浏览代码

[Rspamd] allow_hdrfrom_mismatch true, auth_only false (sieve)

andryyy 5 年之前
父节点
当前提交
03cbed5002
共有 2 个文件被更改,包括 18 次插入3 次删除
  1. 16 1
      data/Dockerfiles/rspamd/docker-entrypoint.sh
  2. 2 2
      data/conf/rspamd/local.d/dkim_signing.conf

+ 16 - 1
data/Dockerfiles/rspamd/docker-entrypoint.sh

@@ -27,7 +27,7 @@ until [[ ! -z ${DOVECOT_V4} ]]; do
   DOVECOT_V4=$(dig a dovecot +short)
   DOVECOT_V6=$(dig aaaa dovecot +short)
   [[ ! -z ${DOVECOT_V4} ]] && break;
-  echo "Waiting for Dovecot"
+  echo "Waiting for Dovecot..."
   sleep 3
 done
 echo ${DOVECOT_V4}/32 > /etc/rspamd/custom/dovecot_trusted.map
@@ -35,6 +35,20 @@ if [[ ! -z ${DOVECOT_V6} ]]; then
   echo ${DOVECOT_V6}/128 >> /etc/rspamd/custom/dovecot_trusted.map
 fi
 
+RSPAMD_V4=
+RSPAMD_V6=
+until [[ ! -z ${RSPAMD_V4} ]]; do
+  RSPAMD_V4=$(dig a rspamd +short)
+  RSPAMD_V6=$(dig aaaa rspamd +short)
+  [[ ! -z ${RSPAMD_V4} ]] && break;
+  echo "Waiting for Rspamd..."
+  sleep 3
+done
+echo ${RSPAMD_V4}/32 > /etc/rspamd/custom/rspamd_trusted.map
+if [[ ! -z ${RSPAMD_V6} ]]; then
+  echo ${RSPAMD_V6}/128 >> /etc/rspamd/custom/rspamd_trusted.map
+fi
+
 chown -R _rspamd:_rspamd /var/lib/rspamd \
   /etc/rspamd/local.d \
   /etc/rspamd/override.d \
@@ -53,6 +67,7 @@ touch /etc/rspamd/custom/global_mime_from_blacklist.map \
   /etc/rspamd/custom/bad_languages.map \
   /etc/rspamd/custom/sa-rules \
   /etc/rspamd/custom/dovecot_trusted.map \
+  /etc/rspamd/custom/rspamd_trusted.map \
   /etc/rspamd/custom/ip_wl.map \
   /etc/rspamd/custom/fishy_tlds.map \
   /etc/rspamd/custom/bad_words.map \

+ 2 - 2
data/conf/rspamd/local.d/dkim_signing.conf

@@ -1,13 +1,13 @@
 # If false, messages with empty envelope from are not signed
 allow_envfrom_empty = false;
 # If true, envelope/header domain mismatch is ignored
-allow_hdrfrom_mismatch = false;
+allow_hdrfrom_mismatch = true;
 # If true, multiple from headers are allowed (but only first is used)
 allow_hdrfrom_multiple = true;
 # If true, username does not need to contain matching domain
 allow_username_mismatch = true;
 # If false, messages from authenticated users are not selected for signing
-auth_only = true;
+auth_only = false;
 # Default path to key, can include '$domain' and '$selector' variables
 path = "/data/dkim/keys/$domain.dkim";
 # Default selector to use