecot

  esac

-  # enable Managesieve service by setting the symlink
-  # to the configuration file Dovecot will actually find
-  if [[ ${ENABLE_MANAGESIEVE} -eq 1 ]]
-  then
-    _log 'trace' 'Sieve management enabled'
-    mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol
-  fi
-
-  # copy pipe and filter programs, if any
-  rm -f /usr/lib/dovecot/sieve-filter/*
-  rm -f /usr/lib/dovecot/sieve-pipe/*
-  [[ -d /tmp/docker-mailserver/sieve-filter ]] && cp /tmp/docker-mailserver/sieve-filter/* /usr/lib/dovecot/sieve-filter/
-  [[ -d /tmp/docker-mailserver/sieve-pipe ]] && cp /tmp/docker-mailserver/sieve-pipe/* /usr/lib/dovecot/sieve-pipe/
-
-  # create global sieve directories
-  mkdir -p /usr/lib/dovecot/sieve-global/before
-  mkdir -p /usr/lib/dovecot/sieve-global/after
-
-  if [[ -f /tmp/docker-mailserver/before.dovecot.sieve ]]
-  then
-    cp /tmp/docker-mailserver/before.dovecot.sieve /usr/lib/dovecot/sieve-global/before/50-before.dovecot.sieve
-    sievec /usr/lib/dovecot/sieve-global/before/50-before.dovecot.sieve
-  else
-    rm -f /usr/lib/dovecot/sieve-global/before/50-before.dovecot.sieve /usr/lib/dovecot/sieve-global/before/50-before.dovecot.svbin
-  fi
-
-  if [[ -f /tmp/docker-mailserver/after.dovecot.sieve ]]
-  then
-    cp /tmp/docker-mailserver/after.dovecot.sieve /usr/lib/dovecot/sieve-global/after/50-after.dovecot.sieve
-    sievec /usr/lib/dovecot/sieve-global/after/50-after.dovecot.sieve
-  else
-    rm -f /usr/lib/dovecot/sieve-global/after/50-after.dovecot.sieve /usr/lib/dovecot/sieve-global/after/50-after.dovecot.svbin
-  fi
-
-  # sieve will move spams to .Junk folder when SPAMASSASSIN_SPAM_TO_INBOX=1 and MOVE_SPAM_TO_JUNK=1
-  if [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 1 ]] && [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]
-  then
-    _log 'debug' 'Spam messages will be moved to the Junk folder'
-    cp /etc/dovecot/sieve/before/60-spam.sieve /usr/lib/dovecot/sieve-global/before/
-    sievec /usr/lib/dovecot/sieve-global/before/60-spam.sieve
-  else
-    rm -f /usr/lib/dovecot/sieve-global/before/60-spam.sieve /usr/lib/dovecot/sieve-global/before/60-spam.svbin
-  fi
-
-  chown docker:docker -R /usr/lib/dovecot/sieve*
-  chmod 550 -R /usr/lib/dovecot/sieve*
-  chmod -f +x /usr/lib/dovecot/sieve-pipe/*
-
  if [[ ${ENABLE_POP3} -eq 1 ]]
  then
    _log 'debug' 'Enabling POP3 services'
@ -97,6 +49,47 @@ function _setup_dovecot
  [[ -f /tmp/docker-mailserver/dovecot.cf ]] && cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf
 }

+function _setup_dovecot_sieve
+{
+  mkdir -p /usr/lib/dovecot/sieve-{filter,global,pipe}
+  mkdir -p /usr/lib/dovecot/sieve-global/{before,after}
+
+  # enable Managesieve service by setting the symlink
+  # to the configuration file Dovecot will actually find
+  if [[ ${ENABLE_MANAGESIEVE} -eq 1 ]]
+  then
+    _log 'trace' 'Sieve management enabled'
+    mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol
+  fi
+
+  if [[ -d /tmp/docker-mailserver/sieve-filter ]]
+  then
+    cp /tmp/docker-mailserver/sieve-filter/* /usr/lib/dovecot/sieve-filter/
+  fi
+  if [[ -d /tmp/docker-mailserver/sieve-pipe ]]
+  then
+    cp /tmp/docker-mailserver/sieve-pipe/* /usr/lib/dovecot/sieve-pipe/
+  fi
+
+  if [[ -f /tmp/docker-mailserver/before.dovecot.sieve ]]
+  then
+    cp \
+      /tmp/docker-mailserver/before.dovecot.sieve \
+      /usr/lib/dovecot/sieve-global/before/50-before.dovecot.sieve
+    sievec /usr/lib/dovecot/sieve-global/before/50-before.dovecot.sieve
+  fi
+  if [[ -f /tmp/docker-mailserver/after.dovecot.sieve ]]
+  then
+    cp \
+      /tmp/docker-mailserver/after.dovecot.sieve \
+      /usr/lib/dovecot/sieve-global/after/50-after.dovecot.sieve
+    sievec /usr/lib/dovecot/sieve-global/after/50-after.dovecot.sieve
+  fi
+
+  chown dovecot:root -R /usr/lib/dovecot/sieve-*
+  find /usr/lib/dovecot/sieve-* -type d -exec chmod 755 {} \;
+  chmod +x /usr/lib/dovecot/sieve-{filter,pipe}/*
+}

 function _setup_dovecot_quota
 {
--- a/target/scripts/startup/setup.d/security/misc.sh
+++ b/target/scripts/startup/setup.d/security/misc.sh
@ -263,3 +263,29 @@ function __setup__security__amavis
    fi
  fi
 }
+
+# We can use Sieve to move spam emails to the "Junk" folder.
+function _setup_spam_to_junk
+{
+  if [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]
+  then
+    _log 'debug' 'Spam emails will be moved to the Junk folder'
+    cat >/usr/lib/dovecot/sieve-global/after/spam_to_junk.sieve << EOF
+require ["fileinto","mailbox"];
+
+if anyof (header :contains "X-Spam-Flag" "YES",
+          header :contains "X-Spam" "Yes") {
+    fileinto "Junk";
+}
+EOF
+    sievec /usr/lib/dovecot/sieve-global/after/spam_to_junk.sieve
+    chown dovecot:root /usr/lib/dovecot/sieve-global/after/spam_to_junk.{sieve,svbin}
+
+    if [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 0 ]]
+    then
+      _log 'warning' "'SPAMASSASSIN_SPAM_TO_INBOX=0' but it is required to be 1 for 'MOVE_SPAM_TO_JUNK=1' to work"
+    fi
+  else
+    _log 'debug' 'Spam emails will not be moved to the Junk folder'
+  fi
+}
--- a/target/scripts/startup/setup.d/security/rspamd.sh
+++ b/target/scripts/startup/setup.d/security/rspamd.sh
@ -7,10 +7,18 @@ function _setup_rspamd
    _log 'warn' 'Rspamd integration is work in progress - expect (breaking) changes at any time'
    _log 'debug' 'Enabling and configuring Rspamd'

-    __rspamd__preflight_checks
+    __rspamd__preflight_checks_and_setup
    __rspamd__adjust_postfix_configuration
    __rspamd__disable_default_modules
    __rspamd__handle_modules_configuration
+
+    if [[ ${RSPAMD_LEARN} -eq 1 ]]
+    then
+      __rspamd__log 'debug' 'Enabling and configuring learning'
+      __rspamd__setup_learning
+    else
+      __rspamd__log 'debug' 'Learning is disabled'
+    fi
  else
    _log 'debug' 'Rspamd is disabled'
  fi
@ -28,7 +36,7 @@ function __rspamd__log { _log "${1:-}" "(Rspamd setup) ${2:-}" ; }
 #
 # This will also check whether Amavis is enabled and emit a warning as
 # we discourage users from running Amavis & Rspamd at the same time.
-function __rspamd__preflight_checks
+function __rspamd__preflight_checks_and_setup
 {
  touch /var/lib/rspamd/stats.ucl

@ -225,3 +233,46 @@ function __rspamd__handle_modules_configuration
    done < <(_get_valid_lines_from_file "${RSPAMD_CUSTOM_COMMANDS_FILE}")
  fi
 }
+
+# This function sets up intelligent learning of Junk, by
+#
+# 1. enabling auto-learn for the classifier-bayes module
+# 2. setting up sieve scripts that detect when a user is moving e-mail
+#    from or to the "Junk" folder, and learning them as ham or spam.
+function __rspamd__setup_learning
+{
+  __rspamd__log 'debug' 'Setting up intelligent learning of spam and ham'
+
+  local SIEVE_PIPE_BIN_DIR='/usr/lib/dovecot/sieve-pipe'
+  ln -s "$(type -f -P rspamc)" "${SIEVE_PIPE_BIN_DIR}/rspamc"
+
+  sedfile -i -E 's|(mail_plugins =.*)|\1 imap_sieve|' /etc/dovecot/conf.d/20-imap.conf
+  sedfile -i -E '/^}/d' /etc/dovecot/conf.d/90-sieve.conf
+  cat >>/etc/dovecot/conf.d/90-sieve.conf << EOF
+
+  # From elsewhere to Junk folder
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_before = file:${SIEVE_PIPE_BIN_DIR}/learn-spam.sieve
+
+  # From Junk folder to elsewhere
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Junk
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_before = file:${SIEVE_PIPE_BIN_DIR}/learn-ham.sieve
+}
+EOF
+
+  cat >"${SIEVE_PIPE_BIN_DIR}/learn-spam.sieve" << EOF
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+pipe :copy "rspamc" ["-h", "127.0.0.1:11334", "learn_spam"];
+EOF
+
+  cat >"${SIEVE_PIPE_BIN_DIR}/learn-ham.sieve" << EOF
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+pipe :copy "rspamc" ["-h", "127.0.0.1:11334", "learn_ham"];
+EOF
+
+  sievec "${SIEVE_PIPE_BIN_DIR}/learn-spam.sieve"
+  sievec "${SIEVE_PIPE_BIN_DIR}/learn-ham.sieve"
+}
--- a/target/scripts/startup/variables-stack.sh
+++ b/target/scripts/startup/variables-stack.sh
@ -55,6 +55,7 @@ function __environment_variables_general_setup
  VARS[POSTGREY_MAX_AGE]="${POSTGREY_MAX_AGE:=35}"
  VARS[POSTGREY_TEXT]="${POSTGREY_TEXT:=Delayed by Postgrey}"
  VARS[POSTSCREEN_ACTION]="${POSTSCREEN_ACTION:=enforce}"
+  VARS[RSPAMD_LEARN]="${RSPAMD_LEARN:=0}"
  VARS[SA_KILL]=${SA_KILL:="6.31"}
  VARS[SA_SPAM_SUBJECT]=${SA_SPAM_SUBJECT:="***SPAM*** "}
  VARS[SA_TAG]=${SA_TAG:="2.0"}