Add rspamd

2021-01-10 22:02:37 +00:00 · 2021-01-10 22:02:37 +00:00 · 9eb395ffc1
parent 7539d2575e
commit 9eb395ffc1
10 changed files with 59 additions and 19 deletions
--- a/configs/postfix/APKBUILD
+++ b/configs/postfix/APKBUILD
@ -1,8 +1,8 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-postfix
-pkgver=2021.01.07
-pkgrel=12
+pkgver=2021.01.10
+pkgrel=0
 pkgdesc="Postfix configuration files"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@ -25,6 +25,6 @@ package() {
 }

 sha512sums="0c7bcc9e63762b12937938e31b25ed6a84508061fef2913625d7c89b1d6e4f27dfbe2065aca2f75e7c3a62d38cd613afc70af40526d7fd11c942bc4ba8b59515  master.cf
-255a7e27c066573615028974edee02f929863d3e7801e293dce9bae12b5c9806101f22741fef32f2e828d8d017bcb492da70bd2ac93b16ab6cc200e4a343702e  main.cf
+b79fe66dbdd52c5e30bb06a13ce973d87136dd5dc50c749ba676b118d930343590d2e93c836ee0c5e9c622dfb6b8d082b5a557b8cf19bee7fa45b24fab8c4715  main.cf
 a1778901dbc12de543d9d5897b9d50ee5ebe47b7ef6ed87a0087249657f146ff8493de455d32016660cca3c8d669592e0ea9fbe9b6696d92cac6f014277f29e5  pgsql-aliases.cf
 72c50fe20b4d1a7ea2e60fb2cac0164814ab41011eb7f0d67a8a5715a0cc43d3ad573f198a7933eb130f68ec5c25c558fad791300e5bb25e020ca76a4303db4c  pgsql-users.cf"
--- a/configs/postfix/main.cf
+++ b/configs/postfix/main.cf
@ -63,9 +63,9 @@ smtpd_sasl_local_domain = $myorigin
 mailbox_transport = lmtp:unix:/run/dovecot/lmtp

 # OpenDKIM & RSpamD
-#milter_default_action = tempfail
-#milter_protocol = 6
+milter_default_action = tempfail
+milter_protocol = 6

-#smtpd_milters = local:/run/opendkim/opendkim.sock inet:127.0.0.1:11332
-#non_smtpd_milters = local:/run/opendkim/opendkim.sock inet:127.0.0.1:11332
-#internal_mail_filter_classes = bounce, notify
+smtpd_milters = inet:rspamd.routinginfo.redxen.localhost:11332
+non_smtpd_milters = inet:rspamd.routinginfo.redxen.localhost:11332
+internal_mail_filter_classes = bounce, notify
--- a/configs/rspamd/APKBUILD
+++ b/configs/rspamd/APKBUILD
@ -2,7 +2,7 @@
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-rspamd
 pkgver=2021.01.10
-pkgrel=6
+pkgrel=9
 pkgdesc="RSpamD configuration"
 url="https://git.redxen.eu/RedXen"
 arch="noarch"
@ -58,16 +58,16 @@ sha512sums="99985993e5d7c525280020e7dc30106b3efbaa8ae2830a5069ad4270a8336d33efca
 d42a74d17771497960477878eedda2a00a434cbc1e994b015c21b4f631e24836cb6a7b14a24a2cb42ed15425b7758dc307a6cf602a770cfb0cc20b6f90064af9  redis.conf
 a3849ae55a68c90afd913ed18f6b210803f5dbaa2beab5abf23a84b9b4bcb48e617023123724222c1f74a005bf03e1c94e3fa1ded5a6f252d9c2ac317dabc1a2  rbl.conf
 6ca83b91e70e43eff6de380065fc5591c6669a27497a47d74e5e096df68afea6269cfad41be982bb144f2dfb92fd5765a600cf9c4067c4612bd1aa1bf5e6ebfd  phishing.conf
-72840316e3a8905a6e087147b33355c1250209831423871783a4cda5c22dd1ec376ff4da1db05a3a763bd763b6a8ce8b0af9cccf7a3b0c0d0bc507fd3fe40f8f  milter_headers.conf
+213c45837e9e09dd69b194b9ed5e938fbcef102d0549f820a6881744c7b91cb41f98961bbfa8346dcef1f05e276761195945ba852fc6683defe6b26fbd411019  milter_headers.conf
 08966d0a3c077a12a1113f774e11d51d3c7d04bb45914e295324e8aa51c3d75b55395c256a905c6d9ae1e98a004a9e6b3b37d36fce810a426dd5d90408331c0a  maillist.conf
 8660fd01589476bbc01bbe75bed392faa55f55fa9b6fea77be79f339cefb43ddbacdbe193ad136c42da91d4ef7f1e1ec40fc5f8f4f398d04bcebf51d5a59ad1f  greylist.conf
 227f215b4e65bff86428502425f1295b21e0f6e8c4b990e4f19aa8e1bb3f1cee18d1b8644e1223edb606292c786e814acc68d276562c8fb4f23fdce6b538689a  fuzzy_check.conf
 e14c3683b48dde5584cbcd0bd5811f6111a201635dd7400d7703003b4c98255d10be9b64ee81784c1fe1df50159e12d6777086c5a18ee9b14be852d233cf6dc5  dmarc.conf
 ad3fa5e3c4c3d7b882c9e85bdde3b1949a32f2f2c9dd43e38977d828e7b6740d31002c502f24a0ea2e27105d5a6b1af7b7140c5d8e306f90c3f7d28c1e4607d5  dkim.conf
 dcec5c53bd29c345ed5c47727af9a8d11328cc8f69ae61064ba3b053ee306baa79b747067097b2354a1fecd6e6527d56d14c79be22c94531f2a5ddc41ce3ca7e  chartable.conf
-e95cd76aacc8c24ba499e5ff2853a3bef17a0b2b76fa46bb2fb7b31f73f7a62027f3569ee5ed283ede8611af68bd246e10e38dfe71665dea3073aad39068f109  rspamd.conf
+8c72f2172f306fea251303e4c88661041dd217999dc0b8e42076cb4e6832e279bf078eca44e7c7c36ee5ec18a1ec94cf0bed9bd6853498678a7664a783aa54f7  rspamd.conf
 667ec0331c811730e096e27f5e8659062239f46e3ccd148411984bb4d83b8770cc0d7d3c74dd5a2da71781e9b99d4bcb5a700cbd5f56ae8e17f7c4e50519ffb2  composites.conf
 4ea651877607573126a731619801458798c1e8e4de3522462af4c71adc38141d09a0c75c2c83a33698e3c51095d0b7d364e1ceb3aa534a4157106370a7800e4a  groups.conf
 78df39cbc6e09cdc5e01d27e123d82aa677a70a6f5d59ba0be8d0ce6af012c5311e4a2527e4fbc586f9cdd8da033e9f05e2371970fa23db60eaa8c16c8e85f05  logging.conf
 2d27d5ac1800ee28948f8fcc276cc5c62c97a19d01dde2263eadf3ec4f8eb3bbb8417f4271324c5cfbf1ebd60759aa9047849ea803da96c8632c21966b794e6c  statistic.conf
-8fd778a46ce497a2399b455ba423c5a6308082ac41ac21cac4dbf65447e151e115ef21ac9820ab84f445af8530bc915b8c7394d28eb4b8179c3143c1817093b8  workers.conf"
+6d8cec7d31b7eeae5f62697f300c6dd2c85dd882240d11aa8db70e1870130607388b6823d3bfbebcfa2b8fc4c2f29650d9f53d3313b4a369f862576215ccb4cb  workers.conf"
--- a/configs/rspamd/modules/milter_headers.conf
+++ b/configs/rspamd/modules/milter_headers.conf
@ -1,6 +1,9 @@
 milter_headers {
+	use = ["authentication-results"];
 	extended_spam_headers = true;
 	authenticated_headers = ["authentication-results"];
+	skip_local = false;
+	skip_authenticated = true;
 	spf_symbols {
 		pass = "R_SPF_ALLOW";
 		fail = "R_SPF_FAIL";
--- a/configs/rspamd/rspamd.conf
+++ b/configs/rspamd/rspamd.conf
@ -57,7 +57,7 @@ actions {
 .include "${CONFDIR}/redxen/statistic.conf"

 lua = "$RULESDIR/rspamd.lua"
-.include(glob=true) "${CONFDIR}/redxen/modules/*.conf"
 modules {
 	path = "${PLUGINSDIR}";
 }
+.include(glob=true) "${CONFDIR}/redxen/modules/*.conf"
--- a/configs/rspamd/workers.conf
+++ b/configs/rspamd/workers.conf
@ -1,17 +1,18 @@
 worker "normal" {
 	count = 1;
-	bind_socket = "localhost:11333";
+	bind_socket = "*:11333";
 	mime = true;
 }

 worker "controller" {
+	enabled = false;
 	count = -1;
-	bind_socket = "localhost:11334";
+	bind_socket = "*:11334";
 }

 worker "rspamd_proxy" {
 	count = 1;
-	bind_socket = "localhost:11332";
+	bind_socket = "*:11332";
 	milter = yes;
 	timeout = 120s; # Needed for Milter usually
 	max_retries = 5;
@ -27,7 +28,7 @@ worker "rspamd_proxy" {

 worker "fuzzy" {
 	count = 1;
-	bind_socket = "localhost:11335";
+	bind_socket = "*:11335";
 	backend = "redis";
 	expire = 90d;
 	allow_update = [];
--- a/configs/unbound/APKBUILD
+++ b/configs/unbound/APKBUILD
@ -1,7 +1,7 @@
 # Contributor: Alex Denes <caskd@redxen.eu>
 # Maintainer: Alex Denes <caskd@redxen.eu>
 pkgname=redxen-config-unbound
-pkgver=2021.01.07
+pkgver=2021.01.10
 pkgrel=0
 pkgdesc="Unbound configurations and some other stuff."
 url="https://git.redxen.eu/RedXen"
@ -61,6 +61,6 @@ sha512sums="f402b87071a3059992242b7dbce0aaea2f20ec4e5fc4e855160d5ebc75be7dd3d4cb
 d3754ced9d8055ff7f1d364a93c403bba3f220a60ea519bceee5e9c43112d6a00d20d15cf659fdd6ad6834cf14afd6ecb5d9e1497ff2932572fd970750655749  base.conf
 75709787e0872197c83def93b343550934f6b2e4903873aaf72f357fb8b4a1d7c5b8ba84913f052ad01aeca03f58ca589a22bf867c1c2e40e01f9588c7c580c4  acl.conf
 d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa  rctrl.conf
-2183abc076166cd2026ccbf8d65e51870ca26a6fe11fbe48f2dbf9e8b8801b8b7c91c3607b2a48a254aeb8e364564fea361a2e3eccf13e0477542f7f3919bb5c  internal.conf
+0571d43230f420ef9ba1fe2b20aba7fca9bedc986363610368473289e9b636a8a4b76b20cb7efbe4a355d65c0633bc6aa97f826cec596d993240157cd5fa2493  internal.conf
 28c917fe7f69643887097553312c4f1ffc747dffdbf150430e6c4b2e5833567922810716cb59a27887915664777ac3263be3c826956f504499f0ebdcc0b3aac5  auth-zones.conf
 06ff10c9bc4f75fea4d04125d1fd24d311cbf4c7d9d89be07ceca296f5bd2bc237064fc98597ccb31f572721690ea50e8eafac6804ac2338268065f3f86abaae  redxen.eu"
--- a/configs/unbound/internal.conf
+++ b/configs/unbound/internal.conf
@ -27,6 +27,7 @@ server:
 	local-data: "postgresql.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
 	local-data: "redis.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
 	local-data: "influxdb.routinginfo.redxen.localhost. 86400 IN AAAA 201:5d63:154:f0c6:9789:1899:6acb:1805"
+	local-data: "rspamd.routinginfo.redxen.localhost. 86400 IN AAAA 200:2749:8af:bdf9:f011:997e:7bbb:35f3"

 	# Legacy machines (pre-migration)
 	local-data: "6051167.nbg1-dc3.hetzner.redxen.localhost. 86400 IN A 10.0.0.4"
--- a/openrc/rspamd/APKBUILD
+++ b/openrc/rspamd/APKBUILD
@ -0,0 +1,22 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=redxen-openrc-rspamd
+pkgver=2021.01.10
+pkgrel=0
+pkgdesc="RSpamD OpenRC service files"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+depends="openrc rspamd-openrc redxen-config-rspamd"
+options="!check"
+source="
+	conffile
+"
+builddir="$srcdir"
+
+package() {
+	mkdir -p "$pkgdir"/etc/init.d
+	ln -s rspamd "$pkgdir"/etc/init.d/rspamd.redxen
+	install -Dm644 conffile "$pkgdir"/etc/conf.d/rspamd.redxen
+}
+sha512sums="917a359a4aa48d36b62838db6e21c7e55df5d5394366511c49bb8d9f3c61e682eee6d76d9482ce8d572d96aeeb704dd460ab95d14ad7384c5f31cd869146dced  conffile"
--- a/openrc/rspamd/conffile
+++ b/openrc/rspamd/conffile
@ -0,0 +1,13 @@
+# Configuration for /etc/init.d/rspamd
+
+# User and group to run rspamd workers.
+#command_user="rspamd:rspamd"
+
+# Path of the main configuration file.
+cfgfile="/etc/rspamd/redxen/rspamd.conf"
+
+# Where to log startup configuration checking:
+# - /dev/null - silent if check pass (default)
+# - /dev/stdout - always print output on the curent terminal
+# - /path/filename - append output to the specified logfile
+#startuplog="/var/log/rspamd/startup.log"