Commit e2e795ab authored by Marius Burkard's avatar Marius Burkard
Browse files

Merge branch '6053-rspamd-authenticated-priority-and-misc' into 'develop'

Resolve "rspamd authenticated priority and misc"

Closes #6062 and #6053

See merge request ispconfig/ispconfig3!1411
parents 60c680fa 16fbcda5
......@@ -1802,6 +1802,10 @@ class installer_base {
mkdir('/etc/rspamd/local.d/', 0755, true);
}
if(!is_dir('/etc/rspamd/local.d/maps.d/')){
mkdir('/etc/rspamd/local.d/maps.d/', 0755, true);
}
if(!is_dir('/etc/rspamd/override.d/')){
mkdir('/etc/rspamd/override.d/', 0755, true);
}
......@@ -1810,6 +1814,7 @@ class installer_base {
$mail_config['dkim_path'] = substr($mail_config['dkim_path'], 0, strlen($mail_config['dkim_path'])-1);
}
$dkim_domains = $this->db->queryAllRecords('SELECT `dkim_selector`, `domain` FROM ?? WHERE `dkim` = ? ORDER BY `domain` ASC', $conf['mysql']['database'] . '.mail_domain', 'y');
# should move maps to local.d/maps.d/ ?
$fpp = fopen('/etc/rspamd/local.d/dkim_domains.map', 'w');
$fps = fopen('/etc/rspamd/local.d/dkim_selectors.map', 'w');
foreach($dkim_domains as $dkim_domain) {
......@@ -1820,104 +1825,79 @@ class installer_base {
fclose($fps);
unset($dkim_domains);
# local.d templates with template tags
$tpl = new tpl();
$tpl->newTemplate('rspamd_dkim_signing.conf.master');
$tpl->setVar('dkim_path', $mail_config['dkim_path']);
wf('/etc/rspamd/local.d/dkim_signing.conf', $tpl->grab());
$tpl = new tpl();
$tpl->newTemplate('rspamd_users.conf.master');
$tpl->newTemplate('rspamd_options.inc.master');
$whitelist_ips = array();
$ips = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ?", $conf['server_id']);
$local_addrs = array();
$ips = $this->db->queryAllRecords('SELECT `ip_address`, `ip_type` FROM ?? WHERE `server_id` = ?', $conf['mysql']['database'].'.server_ip', $conf['server_id']);
if(is_array($ips) && !empty($ips)){
foreach($ips as $ip){
$whitelist_ips[] = array('ip' => $ip['ip_address']);
$local_addrs[] = array('quoted_ip' => "\"".$ip['ip_address']."\",\n");
}
}
$tpl->setLoop('local_addrs', $local_addrs);
wf('/etc/rspamd/local.d/options.inc', $tpl->grab());
# local.d templates without template tags
$local_d = array(
'groups.conf',
'antivirus.conf',
'classifier-bayes.conf',
'greylist.conf',
'mx_check.conf',
'redis.conf',
'milter_headers.conf',
'neural.conf',
'neural_group.conf',
'users.conf',
'groups.conf',
);
foreach ($local_d as $f) {
if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/local.d/${f}");
} else {
exec("cp tpl/rspamd_${f}.master /etc/rspamd/local.d/${f}");
}
}
$tpl->setLoop('whitelist_ips', $whitelist_ips);
wf('/etc/rspamd/local.d/users.conf', $tpl->grab());
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_groups.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_groups.conf.master /etc/rspamd/local.d/groups.conf');
} else {
exec('cp tpl/rspamd_groups.conf.master /etc/rspamd/local.d/groups.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_antivirus.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_antivirus.conf.master /etc/rspamd/local.d/antivirus.conf');
} else {
exec('cp tpl/rspamd_antivirus.conf.master /etc/rspamd/local.d/antivirus.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_classifier-bayes.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_classifier-bayes.conf.master /etc/rspamd/local.d/classifier-bayes.conf');
} else {
exec('cp tpl/rspamd_classifier-bayes.conf.master /etc/rspamd/local.d/classifier-bayes.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_greylist.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_greylist.conf.master /etc/rspamd/local.d/greylist.conf');
} else {
exec('cp tpl/rspamd_greylist.conf.master /etc/rspamd/local.d/greylist.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_symbols_antivirus.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_symbols_antivirus.conf.master /etc/rspamd/local.d/antivirus_group.conf');
} else {
exec('cp tpl/rspamd_symbols_antivirus.conf.master /etc/rspamd/local.d/antivirus_group.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_rbl.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_rbl.conf.master /etc/rspamd/override.d/rbl_group.conf');
} else {
exec('cp tpl/rspamd_override_rbl.conf.master /etc/rspamd/override.d/rbl_group.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_surbl.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_surbl.conf.master /etc/rspamd/override.d/surbl_group.conf');
} else {
exec('cp tpl/rspamd_override_surbl.conf.master /etc/rspamd/override.d/surbl_group.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_mx_check.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_mx_check.conf.master /etc/rspamd/local.d/mx_check.conf');
} else {
exec('cp tpl/rspamd_mx_check.conf.master /etc/rspamd/local.d/mx_check.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_redis.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_redis.conf.master /etc/rspamd/local.d/redis.conf');
} else {
exec('cp tpl/rspamd_redis.conf.master /etc/rspamd/local.d/redis.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_milter_headers.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_milter_headers.conf.master /etc/rspamd/local.d/milter_headers.conf');
} else {
exec('cp tpl/rspamd_milter_headers.conf.master /etc/rspamd/local.d/milter_headers.conf');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_options.inc.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_options.inc.master /etc/rspamd/local.d/options.inc');
} else {
exec('cp tpl/rspamd_options.inc.master /etc/rspamd/local.d/options.inc');
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural.conf.master /etc/rspamd/local.d/neural.conf');
} else {
exec('cp tpl/rspamd_neural.conf.master /etc/rspamd/local.d/neural.conf');
# override.d templates without template tags
$override_d = array(
'rbl_group.conf',
'surbl_group.conf',
);
foreach ($override_d as $f) {
if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/override.d/${f}");
} else {
exec("cp tpl/rspamd_${f}.master /etc/rspamd/override.d/${f}");
}
}
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural_group.conf.master')) {
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural_group.conf.master /etc/rspamd/local.d/neural_group.conf');
} else {
exec('cp tpl/rspamd_neural_group.conf.master /etc/rspamd/local.d/neural_group.conf');
# local.d/maps.d templates without template tags
$maps_d = array(
'dkim_whitelist.inc',
'dmarc_whitelist.inc',
'spf_dkim_whitelist.inc',
'spf_whitelist.inc',
);
foreach ($maps_d as $f) {
if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/local.d/maps.d/${f}");
} else {
exec("cp tpl/rspamd_${f}.master /etc/rspamd/local.d/maps.d/${f}");
}
}
$tpl = new tpl();
$tpl->newTemplate('rspamd_dkim_signing.conf.master');
$tpl->setVar('dkim_path', $mail_config['dkim_path']);
wf('/etc/rspamd/local.d/dkim_signing.conf', $tpl->grab());
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/override.d/*');
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/local.d/maps.d/* /etc/rspamd/override.d/*');
# unneccesary, since this was done above?
$command = 'usermod -a -G amavis _rspamd';
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
......
# Domain whitelist via valid DKIM policy
# (Prefer to spf_dkim_whitelist for domains that use both SPF and DKIM.)
ispconfig.org
# Domain whitelist via valid DMARC policy (aligned SPF and/or aligned DKIM)
comodo.com
geotrust.com
geotrusteurope.com
howtoforge.com
ispconfig.org
......@@ -6,5 +6,6 @@ routines {
"X-Spamd-Bar" = 0;
"X-Spam-Level" = 0;
"X-Spam-Status" = 0;
"X-Spam-Flag" = 0;
}
}
local_addrs = "127.0.0.0/8, ::1";
dns {
nameserver = ["127.0.0.1:53:10"];
}
../../server/conf/rspamd_options.inc.master
\ No newline at end of file
# Domain whitelist via valid SPF policy AND valid DKIM policy
# (Prefer to spf_whitelist or dkim_whitelist for domains that use both SPF and DKIM.)
comodo.com
geotrust.com
geotrusteurope.com
# letsencrypt is in rspamd's default spf_dkim_whitelist, only needed if strict:
#letsencrypt.org both:1.0
# Domain whitelist via valid SPF policy
# (Prefer to spf_dkim_whitelist for domains that use both SPF and DKIM.)
howtoforge.com
ispconfig.org
../../server/conf/rspamd_users.conf.master
\ No newline at end of file
settings {
authenticated {
priority = 10;
authenticated = yes;
apply "default" {
symbols_disabled = [];
groups_disabled = ["rbl", "spf"];
}
}
whitelist {
priority = 5;
rcpt = "postmaster";
rcpt = "hostmaster";
rcpt = "abuse";
want_spam = yes;
}
.include(try=true; glob=true) "$LOCAL_CONFDIR/local.d/users/*.conf"
.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/users.local.conf"
}
../../server/conf/rspamd_users.inc.conf.master
\ No newline at end of file
rules {
"ISPC_WHITELIST_SPF" = {
valid_spf = true;
domains = [
"$LOCAL_CONFDIR/local.d/maps.d/spf_whitelist.inc.ispc"
];
score = -2.0
inverse_symbol = "ISPC_BLACKLIST_SPF";
}
"ISPC_WHITELIST_DKIM" = {
valid_dkim = true;
domains = [
"$LOCAL_CONFDIR/local.d/maps.d/dkim_whitelist.inc.ispc"
];
score = -2.0;
inverse_symbol = "ISPC_BLACKLIST_DKIM";
}
"ISPC_WHITELIST_SPF_DKIM" = {
valid_spf = true;
valid_dkim = true;
domains = [
"$LOCAL_CONFDIR/local.d/maps.d/spf_dkim_whitelist.inc.ispc"
];
score = -4.0;
inverse_symbol = "ISPC_BLACKLIST_SPF_DKIM";
}
"ISPC_WHITELIST_DMARC" = {
valid_dmarc = true;
domains = [
"$LOCAL_CONFDIR/local.d/maps.d/dmarc_whitelist.inc.ispc"
];
score = -7.0;
inverse_symbol = "ISPC_BLACKLIST_DMARC";
}
}
......@@ -254,6 +254,8 @@ prepareDBDump();
//* initialize the database
$inst->db = new db();
$inst->db->setDBData($conf['mysql']["host"], $conf['mysql']["ispconfig_user"], $conf['mysql']["ispconfig_password"], $conf['mysql']["port"]);
$inst->db->setDBName($conf['mysql']['database']);
//* initialize the master DB, if we have a multiserver setup
if($conf['mysql']['master_slave_setup'] == 'y') {
......
# Addrs local to this server.
local_addrs = [
"127.0.0.0/8",
"::1",
<tmpl_loop name="local_addrs"> <tmpl_var name='quoted_ip'></tmpl_loop>];
# This list is generated by ISPConfig, place custom addresses/networks in local_networks.inc.
local_networks = "/etc/rspamd/local.d/local_networks.inc";
dns {
nameserver = ["127.0.0.1:53:10"];
}
settings {
authenticated {
priority = 10;
authenticated = yes;
#apply "default" { groups_disabled = ["rbl", "spf"]; }
apply "default" {
#symbols_enabled = [];
symbols_disabled = [];
#groups_enabled = [];
groups_disabled = ["rbl"];
}
}
whitelist {
priority = 10;
rcpt = "postmaster";
rcpt = "hostmaster";
rcpt = "abuse";
want_spam = yes;
}
whitelist-ip {
priority = 10;
<tmpl_loop name="whitelist_ips">
ip = "<tmpl_var name='ip'>";
</tmpl_loop>
want_spam = yes;
}
# whitelist-timmehosting {
# priority = 20;
# from = "@xxx";
# from = "@xxx";
# want_spam = yes;
# }
whitelist-ca {
priority = 20;
from = "@comodo.com";
from = "@geotrust.com";
from = "@geotrusteurope.com";
want_spam = yes;
}
.include(try=true; glob=true) "$LOCAL_CONFDIR/local.d/users/*.conf"
.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/users.local.conf"
}
......@@ -224,11 +224,10 @@ class rspamd_plugin {
unlink($settings_file);
}
} else {
$settings_priority = 20;
if(isset($data[$use_data]['priority'])) {
$settings_priority = intval($data[$use_data]['priority']);
} elseif($is_domain === true) {
$settings_priority = 18;
$settings_priority = ($is_domain ? 10 : 20) + intval($data[$use_data]['priority']);
} else {
$settings_priority = ($is_domain ? 10 : 20) + 5;
}
// get policy for entry
......@@ -405,8 +404,8 @@ class rspamd_plugin {
$tpl->newTemplate('rspamd_wblist.inc.conf.master');
$tpl->setVar('list_scope', ($global_filter ? 'global' : 'spamfilter'));
$tpl->setVar('record_id', $record_id);
// we need to add 10 to priority to avoid mailbox/domain spamfilter settings overriding white/blacklists
$tpl->setVar('priority', intval($data['new']['priority']) + ($global_filter ? 10 : 20));
// add 30/40 to priority to avoid collisions and prefer white/blacklists above mailbox/domain spamfilter settings
$tpl->setVar('priority', intval($data['new']['priority']) + ($global_filter ? 30 : 40));
$tpl->setVar('from', $filter_from);
$tpl->setVar('recipient', $filter_rcpt);
$tpl->setVar('hostname', $filter['hostname']);
......@@ -459,17 +458,17 @@ class rspamd_plugin {
if(is_dir('/etc/rspamd')) {
$tpl = new tpl();
$tpl->newTemplate('rspamd_users.conf.master');
$tpl->newTemplate('rspamd_options.inc.master');
$whitelist_ips = array();
$ips = $app->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ?", $conf['server_id']);
$local_addrs = array();
$ips = $app->db->queryAllRecords('SELECT `ip_address`, `ip_type` FROM ?? WHERE `server_id` = ?', $conf['mysql']['database'].'.server_ip', $conf['server_id']);
if(is_array($ips) && !empty($ips)){
foreach($ips as $ip){
$whitelist_ips[] = array('ip' => $ip['ip_address']);
$local_addrs[] = array('quoted_ip' => "\"".$ip['ip_address']."\",\n");
}
}
$tpl->setLoop('whitelist_ips', $whitelist_ips);
$app->system->file_put_contents('/etc/rspamd/local.d/users.conf', $tpl->grab());
$tpl->setLoop('local_addrs', $local_addrs);
$app->system->file_put_contents('/etc/rspamd/local.d/options.inc', $tpl->grab());
if($mail_config['content_filter'] == 'rspamd'){
$app->services->restartServiceDelayed('rspamd', 'reload');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment