Add optional support deleting spam for score > 10 (hestiacp#2206)

jaapmarcus · ScIT-Raphael · web-flow · commit 4f546ba7fc1c · 2022-04-17T17:56:07.000+02:00
* Add optional delete spam Optional delete email if SPAM is greater than 10.00 points. Add "*** SPAM ***" to the subject to emails considered SPAM (more than 5.0 points). Add "*** VIRUS ***" to the subject if you have detected a virus. @madito * Update installers * Add upgrade script * Update upgrade script start editing UI * Fix shell check bug * New bug in code * Spacing * Spacing Co-authored-by: Raphael <rs@scit.ch>
diff --git a/bin/v-add-mail-domain-reject b/bin/v-add-mail-domain-reject
@@ -0,0 +1,75 @@
+#!/bin/bash
+# info: add mail domain reject spam
+# options: USER DOMAIN
+# labels: mail
+#
+# example: v-add-mail-domain-antivirus admin mydomain.tld
+#
+# The function enables clamav scan for incoming emails.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/domain.sh
+source $HESTIA/func/domain.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+
+# Additional argument formatting
+format_domain
+format_domain_idn
+# TODO: $domain_idn not used in this script - maybe $domain should be converted to $doman_idn ?
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'mail' 'DOMAIN' "$domain"
+is_object_unsuspended 'mail' 'DOMAIN' "$domain"
+is_object_value_empty 'mail' 'DOMAIN' "$domain" '$REJECT'
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Adding antivirus flag
+if [[ "$MAIL_SYSTEM" =~ exim ]]; then
+    # Reject spam > 10 when enabled
+    touch $HOMEDIR/$user/conf/mail/$domain/reject_spam
+fi
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Adding antivirus in config
+update_object_value 'mail' 'DOMAIN' "$domain" '$REJECT' 'yes'
+
+# Logging
+$BIN/v-log-action "$user" "Info" "Mail" "Anti-virus scanning enabled (Domain: $domain)."
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-delete-mail-domain-reject b/bin/v-delete-mail-domain-reject
@@ -0,0 +1,74 @@
+#!/bin/bash
+# info: delete mail domain reject spam support
+# options: USER DOMAIN
+# labels: mail
+#
+# example: v-delete-mail-domain-antispam admin mydomain.tld
+#
+# The function disable spamassasin for incoming emails.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/domain.sh
+source $HESTIA/func/domain.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+# Additional argument formatting
+format_domain
+format_domain_idn
+# TODO: $domain_idn not used in this script - maybe $domain should be converted to $doman_idn ?
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'mail' 'DOMAIN' "$domain"
+is_object_unsuspended 'mail' 'DOMAIN' "$domain"
+is_object_value_exist 'mail' 'DOMAIN' "$domain" '$REJECT'
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Delete antispam flag
+if [[ "$MAIL_SYSTEM" =~ exim ]]; then
+    # Reject spam > 10 when enabled
+    rm -f $HOMEDIR/$user/conf/mail/$domain/reject_spam
+fi
+
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Delete antispam in config
+update_object_value 'mail' 'DOMAIN' "$domain" '$REJECT' 'no'
+
+# Logging
+$BIN/v-log-action "$user" "Info" "Mail" "Anti-spam protection disabled (Domain: $domain)."
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-list-mail-domain b/bin/v-list-mail-domain
@@ -34,6 +34,7 @@ json_list() {
         "CATCHALL": "'$CATCHALL'",
         "ACCOUNTS": "'$ACCOUNTS'",
         "RATE_LIMIT": "'$RATE_LIMIT'",
+        "REJECT": "'$REJECT'",
         "U_DISK": "'$U_DISK'",
         "SSL": "'$SSL'",
         "LETSENCRYPT": "'$LETSENCRYPT'",
@@ -60,6 +61,8 @@ shell_list() {
     echo "ACCOUNTS:           $ACCOUNTS"
     echo "DISK:               $U_DISK"
     echo "SSL:                $SSL"
+    echo "RATE_LIMIT:         $RATE_LIMIT"
+    echo "REJECT:             $REJECT"
     echo "LETSENCRYPT:        $LETSENCRYPT"
     echo "SUSPENDED:          $SUSPENDED"
     echo "TIME:               $TIME"
diff --git a/func/rebuild.sh b/func/rebuild.sh
@@ -566,6 +566,7 @@ rebuild_mail_domain_conf() {
         rm -f $HOMEDIR/$user/conf/mail/$domain/accounts
         rm -f $HOMEDIR/$user/conf/mail/$domain/aliases
         rm -f $HOMEDIR/$user/conf/mail/$domain/antispam
+        rm -f $HOMEDIR/$user/conf/mail/$domain/reject_spam
         rm -f $HOMEDIR/$user/conf/mail/$domain/antivirus
         rm -f $HOMEDIR/$user/conf/mail/$domain/protection
         rm -f $HOMEDIR/$user/conf/mail/$domain/passwd
@@ -592,6 +593,11 @@ rebuild_mail_domain_conf() {
         if [ "$ANTIVIRUS" = 'yes' ]; then
             touch $HOMEDIR/$user/conf/mail/$domain/antivirus
         fi
+        
+        # Adding reject spam protection
+        if [ "$REJECT" = 'yes' ]; then
+            touch $HOMEDIR/$user/conf/mail/$domain/reject_spam
+        fi
 
         # Adding dkim
         if [ "$DKIM" = 'yes' ]; then
diff --git a/func/syshealth.sh b/func/syshealth.sh
@@ -83,7 +83,7 @@ function syshealth_update_mail_config_format() {
     # MAIL DOMAINS
     # Create array of known keys in configuration file
     system="mail"
-    known_keys="DOMAIN ANTIVIRUS ANTISPAM DKIM WEBMAIL SSL LETSENCRYPT CATCHALL ACCOUNTS RATE_LIMIT U_DISK SUSPENDED TIME DATE"
+    known_keys="DOMAIN ANTIVIRUS ANTISPAM DKIM WEBMAIL SSL LETSENCRYPT CATCHALL ACCOUNTS RATE_LIMIT REJECT U_DISK SUSPENDED TIME DATE"
     write_kv_config_file
     unset system
     unset known_keys
diff --git a/install/deb/exim/exim4.conf.4.94.template b/install/deb/exim/exim4.conf.4.94.template
@@ -6,6 +6,7 @@
 
 #SPAMASSASSIN = yes
 #SPAM_SCORE = 50
+#SPAM_REJECT_SCORE = 100
 #CLAMD = yes
 
 smtp_banner = $smtp_active_hostname
@@ -176,10 +177,12 @@ acl_check_rcpt:
 .endif
 
 .ifdef SPAMASSASSIN
-  warn    set acl_m1    = no
-
-  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
-          set acl_m1    = yes
+ warn    set acl_m1    = no
+         set acl_m3    = no
+ warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
+         set acl_m1    = yes
+ warn    condition     = ${if exists {/etc/exim4/domains/$domain/reject_spam}{yes}{no}}
+         set acl_m3    = yes
 .endif
 
   accept
@@ -193,20 +196,26 @@ acl_check_data:
 .endif
 
 .ifdef SPAMASSASSIN
-  warn   !authenticated = *
-         hosts          = !+relay_from_hosts
-         condition      = ${if < {$message_size}{1024K}}
-         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
-         spam           = debian-spamd:true/defer_ok
-         add_header     = X-Spam-Score: $spam_score_int
-         add_header     = X-Spam-Bar: $spam_bar
-         add_header     = X-Spam-Report: $spam_report
-         set acl_m2     = $spam_score_int
-
-  warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
-         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
-         add_header     = X-Spam-Status: Yes
-         message        = SpamAssassin detected spam (from $sender_address to $recipients).
+ warn   !authenticated = *
+        hosts          = !+relay_from_hosts
+        condition      = ${if < {$message_size}{1024K}}
+        condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
+        spam           = debian-spamd:true/defer_ok
+        add_header     = X-Spam-Score: $spam_score_int
+        add_header     = X-Spam-Bar: $spam_bar
+        add_header     = X-Spam-Report: $spam_report
+        set acl_m2     = $spam_score_int
+
+ warn   condition      = ${if !eq{$acl_m2}{} {yes}{no}}
+        condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
+        add_header     = X-Spam-Status: Yes
+        message        = SpamAssassin detected spam (from $sender_address to $recipients).
+ 
+  # Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled
+  deny   message        = This message scored $spam_score spam points
+         spam           = debian-spamd:true
+         condition      = ${if eq{$acl_m3}{yes}{yes}{no}}
+         condition      = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}}	
 .endif
 
   accept
diff --git a/install/deb/exim/exim4.conf.template b/install/deb/exim/exim4.conf.template
@@ -6,6 +6,7 @@
 
 #SPAMASSASSIN = yes
 #SPAM_SCORE = 50
+#SPAM_REJECT_SCORE = 100
 #CLAMD = yes
 
 smtp_banner = $smtp_active_hostname
@@ -81,6 +82,10 @@ SMTP_RELAY_PORT = ${lookup{port}lsearch{SMTP_RELAY_FILE}}
 SMTP_RELAY_USER = ${lookup{user}lsearch{SMTP_RELAY_FILE}}
 SMTP_RELAY_PASS = ${lookup{pass}lsearch{SMTP_RELAY_FILE}}
 
+# Custom Filter
+system_filter = /etc/exim4/system.filter
+system_filter_user = Debian-exim
+
 ######################################################################
 #                       ACL CONFIGURATION                            #
 #         Specifies access control lists for incoming SMTP mail      #
@@ -177,11 +182,14 @@ acl_check_rcpt:
 
 .ifdef SPAMASSASSIN
   warn    set acl_m1    = no
-
+          set acl_m3    = no
   warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
           set acl_m1    = yes
+  warn    condition     = ${if exists {/etc/exim4/domains/$domain/reject_spam}{yes}{no}}
+          set acl_m3    = yes
 .endif
 
+
   accept
 
 
@@ -207,8 +215,15 @@ acl_check_data:
          condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
          add_header     = X-Spam-Status: Yes
          message        = SpamAssassin detected spam (from $sender_address to $recipients).
+
+  # Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled
+  deny   message        = This message scored $spam_score spam points
+         spam           = debian-spamd:true
+         condition      = ${if eq{$acl_m3}{yes}{yes}{no}}
+         condition      = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}}	
 .endif
 
+
   accept
 
 
diff --git a/install/deb/exim/system.filter b/install/deb/exim/system.filter
@@ -0,0 +1,16 @@
+if $h_X-Spam-Status: contains "Yes"
+then
+    headers add "Old-Subject: $h_subject"
+    headers remove "Subject"
+    headers add "Subject: *** SPAM *** $h_old-subject"
+    headers remove "Old-Subject"
+endif
+
+# X-Anti-Virus: infected
+if $h_X-Anti-Virus: contains "infected"
+then
+    headers add "Old-Subject: $h_subject"
+    headers remove "Subject"
+    headers add "Subject: *** VIRUS *** $h_old-subject"
+    headers remove "Old-Subject"
+endif
diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh
@@ -1675,7 +1675,8 @@ if [ "$exim" = 'yes' ]; then
     fi
     cp -f $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim4/
     cp -f $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/
+    cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/
+    cp -f $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/
     touch /etc/exim4/white-blocks.conf
 
     if [ "$spamd" = 'yes' ]; then
diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -1699,7 +1699,8 @@ if [ "$exim" = 'yes' ]; then
     cp -f $HESTIA_INSTALL_DIR/exim/exim4.conf.template /etc/exim4/
     cp -f $HESTIA_INSTALL_DIR/exim/dnsbl.conf /etc/exim4/
     cp -f $HESTIA_INSTALL_DIR/exim/spam-blocks.conf /etc/exim4/
-	cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/
+    cp -f $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/
+    cp -f $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/
     touch /etc/exim4/white-blocks.conf
 
     if [ "$spamd" = 'yes' ]; then
diff --git a/install/upgrade/versions/1.6.0.sh b/install/upgrade/versions/1.6.0.sh
@@ -28,18 +28,23 @@ if [ "$MAIL_SYSTEM" = "exim4" ]; then
     sed -i '115,250 s/warn    ratelimit     = 100 \/ 1h \/ strict \/ $authenticated_id/warn    ratelimit     = ${eval:$acl_c_msg_limit \/ 2} \/ 1h \/ strict \/ $authenticated_id/g' /etc/exim4/exim4.conf.template
     # Add missing limit.conf file
     cp $HESTIA_INSTALL_DIR/exim/limit.conf /etc/exim4/limit.conf
+    cp $HESTIA_INSTALL_DIR/exim/system.filter /etc/exim4/system.filter
     
-    # Upgrading Mail System
-    if [ "$MAIL_SYSTEM" == "exim4" ]; then
-        if ! grep -q "send_via_unauthenticated_smtp_relay" /etc/exim4/exim4.conf.template; then
+    acl=$(cat /etc/exim4/exim4.conf.template | grep "set acl_m3")
+    if [ -z "$acl" ]; then
+        echo "[ * ] Add support for optional rejecting spam"
+        sed -i 's/ warn    set acl_m1    = no/ warn    set acl_m1    = no \n          set acl_m3    = no/g' /etc/exim4/exim4.conf.template
+        sed -i 's|                          set acl_m1    = yes|              set acl_m1    = yes \n  warn    condition     = \${if exists {/etc/exim4/domains/\$domain/reject_spam}{yes}{no}} \n         set acl_m3    = yes|g' /etc/exim4/exim4.conf.template
+        sed -i 's|         message        = SpamAssassin detected spam (from \$sender_address to \$recipients).|        message        = SpamAssassin detected spam (from $sender_address to $recipients).\n\n  # Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled\n  deny   message        = This message scored \$spam_score spam points\n          spam           = debian-spamd:true \n          condition      = \${if eq{\$acl_m3}{yes}{yes}{no}} \n          condition      = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}}	|g' /etc/exim4/exim4.conf.template
+    fi
     
-            echo '[ * ] Enabling SMTP relay support...'
-            # Add smtp relay router
-            insert='send_via_unauthenticated_smtp_relay:\n  driver = manualroute\n  address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT\n  domains = !+local_domains\n  require_files = SMTP_RELAY_FILE\n  condition = ${if eq{SMTP_RELAY_USER}{}}\n  transport = remote_smtp\n  route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}\n  no_more\n  no_verify\n'
+    if ! grep -q "send_via_unauthenticated_smtp_relay" /etc/exim4/exim4.conf.template; then
+       echo '[ * ] Enabling SMTP relay support...'
+       # Add smtp relay router
+       insert='send_via_unauthenticated_smtp_relay:\n  driver = manualroute\n  address_data = SMTP_RELAY_HOST:SMTP_RELAY_PORT\n  domains = !+local_domains\n  require_files = SMTP_RELAY_FILE\n  condition = ${if eq{SMTP_RELAY_USER}{}}\n  transport = remote_smtp\n  route_list = * ${extract{1}{:}{$address_data}}::${extract{2}{:}{$address_data}}\n  no_more\n  no_verify\n'
     
-            line=$(expr $(sed -n '/begin routers/=' /etc/exim4/exim4.conf.template) + 2)
-            sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
-        fi
+       line=$(expr $(sed -n '/begin routers/=' /etc/exim4/exim4.conf.template) + 2)
+       sed -i "${line}i $insert" /etc/exim4/exim4.conf.template
     fi
 fi
 
diff --git a/web/add/mail/index.php b/web/add/mail/index.php
diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php
diff --git a/web/templates/pages/add_mail.html b/web/templates/pages/add_mail.html
diff --git a/web/templates/pages/edit_mail.html b/web/templates/pages/edit_mail.html
