Merge branch '6027-rspamd-redis-server-and-password-fields' into 'develop'

Resolve "rspamd: redis server and password fields"

Closes #6085 and #6027

See merge request ispconfig/ispconfig3!1410

Author: Marius Burkard

install/lib/installer_base.lib.php

@@ -1831,33 +1831,48 @@ public function configure_rspamd() {
 		fclose($fps);
 		unset($dkim_domains);
 
-		# local.d templates with template tags
-		$tpl = new tpl();
-		$tpl->newTemplate('rspamd_dkim_signing.conf.master');
-		$tpl->setVar('dkim_path', $mail_config['dkim_path']);
-		wf('/etc/rspamd/local.d/dkim_signing.conf', $tpl->grab());
-
-		$tpl = new tpl();
-		$tpl->newTemplate('rspamd_options.inc.master');
-
+		# look up values for use in template tags
 		$local_addrs = array();
 		$ips = $this->db->queryAllRecords('SELECT `ip_address`, `ip_type` FROM ?? WHERE `server_id` = ?', $conf['mysql']['database'].'.server_ip', $conf['server_id']);
 		if(is_array($ips) && !empty($ips)){
 			foreach($ips as $ip){
-				$local_addrs[] = array('quoted_ip' => "\"".$ip['ip_address']."\",\n");
+				$local_addrs[] = array(
+					'ip' => $ip['ip_address'],
+					'quoted_ip' => "\"".$ip['ip_address']."\",\n"
+				);
+			}
+		}
+
+		# local.d templates with template tags
+		# note: ensure these template files are in server/conf/ and symlinked in install/tpl/
+		$local_d = array(
+			'dkim_signing.conf',
+			'options.inc',
+			'redis.conf',
+			'classifier-bayes.conf',
+		);
+		foreach ($local_d as $f) {
+			$tpl = new tpl();
+			$tpl->newTemplate("rspamd_${f}.master");
+
+			$tpl->setVar('dkim_path', $mail_config['dkim_path']);
+			$tpl->setVar('rspamd_redis_servers', $mail_config['rspamd_redis_servers']);
+			$tpl->setVar('rspamd_redis_password', $mail_config['rspamd_redis_password']);
+			$tpl->setVar('rspamd_redis_bayes_servers', $mail_config['rspamd_redis_bayes_servers']);
+			$tpl->setVar('rspamd_redis_bayes_password', $mail_config['rspamd_redis_bayes_password']);
+			if(count($local_addrs) > 0) {
+				$tpl->setLoop('local_addrs', $local_addrs);
 			}
+
+			wf("/etc/rspamd/local.d/${f}", $tpl->grab());
 		}
-		$tpl->setLoop('local_addrs', $local_addrs);
-		wf('/etc/rspamd/local.d/options.inc', $tpl->grab());
+
 
 		# local.d templates without template tags
 		$local_d = array(
 			'groups.conf',
 			'antivirus.conf',
-			'classifier-bayes.conf',
-			'greylist.conf',
 			'mx_check.conf',
-			'redis.conf',
 			'milter_headers.conf',
 			'neural.conf',
 			'neural_group.conf',
@@ -1900,8 +1915,15 @@ public function configure_rspamd() {
 			}
 		}
 
+		# rename rspamd templates we no longer use
+		if(file_exists("/etc/rspamd/local.d/greylist.conf")) {
+			rename("/etc/rspamd/local.d/greylist.conf", "/etc/rspamd/local.d/greylist.old");
+		}
 
 		exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/local.d/maps.d/* /etc/rspamd/override.d/*');
+		# protect passwords in these files
+		exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
+		exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
 
 		# unneccesary, since this was done above?
 		$command = 'usermod -a -G amavis _rspamd';

install/tpl/rspamd_classifier-bayes.conf.master

@@ -0,0 +1 @@
+../../server/conf/rspamd_classifier-bayes.conf.master

install/tpl/rspamd_classifier-bayes.conf.master

@@ -0,0 +1 @@
+../../server/conf/rspamd_dkim_signing.conf.master

install/tpl/rspamd_dkim_signing.conf.master

@@ -1,9 +1,8 @@
 enabled = true;
-servers = "localhost";
 key_prefix = "rmx";
 symbol_bad_mx = "MX_INVALID";
 symbol_no_mx = "MX_MISSING";
 symbol_good_mx = "MX_GOOD";
 expire = 86400;
 expire_novalid = 7200;
-greylist_invalid = false;
+greylist_invalid = false;

install/tpl/rspamd_dkim_signing.conf.master

@@ -1,4 +1,3 @@
-servers = 127.0.0.1:6379;
 enabled = true;
 
 rules {
@@ -28,4 +27,4 @@ rules {
     symbol_ham = "NEURAL_HAM_SHORT";
     ann_expire = 1d;
   }
-}
+}

install/tpl/rspamd_greylist.conf.master

@@ -0,0 +1 @@
+../../server/conf/rspamd_redis.conf.master