[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve)

2020-01-10 20:39:11 +01:00 · 2020-01-10 20:39:11 +01:00 · 03cbed5002
parent dc97d4f365
commit 03cbed5002
2 changed files with 18 additions and 3 deletions
--- a/data/Dockerfiles/rspamd/docker-entrypoint.sh
+++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh
@ -27,7 +27,7 @@ until [[ ! -z ${DOVECOT_V4} ]]; do
  DOVECOT_V4=$(dig a dovecot +short)
  DOVECOT_V6=$(dig aaaa dovecot +short)
  [[ ! -z ${DOVECOT_V4} ]] && break;
-  echo "Waiting for Dovecot"
+  echo "Waiting for Dovecot..."
  sleep 3
 done
 echo ${DOVECOT_V4}/32 > /etc/rspamd/custom/dovecot_trusted.map
@ -35,6 +35,20 @@ if [[ ! -z ${DOVECOT_V6} ]]; then
  echo ${DOVECOT_V6}/128 >> /etc/rspamd/custom/dovecot_trusted.map
 fi

+RSPAMD_V4=
+RSPAMD_V6=
+until [[ ! -z ${RSPAMD_V4} ]]; do
+  RSPAMD_V4=$(dig a rspamd +short)
+  RSPAMD_V6=$(dig aaaa rspamd +short)
+  [[ ! -z ${RSPAMD_V4} ]] && break;
+  echo "Waiting for Rspamd..."
+  sleep 3
+done
+echo ${RSPAMD_V4}/32 > /etc/rspamd/custom/rspamd_trusted.map
+if [[ ! -z ${RSPAMD_V6} ]]; then
+  echo ${RSPAMD_V6}/128 >> /etc/rspamd/custom/rspamd_trusted.map
+fi
+
 chown -R _rspamd:_rspamd /var/lib/rspamd \
  /etc/rspamd/local.d \
  /etc/rspamd/override.d \
@ -53,6 +67,7 @@ touch /etc/rspamd/custom/global_mime_from_blacklist.map \
  /etc/rspamd/custom/bad_languages.map \
  /etc/rspamd/custom/sa-rules \
  /etc/rspamd/custom/dovecot_trusted.map \
+  /etc/rspamd/custom/rspamd_trusted.map \
  /etc/rspamd/custom/ip_wl.map \
  /etc/rspamd/custom/fishy_tlds.map \
  /etc/rspamd/custom/bad_words.map \
--- a/data/conf/rspamd/local.d/dkim_signing.conf
+++ b/data/conf/rspamd/local.d/dkim_signing.conf
@ -1,13 +1,13 @@
 # If false, messages with empty envelope from are not signed
 allow_envfrom_empty = false;
 # If true, envelope/header domain mismatch is ignored
-allow_hdrfrom_mismatch = false;
+allow_hdrfrom_mismatch = true;
 # If true, multiple from headers are allowed (but only first is used)
 allow_hdrfrom_multiple = true;
 # If true, username does not need to contain matching domain
 allow_username_mismatch = true;
 # If false, messages from authenticated users are not selected for signing
-auth_only = true;
+auth_only = false;
 # Default path to key, can include '$domain' and '$selector' variables
 path = "/data/dkim/keys/$domain.dkim";
 # Default selector to use