feat(filter): add option to override rspamd dns servers #273

jeboehm · Jan 30, 2024 · 3ceb981 · 3ceb981
1 parent 712ed7a
commit 3ceb981
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 11 deletions.
diff --git a/.env.dist b/.env.dist
@@ -1,17 +1,42 @@
+# Database credentials
 MYSQL_DATABASE=mailserver
-MYSQL_USER=mailserver
 MYSQL_PASSWORD=changeme
 MYSQL_ROOT_PASSWORD=changeme
+MYSQL_USER=mailserver
+
+# Mailserver administrative identity
 MAILNAME=mail.example.com
 [email protected]
+
+# Relay mails to another SMTP server
+# https://github.com/jeboehm/docker-mailserver/wiki/Howto:-Use-External-Mail-Relay-For-Sending-Mails
 RELAYHOST=false
+
+# Block suspicious attachments by type (bat, com, exe, dll, vbs, docm, doc, dzip)
 FILTER_MIME=false
-FILTER_VIRUS=true
+
+# Enable IMAP, POP3 and ClamAV integration
+# https://github.com/jeboehm/docker-mailserver/wiki/Info:-Mail-Filtering
+
 ENABLE_IMAP=true
 ENABLE_POP3=true
+FILTER_VIRUS=true
+
+# Enable Dovecot's indexed full-text search
 ENABLE_FTS=true
+FTS_ARGS="partial=3 full=20 verbose=0 lowmemory=256"
+FTS_VSZ_LIMIT=256M
+
+# Password to access the rspamd web-interface
 CONTROLLER_PASSWORD=changeme2
+
+# How long to wait for services to start
 WAITSTART_TIMEOUT=2m
+
+# Configure local address extension
+# https://github.com/jeboehm/docker-mailserver/wiki/Feature:-Local-Address-Extension
 RECIPIENT_DELIMITER=-
-FTS_ARGS="partial=3 full=20 verbose=0 lowmemory=256"
-FTS_VSZ_LIMIT=256M
+
+# Configure DNS resolvers used by rspamd
+# Vodafone DE
+DNS_RESOLVERS=80.69.96.12,81.210.129.4
diff --git a/filter/Dockerfile b/filter/Dockerfile
@@ -9,7 +9,9 @@ ENV FILTER_VIRUS=false \
     FILTER_VIRUS_HOST=virus.local \
     REDIS_HOST=redis \
     WAITSTART_TIMEOUT=1m \
-    CONTROLLER_PASSWORD=changeme
+    CONTROLLER_PASSWORD=changeme \
+    # Vodafone DE DNS resolvers
+    DNS_RESOLVERS=80.69.96.12,81.210.129.4
 
 RUN apk --no-cache add \
       openssl \
@@ -21,13 +23,15 @@ RUN apk --no-cache add \
     touch \
       /etc/rspamd/local.d/antivirus.conf \
       /etc/rspamd/local.d/classifier-bayes.conf \
+      /etc/rspamd/local.d/options.inc \
       /etc/rspamd/override.d/redis.conf \
       /etc/rspamd/local.d/worker-controller.inc && \
     chown -R rspamd \
       /run/rspamd \
       /var/lib/rspamd \
       /etc/rspamd/local.d/antivirus.conf \
       /etc/rspamd/local.d/classifier-bayes.conf \
+      /etc/rspamd/local.d/options.inc \
       /etc/rspamd/override.d/redis.conf \
       /etc/rspamd/local.d/worker-controller.inc && \
     apk --no-cache del \

diff --git a/filter/rootfs/etc/rspamd/local.d/options.inc b/filter/rootfs/etc/rspamd/local.d/options.inc
diff --git a/filter/rootfs/etc/rspamd/local.d/options.inc.templ b/filter/rootfs/etc/rspamd/local.d/options.inc.templ
@@ -0,0 +1,8 @@
+{{ $dnsservers := split .Env.DNS_RESOLVERS "," }}
+
+dns {
+    timeout = 1s;
+    sockets = 16;
+    retransmits = 5;
+    nameserver = [{{- range $index, $element := $dnsservers }}{{ if $index }},{{ end }}"{{ $element }}"{{- end }}];
+}
diff --git a/filter/rootfs/usr/local/bin/entrypoint.sh b/filter/rootfs/usr/local/bin/entrypoint.sh
@@ -19,6 +19,7 @@ export CONTROLLER_PASSWORD_ENC
 # shellcheck disable=SC2086
 dockerize \
   -template /etc/rspamd/local.d/antivirus.conf.templ:/etc/rspamd/local.d/antivirus.conf \
+  -template /etc/rspamd/local.d/options.inc.templ:/etc/rspamd/local.d/options.inc \
   -template /etc/rspamd/local.d/worker-controller.inc.templ:/etc/rspamd/local.d/worker-controller.inc \
   -template /etc/rspamd/override.d/redis.conf.templ:/etc/rspamd/override.d/redis.conf \
   -template /etc/rspamd/local.d/classifier-bayes.conf.templ:/etc/rspamd/local.d/classifier-bayes.conf \