From 7f8b687fceeeef08f44f4b2a782c6474f112e6d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jeffrey=20Bo=CC=88hm?= Date: Tue, 30 Jan 2024 12:03:28 +0100 Subject: [PATCH] feat(filter): add option to override rspamd dns servers #273 --- .env.dist | 33 ++++++++++++++++--- filter/Dockerfile | 6 +++- filter/rootfs/etc/rspamd/local.d/options.inc | 6 ---- .../etc/rspamd/local.d/options.inc.templ | 8 +++++ filter/rootfs/usr/local/bin/entrypoint.sh | 1 + 5 files changed, 43 insertions(+), 11 deletions(-) delete mode 100644 filter/rootfs/etc/rspamd/local.d/options.inc create mode 100644 filter/rootfs/etc/rspamd/local.d/options.inc.templ diff --git a/.env.dist b/.env.dist index 951935f..aa07395 100644 --- a/.env.dist +++ b/.env.dist @@ -1,17 +1,42 @@ +# Database credentials MYSQL_DATABASE=mailserver -MYSQL_USER=mailserver MYSQL_PASSWORD=changeme MYSQL_ROOT_PASSWORD=changeme +MYSQL_USER=mailserver + +# Mailserver administrative identity MAILNAME=mail.example.com POSTMASTER=postmaster@example.com + +# Relay mails to another SMTP server +# https://github.com/jeboehm/docker-mailserver/wiki/Howto:-Use-External-Mail-Relay-For-Sending-Mails RELAYHOST=false + +# Block suspicious attachments by type (bat, com, exe, dll, vbs, docm, doc, dzip) FILTER_MIME=false -FILTER_VIRUS=true + +# Enable IMAP, POP3 and ClamAV integration +# https://github.com/jeboehm/docker-mailserver/wiki/Info:-Mail-Filtering + ENABLE_IMAP=true ENABLE_POP3=true +FILTER_VIRUS=true + +# Enable Dovecot's indexed full-text search ENABLE_FTS=true +FTS_ARGS="partial=3 full=20 verbose=0 lowmemory=256" +FTS_VSZ_LIMIT=256M + +# Password to access the rspamd web-interface CONTROLLER_PASSWORD=changeme2 + +# How long to wait for services to start WAITSTART_TIMEOUT=2m + +# Configure local address extension +# https://github.com/jeboehm/docker-mailserver/wiki/Feature:-Local-Address-Extension RECIPIENT_DELIMITER=- -FTS_ARGS="partial=3 full=20 verbose=0 lowmemory=256" -FTS_VSZ_LIMIT=256M + +# Configure DNS resolvers used by rspamd +# Vodafone DE +DNS_RESOLVERS=80.69.96.12,81.210.129.4 diff --git a/filter/Dockerfile b/filter/Dockerfile index d99478f..dff444f 100644 --- a/filter/Dockerfile +++ b/filter/Dockerfile @@ -9,7 +9,9 @@ ENV FILTER_VIRUS=false \ FILTER_VIRUS_HOST=virus.local \ REDIS_HOST=redis \ WAITSTART_TIMEOUT=1m \ - CONTROLLER_PASSWORD=changeme + CONTROLLER_PASSWORD=changeme \ + # OpenDNS resolvers + DNS_RESOLVERS=208.67.222.222,208.67.220.220 RUN apk --no-cache add \ openssl \ @@ -21,6 +23,7 @@ RUN apk --no-cache add \ touch \ /etc/rspamd/local.d/antivirus.conf \ /etc/rspamd/local.d/classifier-bayes.conf \ + /etc/rspamd/local.d/options.inc \ /etc/rspamd/override.d/redis.conf \ /etc/rspamd/local.d/worker-controller.inc && \ chown -R rspamd \ @@ -28,6 +31,7 @@ RUN apk --no-cache add \ /var/lib/rspamd \ /etc/rspamd/local.d/antivirus.conf \ /etc/rspamd/local.d/classifier-bayes.conf \ + /etc/rspamd/local.d/options.inc \ /etc/rspamd/override.d/redis.conf \ /etc/rspamd/local.d/worker-controller.inc && \ apk --no-cache del \ diff --git a/filter/rootfs/etc/rspamd/local.d/options.inc b/filter/rootfs/etc/rspamd/local.d/options.inc deleted file mode 100644 index e79b45a..0000000 --- a/filter/rootfs/etc/rspamd/local.d/options.inc +++ /dev/null @@ -1,6 +0,0 @@ -dns { - timeout = 1s; - sockets = 16; - retransmits = 5; -} - diff --git a/filter/rootfs/etc/rspamd/local.d/options.inc.templ b/filter/rootfs/etc/rspamd/local.d/options.inc.templ new file mode 100644 index 0000000..1a3cdf2 --- /dev/null +++ b/filter/rootfs/etc/rspamd/local.d/options.inc.templ @@ -0,0 +1,8 @@ +{{ $dnsservers := split .Env.DNS_RESOLVERS "," }} + +dns { + timeout = 1s; + sockets = 16; + retransmits = 5; + nameserver = [{{- range $index, $element := $dnsservers }}{{ if $index }},{{ end }}"{{ $element }}"{{- end }}]; +} diff --git a/filter/rootfs/usr/local/bin/entrypoint.sh b/filter/rootfs/usr/local/bin/entrypoint.sh index e50dfbe..113334c 100755 --- a/filter/rootfs/usr/local/bin/entrypoint.sh +++ b/filter/rootfs/usr/local/bin/entrypoint.sh @@ -19,6 +19,7 @@ export CONTROLLER_PASSWORD_ENC # shellcheck disable=SC2086 dockerize \ -template /etc/rspamd/local.d/antivirus.conf.templ:/etc/rspamd/local.d/antivirus.conf \ + -template /etc/rspamd/local.d/options.inc.templ:/etc/rspamd/local.d/options.inc \ -template /etc/rspamd/local.d/worker-controller.inc.templ:/etc/rspamd/local.d/worker-controller.inc \ -template /etc/rspamd/override.d/redis.conf.templ:/etc/rspamd/override.d/redis.conf \ -template /etc/rspamd/local.d/classifier-bayes.conf.templ:/etc/rspamd/local.d/classifier-bayes.conf \