From 4396be2938a7bc7571033d093fb9f81c453f4b1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9?= Date: Sun, 30 Sep 2018 09:53:25 +0200 Subject: [PATCH] [Rspamd] Place socket in _rspamd home and fix permissions [Compose] Remove volume for Rspamd socket [Web] Do not exit loop on fuzzy errors when learning a message as spam --- data/Dockerfiles/dovecot/rspamd-pipe-ham | 4 ++-- data/Dockerfiles/dovecot/rspamd-pipe-spam | 4 ++-- data/Dockerfiles/postfix/rspamd-pipe-ham | 4 ++-- data/Dockerfiles/postfix/rspamd-pipe-spam | 4 ++-- data/Dockerfiles/rspamd/docker-entrypoint.sh | 1 + data/Dockerfiles/watchdog/watchdog.sh | 2 +- .../rspamd/override.d/worker-controller.inc | 2 +- data/web/inc/functions.inc.php | 2 +- data/web/inc/functions.quarantine.inc.php | 23 +++++++++---------- data/web/json_api.php | 2 +- data/web/lang/lang.de.php | 2 +- data/web/lang/lang.en.php | 2 +- data/web/lang/lang.nl.php | 2 +- docker-compose.yml | 10 ++++---- 14 files changed, 31 insertions(+), 33 deletions(-) diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-ham b/data/Dockerfiles/dovecot/rspamd-pipe-ham index 9d961be0..9b26817c 100755 --- a/data/Dockerfiles/dovecot/rspamd-pipe-ham +++ b/data/Dockerfiles/dovecot/rspamd-pipe-ham @@ -3,7 +3,7 @@ FILE=/tmp/mail$$ cat > $FILE trap "/bin/rm -f $FILE" 0 1 2 3 13 15 -cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnham -cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/fuzzyadd +cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnham +cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd exit 0 diff --git a/data/Dockerfiles/dovecot/rspamd-pipe-spam b/data/Dockerfiles/dovecot/rspamd-pipe-spam index 3b9e3497..d06aa919 100755 --- a/data/Dockerfiles/dovecot/rspamd-pipe-spam +++ b/data/Dockerfiles/dovecot/rspamd-pipe-spam @@ -3,7 +3,7 @@ FILE=/tmp/mail$$ cat > $FILE trap "/bin/rm -f $FILE" 0 1 2 3 13 15 -cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnspam -cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/fuzzyadd +cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnspam +cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd exit 0 diff --git a/data/Dockerfiles/postfix/rspamd-pipe-ham b/data/Dockerfiles/postfix/rspamd-pipe-ham index 9d961be0..9b26817c 100755 --- a/data/Dockerfiles/postfix/rspamd-pipe-ham +++ b/data/Dockerfiles/postfix/rspamd-pipe-ham @@ -3,7 +3,7 @@ FILE=/tmp/mail$$ cat > $FILE trap "/bin/rm -f $FILE" 0 1 2 3 13 15 -cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnham -cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/fuzzyadd +cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnham +cat ${FILE} | /usr/bin/curl -H "Flag: 13" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd exit 0 diff --git a/data/Dockerfiles/postfix/rspamd-pipe-spam b/data/Dockerfiles/postfix/rspamd-pipe-spam index 3b9e3497..d06aa919 100755 --- a/data/Dockerfiles/postfix/rspamd-pipe-spam +++ b/data/Dockerfiles/postfix/rspamd-pipe-spam @@ -3,7 +3,7 @@ FILE=/tmp/mail$$ cat > $FILE trap "/bin/rm -f $FILE" 0 1 2 3 13 15 -cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/learnspam -cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/fuzzyadd +cat ${FILE} | /usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/learnspam +cat ${FILE} | /usr/bin/curl -H "Flag: 11" -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/fuzzyadd exit 0 diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh index 1e255d3c..4972124c 100755 --- a/data/Dockerfiles/rspamd/docker-entrypoint.sh +++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh @@ -1,6 +1,7 @@ #!/bin/bash chown -R _rspamd:_rspamd /var/lib/rspamd +chmod 755 /var/lib/rspamd [[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Placeholder' > /etc/rspamd/override.d/worker-controller-password.inc [[ ! -f /etc/rspamd/custom/sa-rules-heinlein ]] && echo '# to be auto-filled by dovecot-mailcow' > /etc/rspamd/custom/sa-rules-heinlein diff --git a/data/Dockerfiles/watchdog/watchdog.sh b/data/Dockerfiles/watchdog/watchdog.sh index b412ccaf..ab528a78 100755 --- a/data/Dockerfiles/watchdog/watchdog.sh +++ b/data/Dockerfiles/watchdog/watchdog.sh @@ -226,7 +226,7 @@ rspamd_checks() { while [ ${err_count} -lt ${THRESHOLD} ]; do host_ip=$(get_container_ip rspamd-mailcow) err_c_cur=${err_count} - SCORE=$(/usr/bin/curl -s --data-binary @- --unix-socket /rspamd-sock/rspamd.sock http://rspamd/scan -d ' + SCORE=$(/usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/scan -d ' To: null@localhost From: watchdog@localhost diff --git a/data/conf/rspamd/override.d/worker-controller.inc b/data/conf/rspamd/override.d/worker-controller.inc index 9750f4a5..4d4ffe6f 100644 --- a/data/conf/rspamd/override.d/worker-controller.inc +++ b/data/conf/rspamd/override.d/worker-controller.inc @@ -2,6 +2,6 @@ bind_socket = "*:11334"; count = 1; secure_ip = "127.0.0.1"; secure_ip = "::1"; -bind_socket = "/rspamd-sock/rspamd.sock mode=0666 owner=nobody"; +bind_socket = "/var/lib/rspamd/rspamd.sock mode=0666 owner=nobody"; .include(try=true; priority=10) "$CONFDIR/override.d/worker-controller-password.inc" .include(try=true; priority=20) "$CONFDIR/override.d/worker-controller.custom.inc" diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index f915d5d0..af93d193 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -1409,7 +1409,7 @@ function get_logs($container, $lines = false) { } if ($container == "rspamd-history") { $curl = curl_init(); - curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock'); + curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock'); if (!is_numeric($lines)) { list ($from, $to) = explode('-', $lines); curl_setopt($curl, CURLOPT_URL,"http://rspamd/history?from=" . intval($from) . "&to=" . intval($to)); diff --git a/data/web/inc/functions.quarantine.inc.php b/data/web/inc/functions.quarantine.inc.php index c92a2cdd..14f38b8f 100644 --- a/data/web/inc/functions.quarantine.inc.php +++ b/data/web/inc/functions.quarantine.inc.php @@ -221,13 +221,13 @@ function quarantine($_action, $_data = null) { continue; } $curl = curl_init(); - curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock'); + curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_TIMEOUT, 30); - curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain')); + curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain')); curl_setopt($curl, CURLOPT_URL,"http://rspamd/learnspam"); - curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']); + curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']); $response = curl_exec($curl); if (!curl_errno($curl)) { $response = json_decode($response, true); @@ -243,23 +243,22 @@ function quarantine($_action, $_data = null) { } curl_close($curl); $curl = curl_init(); - curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock'); + curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_TIMEOUT, 30); - curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 11')); + curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: text/plain', 'Flag: 11')); curl_setopt($curl, CURLOPT_URL,"http://rspamd/fuzzyadd"); - curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']); + curl_setopt($curl, CURLOPT_POSTFIELDS, $row['msg']); $response = curl_exec($curl); if (!curl_errno($curl)) { $response = json_decode($response, true); if (isset($response['error'])) { $_SESSION['return'][] = array( - 'type' => 'danger', + 'type' => 'warning', 'log' => array(__FUNCTION__), 'msg' => array('fuzzy_learn_error', $response['error']) ); - continue; } curl_close($curl); try { @@ -279,7 +278,7 @@ function quarantine($_action, $_data = null) { $_SESSION['return'][] = array( 'type' => 'success', 'log' => array(__FUNCTION__), - 'msg' => 'qlearn_spam' + 'msg' => array('qlearn_spam', $id) ); continue; } @@ -288,7 +287,7 @@ function quarantine($_action, $_data = null) { $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__), - 'msg' => array('spam_learn_error', 'curl error ' . curl_errno($curl)) + 'msg' => array('spam_learn_error', 'Curl: ' . curl_strerror(curl_errno($curl))) ); continue; } @@ -301,12 +300,12 @@ function quarantine($_action, $_data = null) { continue; } else { - curl_close($curl); $_SESSION['return'][] = array( 'type' => 'danger', 'log' => array(__FUNCTION__), - 'msg' => array('spam_learn_error', 'curl error ' . curl_errno($curl)) + 'msg' => array('spam_learn_error', 'Curl: ' . curl_strerror(curl_errno($curl))) ); + curl_close($curl); continue; } curl_close($curl); diff --git a/data/web/json_api.php b/data/web/json_api.php index 98525de7..adeb162e 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -164,7 +164,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u switch ($object) { case "actions": $curl = curl_init(); - curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/rspamd-sock/rspamd.sock'); + curl_setopt($curl, CURLOPT_UNIX_SOCKET_PATH, '/var/lib/rspamd/rspamd.sock'); curl_setopt($curl, CURLOPT_URL,"http://rspamd/stat"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $data = curl_exec($curl); diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php index 2c26cdcf..4cb2e789 100644 --- a/data/web/lang/lang.de.php +++ b/data/web/lang/lang.de.php @@ -618,7 +618,7 @@ $lang['quarantine']['subj'] = "Betreff"; $lang['quarantine']['text_plain_content'] = "Inhalt (text/plain)"; $lang['quarantine']['text_from_html_content'] = "Inhalt (html, konvertiert)"; $lang['quarantine']['atts'] = "Anhänge"; -$lang['danger']['fuzzy_learn_error'] = "Fuzzy Lernfehler: %s"; +$lang['warning']['fuzzy_learn_error'] = "Fuzzy Lernfehler: %s"; $lang['danger']['spam_learn_error'] = "Spam Lernfehler: %s"; $lang['success']['qlearn_spam'] = "Nachricht ID %s wurde als Spam gelernt und gelöscht"; diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index bd85b15e..9e5dc9ec 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -631,7 +631,7 @@ $lang['quarantine']['subj'] = "Subject"; $lang['quarantine']['text_plain_content'] = "Content (text/plain)"; $lang['quarantine']['text_from_html_content'] = "Content (converted html)"; $lang['quarantine']['atts'] = "Attachments"; -$lang['danger']['fuzzy_learn_error'] = "Fuzzy hash learn error: %s"; +$lang['warning']['fuzzy_learn_error'] = "Fuzzy hash learn error: %s"; $lang['danger']['spam_learn_error'] = "Spam learn error: %s"; $lang['success']['qlearn_spam'] = "Message ID %s was learned as spam and deleted"; diff --git a/data/web/lang/lang.nl.php b/data/web/lang/lang.nl.php index 385c0c04..3f87089b 100644 --- a/data/web/lang/lang.nl.php +++ b/data/web/lang/lang.nl.php @@ -592,7 +592,7 @@ $lang['quarantine']['subj'] = "Onderwerp"; $lang['quarantine']['text_plain_content'] = "Inhoud (tekst)"; $lang['quarantine']['text_from_html_content'] = "Inhoud (geconverteerde html)"; $lang['quarantine']['atts'] = "Bijlagen"; -$lang['danger']['fuzzy_learn_error'] = "Fuzzy hash training-fout: %s"; +$lang['warning']['fuzzy_learn_error'] = "Fuzzy hash training-fout: %s"; $lang['danger']['spam_learn_error'] = "Spamtraining-fout: %s"; $lang['success']['qlearn_spam'] = "Bericht %s werd als spam geclassificeerd en is verwijderd"; diff --git a/docker-compose.yml b/docker-compose.yml index 0eff3b00..6af00108 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -84,7 +84,6 @@ services: - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro - - rspamd-sock:/rspamd-sock - rspamd-vol-1:/var/lib/rspamd restart: always dns: @@ -104,7 +103,7 @@ services: volumes: - ./data/web:/web:rw - ./data/conf/rspamd/dynmaps:/dynmaps:ro - - rspamd-sock:/rspamd-sock + - rspamd-vol-1:/var/lib/rspamd - mysql-socket-vol-1:/var/run/mysqld/ - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro - ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf @@ -171,7 +170,7 @@ services: - vmail-vol-1:/var/vmail - crypt-vol-1:/mail_crypt/ - ./data/conf/rspamd/custom/:/etc/rspamd/custom - - rspamd-sock:/rspamd-sock + - rspamd-vol-1:/var/lib/rspamd - mysql-socket-vol-1:/var/run/mysqld/ environment: - LOG_LINES=${LOG_LINES:-9999} @@ -209,7 +208,7 @@ services: - ./data/assets/ssl:/etc/ssl/mail/:ro - postfix-vol-1:/var/spool/postfix - crypt-vol-1:/var/lib/zeyple - - rspamd-sock:/rspamd-sock + - rspamd-vol-1:/var/lib/rspamd - mysql-socket-vol-1:/var/run/mysqld/ environment: - LOG_LINES=${LOG_LINES:-9999} @@ -343,7 +342,7 @@ services: build: ./data/Dockerfiles/watchdog oom_kill_disable: true volumes: - - rspamd-sock:/rspamd-sock + - rspamd-vol-1:/var/lib/rspamd - mysql-socket-vol-1:/var/run/mysqld/ restart: always environment: @@ -406,4 +405,3 @@ volumes: rspamd-vol-1: postfix-vol-1: crypt-vol-1: - rspamd-sock: