wip

2021-06-16 21:51:04 +02:00 · 2021-06-16 21:51:04 +02:00 · 6ee63a708d
commit 6ee63a708d
parent 227a868319
12 changed files with 139 additions and 25 deletions
--- a/bundles/dovecot/files/dovecot.conf
+++ b/bundles/dovecot/files/dovecot.conf
@ -1,4 +1,4 @@
-protocols = imap lmtp
+protocols = imap lmtp sieve
 auth_mechanisms = plain login
 mail_privileged_group = mail
 ssl = required
@ -6,11 +6,12 @@ ssl_cert = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')
 ssl_key = </var/lib/dehydrated/certs/${node.metadata.get('mailserver/hostname')}/privkey.pem
 ssl_dh = </etc/dovecot/dhparam.pem
 ssl_client_ca_dir = /etc/ssl/certs
-
 mail_location = maildir:~/Maildir
+mail_plugins = fts fts_xapian
+
 namespace inbox {
  inbox = yes
-  separator = .
+  separator = /
  mailbox Drafts {
    auto = subscribe 
    special_use = \Drafts
@ -53,19 +54,42 @@ service lmtp {
  }
 }
 service stats {
-    unix_listener stats-reader {
-        user = vmail
-        group = vmail
-        mode = 0660
-    }
-    unix_listener stats-writer {
-        user = vmail
-        group = vmail
-        mode = 0660
-    }
+  unix_listener stats-reader {
+    user = vmail
+    group = vmail
+    mode = 0660
+  }
+  unix_listener stats-writer {
+    user = vmail
+    group = vmail
+    mode = 0660
+  }
+}
+service managesieve-login {
+  inet_listener sieve {
+  }
+  process_min_avail = 0
+  service_count = 1
+  vsz_limit = 64 M
+}
+service managesieve {
+  process_limit = 100
 }

-mail_plugins = fts fts_xapian
+protocol imap {
+   mail_plugins = $mail_plugins imap_sieve
+   mail_max_userip_connections = 50
+   imap_idle_notify_interval = 29 mins
+} 
+protocol lmtp {
+   mail_plugins = $mail_plugins sieve
+} 
+protocol sieve {
+  plugin {
+    sieve = /var/vmail/sieve/%u.sieve
+    sieve_storage = /var/vmail/sieve/%u/
+  }
+}

 # fulltext search
 plugin {
@ -86,3 +110,25 @@ service decode2text {
        mode = 0666
    }
 }
+
+# spam filter
+plugin {
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+  sieve_dir = /var/vmail/sieve/%u/
+  sieve = /var/vmail/sieve/%u.sieve
+  sieve_pipe_bin_dir = /var/vmail/sieve/
+  sieve_extensions = +vnd.dovecot.pipe 
+
+  sieve_before = /var/vmail/sieve/global/spam-global.sieve
+
+  # From elsewhere to Spam folder
+  imapsieve_mailbox1_name = Junk
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve
+
+  # From Spam folder to elsewhere
+  imapsieve_mailbox2_name = *
+  imapsieve_mailbox2_from = Junk
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve
+}
--- a/bundles/dovecot/files/learn-ham.sieve
+++ b/bundles/dovecot/files/learn-ham.sieve
@ -0,0 +1,7 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve", "variables"];
+
+if string "${mailbox}" "Trash" {
+  stop;
+}
+
+pipe :copy "rspamd-learn-ham.sh";
--- a/bundles/dovecot/files/learn-spam.sieve
+++ b/bundles/dovecot/files/learn-spam.sieve
@ -0,0 +1,3 @@
+require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+
+pipe :copy "rspamd-learn-spam.sh";
--- a/bundles/dovecot/files/spam-global.sieve
+++ b/bundles/dovecot/files/spam-global.sieve
@ -0,0 +1,6 @@
+require ["fileinto", "mailbox"];
+
+if header :contains "X-Spam" "Yes" {
+ fileinto :create "Junk";
+ stop;
+}
--- a/bundles/dovecot/items.py
+++ b/bundles/dovecot/items.py
@ -12,6 +12,13 @@ directories = {
    '/etc/dovecot': {
        'purge': True,
    },
+    '/etc/dovecot/conf.d': {
+        'purge': True,
+        'needs': [
+            'pkg_apt:dovecot-sieve',
+            'pkg_apt:dovecot-managesieved',
+        ]
+    },
    '/etc/dovecot/ssl': {},
    '/var/vmail': {
        'owner': 'vmail',
@ -45,6 +52,28 @@ files = {
    '/etc/dovecot/dhparam.pem': {
        'content_type': 'any',
    },
+    '/etc/dovecot/dovecot-sql.conf': {
+        'content_type': 'mako',
+        'context': node.metadata.get('mailserver/database'),
+        'needs': {
+            'pkg_apt:'
+        },
+        'triggers': {
+            'svc_systemd:dovecot:restart',
+        },
+    },
+    '/var/mail/vmail/sieve/global/learn-ham.sieve': {
+        'owner': 'nobody',
+        'group': 'nogroup',
+    },
+    '/var/mail/vmail/sieve/global/learn-spam.sieve': {
+        'owner': 'nobody',
+        'group': 'nogroup',
+    },
+    '/var/mail/vmail/sieve/global/spam-global.sieve': {
+        'owner': 'nobody',
+        'group': 'nogroup',
+    },
 }

 actions = {
--- a/bundles/dovecot/metadata.py
+++ b/bundles/dovecot/metadata.py
@ -1,15 +1,16 @@
 defaults = {
    'apt': {
        'packages': {
-            'dovecot-imapd':      {},
-            'dovecot-pgsql':      {},
-            'dovecot-lmtpd':      {},
-#            'dovecot-sieve': {},
-#            'dovecot-managesieved': {},
+            'dovecot-imapd':        {},
+            'dovecot-pgsql':        {},
+            'dovecot-lmtpd':        {},
+            # spam filtering
+            'dovecot-sieve':        {},
+            'dovecot-managesieved': {},
            # fulltext search
-            'dovecot-fts-xapian': {}, # buster-backports
-            'poppler-utils':      {}, # pdftotext
-            'catdoc':             {}, # catdoc, catppt, xls2csv
+            'dovecot-fts-xapian':   {}, # buster-backports
+            'poppler-utils':        {}, # pdftotext
+            'catdoc':               {}, # catdoc, catppt, xls2csv
        },
    },
    'letsencrypt': {
--- a/bundles/mailserver/items.py
+++ b/bundles/mailserver/items.py
@ -3,6 +3,8 @@ assert node.has_bundle('opendkim')
 assert node.has_bundle('dovecot')
 assert node.has_bundle('letsencrypt')
 assert node.has_bundle('roundcube')
+assert node.has_bundle('rspamd')
+assert node.has_bundle('redis')

 from hashlib import md5
 from shlex import quote
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@ -42,8 +42,12 @@ mua_client_restrictions = permit_sasl_authenticated, reject
 mua_sender_restrictions = permit_sasl_authenticated, reject
 mua_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname, reject_invalid_hostname, permit

+smtpd_milters = inet:localhost:8891 inet:127.0.0.1:11332
+non_smtpd_milters = inet:localhost:8891 inet:127.0.0.1:11332
+
 # opendkim
-milter_protocol = 2
+milter_protocol = 6
 milter_default_action = accept
-smtpd_milters = inet:localhost:8891
-non_smtpd_milters = inet:localhost:8891
+
+# rspamd
+milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_authen}"
--- a/bundles/redis/metadata.py
+++ b/bundles/redis/metadata.py
@ -0,0 +1,7 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'redis-server': {},
+        },
+    },
+} 
--- a/bundles/rspamd/items.py
+++ b/bundles/rspamd/items.py
--- a/bundles/rspamd/metadata.py
+++ b/bundles/rspamd/metadata.py
@ -0,0 +1,7 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'rspamd': {},
+        },
+    },
+} 
--- a/groups/applications/mailserver.py
+++ b/groups/applications/mailserver.py
@ -7,6 +7,8 @@
        'php',
        'postfix',
        'postgresql',
+        'redis',
        'roundcube',
+        'rspamd',
    ],
 }