From 7e25826d4e74526911b4a98ec0bceb9ee4ab8f1d Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 13 Dec 2016 12:26:10 +0100 Subject: [PATCH] Antispam plugin for Dovecot + rspamd pipe script --- README.md | 7 ++++- data/Dockerfiles/dovecot/Dockerfile | 26 +++++++++++++++++-- data/Dockerfiles/dovecot/rspamd-pipe | 6 +++++ data/conf/dovecot/dovecot.conf | 13 +++++++--- .../rspamd/override.d/worker-controller.inc | 5 ++++ 5 files changed, 51 insertions(+), 6 deletions(-) create mode 100755 data/Dockerfiles/dovecot/rspamd-pipe diff --git a/README.md b/README.md index 701d2a54..ba8031af 100644 --- a/README.md +++ b/README.md @@ -145,7 +145,7 @@ Connect to redis database: ./n-build-redis.sh --client ``` -### Rspamd examples +### Some examples Use rspamadm: ``` @@ -157,6 +157,11 @@ Use rspamc: docker exec -it rspamd-mailcow rspamc --help ``` +Use doveadm: +``` +docker exec -it dovecot-mailcow doveadm +``` + ### Remove persistent data MariaDB: diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile index 3970ea8a..d1a254ae 100644 --- a/data/Dockerfiles/dovecot/Dockerfile +++ b/data/Dockerfiles/dovecot/Dockerfile @@ -3,10 +3,32 @@ MAINTAINER Andre Peters ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update +RUN apt-get update \ + && apt-get -y install dovecot-common \ + dovecot-core \ + dovecot-imapd \ + dovecot-lmtpd \ + dovecot-managesieved \ + dovecot-sieve \ + dovecot-mysql \ + dovecot-pop3d \ + dovecot-dev \ + wget \ + build-essential \ + autotools-dev \ + automake -RUN apt-get -y install dovecot-common dovecot-core dovecot-imapd dovecot-lmtpd dovecot-managesieved dovecot-sieve dovecot-mysql dovecot-pop3d +WORKDIR /tmp +RUN wget http://hg.dovecot.org/dovecot-antispam-plugin/archive/tip.tar.gz -O - | tar xvz \ + && cd /tmp/dovecot-antispam* \ + && ./autogen.sh \ + && ./configure --prefix=/usr \ + && make \ + && make install +ADD rspamd-pipe /usr/local/bin/rspamd-pipe + +RUN chmod +x /usr/local/bin/rspamd-pipe RUN groupadd -g 5000 vmail RUN useradd -g vmail -u 5000 vmail -d /var/vmail diff --git a/data/Dockerfiles/dovecot/rspamd-pipe b/data/Dockerfiles/dovecot/rspamd-pipe new file mode 100755 index 00000000..55342eae --- /dev/null +++ b/data/Dockerfiles/dovecot/rspamd-pipe @@ -0,0 +1,6 @@ +#!/bin/bash +if [[ ${1} == "learn_spam" ]]; then +/usr/bin/curl --data-binary @- http://rspamd:11334/learnspam < /dev/stdin +elif [[ ${1} == "learn_ham" ]]; then +/usr/bin/curl --data-binary @- http://rspamd:11334/learnham < /dev/stdin +fi diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index 2f962781..930b4c3f 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -10,7 +10,7 @@ disable_plaintext_auth = yes login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k" mail_home = /var/vmail/%d/%n mail_location = maildir:~/ -mail_plugins = quota acl +mail_plugins = quota acl zlib antispam auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ ssl_protocols = !SSLv3 !SSLv2 ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA @@ -190,10 +190,10 @@ userdb { driver = sql } protocol imap { - mail_plugins = quota imap_quota imap_acl acl + mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib antispam } protocol lmtp { - mail_plugins = quota sieve acl + mail_plugins = quota sieve acl zlib auth_socket_path = /var/run/dovecot/auth-master } protocol sieve { @@ -205,6 +205,13 @@ plugin { acl = vfile quota = dict:Userquota::proxy::sqlquota quota_rule2 = Trash:storage=+100%% + antispam_backend = mailtrain + antispam_spam = Junk + antispam_trash = Trash + antispam_mail_sendmail = /usr/local/bin/rspamd-pipe + antispam_mail_spam = learn_spam + antispam_mail_notspam = learn_ham + #antispam_mail_sendmail_args = sieve = /var/vmail/sieve/%u.sieve sieve_after = /var/vmail/sieve/global.sieve sieve_max_script_size = 1M diff --git a/data/conf/rspamd/override.d/worker-controller.inc b/data/conf/rspamd/override.d/worker-controller.inc index 381850a0..5c9c8e56 100644 --- a/data/conf/rspamd/override.d/worker-controller.inc +++ b/data/conf/rspamd/override.d/worker-controller.inc @@ -1,2 +1,7 @@ bind_socket = "*:11334"; enable_password ="$2$ibe1yt89kq5rtb9juy8z7cmkt1yg5d9w$bezuyyo8o4kge13rzj8epasdf6ojsgo1jgojce8msbt5bsq9n3dy"; +secure_ip = "192.168.0.0/16"; +secure_ip = "172.16.0.0/12"; +secure_ip = "10.0.0.0/8"; +secure_ip = "127.0.0.1"; +secure_ip = "::1";