Skip to content

Commit 6502a5b

Browse files
jnorelljnorell
committed
WIP: rspamd whitelisting and rule priorities
1 parent c2b34ee commit 6502a5b

11 files changed

+117
-95
lines changed

install/lib/installer_base.lib.php

Lines changed: 47 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -1802,6 +1802,10 @@ public function configure_rspamd() {
18021802
mkdir('/etc/rspamd/local.d/', 0755, true);
18031803
}
18041804

1805+
if(!is_dir('/etc/rspamd/local.d/maps.d/')){
1806+
mkdir('/etc/rspamd/local.d/maps.d/', 0755, true);
1807+
}
1808+
18051809
if(!is_dir('/etc/rspamd/override.d/')){
18061810
mkdir('/etc/rspamd/override.d/', 0755, true);
18071811
}
@@ -1833,91 +1837,61 @@ public function configure_rspamd() {
18331837
$tpl->setLoop('whitelist_ips', $whitelist_ips);
18341838
wf('/etc/rspamd/local.d/users.conf', $tpl->grab());
18351839

1836-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_groups.conf.master')) {
1837-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_groups.conf.master /etc/rspamd/local.d/groups.conf');
1838-
} else {
1839-
exec('cp tpl/rspamd_groups.conf.master /etc/rspamd/local.d/groups.conf');
1840-
}
1841-
1842-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_antivirus.conf.master')) {
1843-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_antivirus.conf.master /etc/rspamd/local.d/antivirus.conf');
1844-
} else {
1845-
exec('cp tpl/rspamd_antivirus.conf.master /etc/rspamd/local.d/antivirus.conf');
1846-
}
1847-
1848-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_classifier-bayes.conf.master')) {
1849-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_classifier-bayes.conf.master /etc/rspamd/local.d/classifier-bayes.conf');
1850-
} else {
1851-
exec('cp tpl/rspamd_classifier-bayes.conf.master /etc/rspamd/local.d/classifier-bayes.conf');
1852-
}
1853-
1854-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_greylist.conf.master')) {
1855-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_greylist.conf.master /etc/rspamd/local.d/greylist.conf');
1856-
} else {
1857-
exec('cp tpl/rspamd_greylist.conf.master /etc/rspamd/local.d/greylist.conf');
1858-
}
1859-
1860-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_symbols_antivirus.conf.master')) {
1861-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_symbols_antivirus.conf.master /etc/rspamd/local.d/antivirus_group.conf');
1862-
} else {
1863-
exec('cp tpl/rspamd_symbols_antivirus.conf.master /etc/rspamd/local.d/antivirus_group.conf');
1864-
}
1865-
1866-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_rbl.conf.master')) {
1867-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_rbl.conf.master /etc/rspamd/override.d/rbl_group.conf');
1868-
} else {
1869-
exec('cp tpl/rspamd_override_rbl.conf.master /etc/rspamd/override.d/rbl_group.conf');
1870-
}
1871-
1872-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_surbl.conf.master')) {
1873-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_override_surbl.conf.master /etc/rspamd/override.d/surbl_group.conf');
1874-
} else {
1875-
exec('cp tpl/rspamd_override_surbl.conf.master /etc/rspamd/override.d/surbl_group.conf');
1876-
}
1877-
1878-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_mx_check.conf.master')) {
1879-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_mx_check.conf.master /etc/rspamd/local.d/mx_check.conf');
1880-
} else {
1881-
exec('cp tpl/rspamd_mx_check.conf.master /etc/rspamd/local.d/mx_check.conf');
1882-
}
1883-
1884-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_redis.conf.master')) {
1885-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_redis.conf.master /etc/rspamd/local.d/redis.conf');
1886-
} else {
1887-
exec('cp tpl/rspamd_redis.conf.master /etc/rspamd/local.d/redis.conf');
1888-
}
1889-
1890-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_milter_headers.conf.master')) {
1891-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_milter_headers.conf.master /etc/rspamd/local.d/milter_headers.conf');
1892-
} else {
1893-
exec('cp tpl/rspamd_milter_headers.conf.master /etc/rspamd/local.d/milter_headers.conf');
1894-
}
1895-
1896-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_options.inc.master')) {
1897-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_options.inc.master /etc/rspamd/local.d/options.inc');
1898-
} else {
1899-
exec('cp tpl/rspamd_options.inc.master /etc/rspamd/local.d/options.inc');
1840+
$local_d = array(
1841+
'groups.conf',
1842+
'antivirus.conf',
1843+
'classifier-bayes.conf',
1844+
'greylist.conf',
1845+
'mx_check.conf',
1846+
'redis.conf',
1847+
'milter_headers.conf',
1848+
'options.inc',
1849+
'neural.conf',
1850+
'neural_group.conf',
1851+
'group.conf',
1852+
);
1853+
foreach ($local_d as $f) {
1854+
if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
1855+
exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/local.d/${f}");
1856+
} else {
1857+
exec("cp tpl/rspamd_${f}.master /etc/rspamd/local.d/${f}");
1858+
}
19001859
}
19011860

1902-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural.conf.master')) {
1903-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural.conf.master /etc/rspamd/local.d/neural.conf');
1904-
} else {
1905-
exec('cp tpl/rspamd_neural.conf.master /etc/rspamd/local.d/neural.conf');
1861+
$override_d = array(
1862+
'rbl_group.conf',
1863+
'surbl_group.conf',
1864+
);
1865+
foreach ($override_d as $f) {
1866+
if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
1867+
exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/override.d/${f}");
1868+
} else {
1869+
exec("cp tpl/rspamd_{f}.master /etc/rspamd/override.d/${f}");
1870+
}
19061871
}
19071872

1908-
if(file_exists($conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural_group.conf.master')) {
1909-
exec('cp '.$conf['ispconfig_install_dir'].'/server/conf-custom/install/rspamd_neural_group.conf.master /etc/rspamd/local.d/neural_group.conf');
1910-
} else {
1911-
exec('cp tpl/rspamd_neural_group.conf.master /etc/rspamd/local.d/neural_group.conf');
1873+
$maps_d = array(
1874+
'dkim_whitelist.inc',
1875+
'dmarc_whitelist.inc',
1876+
'spf_dkim_whitelist.inc',
1877+
'spf_whitelist.inc',
1878+
);
1879+
foreach ($maps_d as $f) {
1880+
if(file_exists($conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master")) {
1881+
exec('cp '.$conf['ispconfig_install_dir']."/server/conf-custom/install/rspamd_${f}.master /etc/rspamd/local.d/maps.d/");
1882+
} else {
1883+
exec("cp tpl/rspamd_${f}.master /etc/rspamd/local.d/maps.d/");
1884+
}
19121885
}
19131886

19141887
$tpl = new tpl();
19151888
$tpl->newTemplate('rspamd_dkim_signing.conf.master');
19161889
$tpl->setVar('dkim_path', $mail_config['dkim_path']);
19171890
wf('/etc/rspamd/local.d/dkim_signing.conf', $tpl->grab());
19181891

1919-
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/override.d/*');
1892+
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/local.d/maps.d/* /etc/rspamd/override.d/*');
19201893

1894+
# unneccesary, since this was done above?
19211895
$command = 'usermod -a -G amavis _rspamd';
19221896
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
19231897

install/tpl/dkim_whitelist.inc.master

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# Domain whitelist via valid DKIM policy
2+
# (Prefer to spf_dkim_whitelist for domains that use both SPF and DKIM.)
3+
4+
ispconfig.org
5+

install/tpl/dmarc_whitelist.inc.master

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
# Domain whitelist via valid DMARC policy (aligned SPF and/or aligned DKIM)
2+
3+
comodo.com
4+
geotrust.com
5+
geotrusteurope.com
6+
howtoforge.com
7+
ispconfig.org
8+
letsencrypt.org
9+

install/tpl/rspamd_symbols_antivirus.conf.master renamed to install/tpl/rspamd_antivirus_group.conf.master

File renamed without changes.

install/tpl/rspamd_override_rbl.conf.master renamed to install/tpl/rspamd_rbl_group.conf.master

File renamed without changes.

install/tpl/rspamd_override_surbl.conf.master renamed to install/tpl/rspamd_surbl_group.conf.master

File renamed without changes.

install/tpl/rspamd_users.inc.conf.master

Lines changed: 0 additions & 1 deletion
This file was deleted.

install/tpl/rspamd_whitelist.conf.master

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
rules {
2+
"ISPC_WHITELIST_SPF" = {
3+
valid_spf = true;
4+
domains = [
5+
"$LOCAL_CONFDIR/local.d/maps.d/spf_whitelist.inc.ispc"
6+
];
7+
score = -2.0
8+
inverse_symbol = "ISPC_BLACKLIST_SPF";
9+
}
10+
11+
"ISPC_WHITELIST_DKIM" = {
12+
valid_dkim = true;
13+
domains = [
14+
"$LOCAL_CONFDIR/local.d/maps.d/dkim_whitelist.inc.ispc"
15+
];
16+
score = -2.0;
17+
inverse_symbol = "ISPC_BLACKLIST_DKIM";
18+
}
19+
20+
"ISPC_WHITELIST_SPF_DKIM" = {
21+
valid_spf = true;
22+
valid_dkim = true;
23+
domains = [
24+
"$LOCAL_CONFDIR/local.d/maps.d/spf_dkim_whitelist.inc.ispc"
25+
];
26+
score = -4.0;
27+
inverse_symbol = "ISPC_BLACKLIST_SPF_DKIM";
28+
}
29+
30+
"ISPC_WHITELIST_DMARC" = {
31+
valid_dmarc = true;
32+
domains = [
33+
"$LOCAL_CONFDIR/local.d/maps.d/dmarc_whitelist.inc.ispc"
34+
];
35+
score = -7.0;
36+
inverse_symbol = "ISPC_BLACKLIST_DMARC";
37+
}
38+
}

install/tpl/spf_dkim_whitelist.inc.master

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
# Domain whitelist via valid SPF policy AND valid DKIM policy
2+
# (Prefer to spf_whitelist or dkim_whitelist for domains that use both SPF and DKIM.)
3+
4+
comodo.com
5+
geotrust.com
6+
geotrusteurope.com
7+
letsencrypt.org
8+

install/tpl/spf_whitelist.inc.master

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
# Domain whitelist via valid SPF policy
2+
# (Prefer to spf_dkim_whitelist for domains that use both SPF and DKIM.)
3+
4+
howtoforge.com
5+
ispconfig.org
6+

0 commit comments

Comments
 (0)