Reimplemented option for custom dnsbls

data/Dockerfiles/postfix/postfix.sh

@@ -397,136 +397,40 @@ echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List..
 if [ -n "$SPAMHAUS_DQS_KEY" ]; then
   echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m"
   echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m"
-  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
-    # Autogenerated by mailcow
-    postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
-      hostkarma.junkemailfilter.com=127.0.0.1*-2
-      list.dnswl.org=127.0.[0..255].0*-2
-      list.dnswl.org=127.0.[0..255].1*-4
-      list.dnswl.org=127.0.[0..255].2*-6
-      list.dnswl.org=127.0.[0..255].3*-8
-      ix.dnsbl.manitu.net*2
-      bl.spamcop.net*2
-      bl.suomispam.net*2
-      hostkarma.junkemailfilter.com=127.0.0.2*3
-      hostkarma.junkemailfilter.com=127.0.0.4*2
-      hostkarma.junkemailfilter.com=127.0.1.2*1
-      backscatter.spameatingmonkey.net*2
-      bl.ipv6.spameatingmonkey.net*2
-      bl.spameatingmonkey.net*2
-      b.barracudacentral.org=127.0.0.2*7
-      bl.mailspike.net=127.0.0.2*5
-      bl.mailspike.net=127.0.0.[10;11;12]*4
-      dnsbl.sorbs.net=127.0.0.10*8
-      dnsbl.sorbs.net=127.0.0.5*6
-      dnsbl.sorbs.net=127.0.0.7*3
-      dnsbl.sorbs.net=127.0.0.8*2
-      dnsbl.sorbs.net=127.0.0.6*2
-      dnsbl.sorbs.net=127.0.0.9*2
-      ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6
-      ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.[10;11]*8
-      ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.3*4
-      ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.2*3
-      ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4
-      ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3
+  cat <<EOF > /tmp/spamhaus.cf
+# Autogenerated by mailcow, using Spamhaus DQS lists
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.[10;11]*8
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.3*4
+  ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.2*3
+  ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4
+  ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3
 EOF
 
 else
-  response=$(curl --connect-timeout 15 --retry 5 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
-  if [ "$response" -eq 403 ]; then
+  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+  if [ "$response" -eq 503 ]; then
   echo -e "\e[31mThe AS of your IP is listed as a banned AS from Spamhaus!\e[0m"
   echo -e "\e[33mNo SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!\e[0m"
-  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
-    # Autogenerated by mailcow
-    postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
-      hostkarma.junkemailfilter.com=127.0.0.1*-2
-      list.dnswl.org=127.0.[0..255].0*-2
-      list.dnswl.org=127.0.[0..255].1*-4
-      list.dnswl.org=127.0.[0..255].2*-6
-      list.dnswl.org=127.0.[0..255].3*-8
-      ix.dnsbl.manitu.net*2
-      bl.spamcop.net*2
-      bl.suomispam.net*2
-      hostkarma.junkemailfilter.com=127.0.0.2*3
-      hostkarma.junkemailfilter.com=127.0.0.4*2
-      hostkarma.junkemailfilter.com=127.0.1.2*1
-      backscatter.spameatingmonkey.net*2
-      bl.ipv6.spameatingmonkey.net*2
-      bl.spameatingmonkey.net*2
-      b.barracudacentral.org=127.0.0.2*7
-      bl.mailspike.net=127.0.0.2*5
-      bl.mailspike.net=127.0.0.[10;11;12]*4
-      dnsbl.sorbs.net=127.0.0.10*8
-      dnsbl.sorbs.net=127.0.0.5*6
-      dnsbl.sorbs.net=127.0.0.7*3
-      dnsbl.sorbs.net=127.0.0.8*2
-      dnsbl.sorbs.net=127.0.0.6*2
-      dnsbl.sorbs.net=127.0.0.9*2
+  cat <<EOF > /tmp/spamhaus.cf
+# Autogenerated by mailcow, using no Spamhaus DNSBL
 EOF
   elif [ "$response" -eq 200 ]; then
   echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m"
   echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m"
-  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
-    # Autogenerated by mailcow
-    postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
-      hostkarma.junkemailfilter.com=127.0.0.1*-2
-      list.dnswl.org=127.0.[0..255].0*-2
-      list.dnswl.org=127.0.[0..255].1*-4
-      list.dnswl.org=127.0.[0..255].2*-6
-      list.dnswl.org=127.0.[0..255].3*-8
-      ix.dnsbl.manitu.net*2
-      bl.spamcop.net*2
-      bl.suomispam.net*2
-      hostkarma.junkemailfilter.com=127.0.0.2*3
-      hostkarma.junkemailfilter.com=127.0.0.4*2
-      hostkarma.junkemailfilter.com=127.0.1.2*1
-      backscatter.spameatingmonkey.net*2
-      bl.ipv6.spameatingmonkey.net*2
-      bl.spameatingmonkey.net*2
-      b.barracudacentral.org=127.0.0.2*7
-      bl.mailspike.net=127.0.0.2*5
-      bl.mailspike.net=127.0.0.[10;11;12]*4
-      dnsbl.sorbs.net=127.0.0.10*8
-      dnsbl.sorbs.net=127.0.0.5*6
-      dnsbl.sorbs.net=127.0.0.7*3
-      dnsbl.sorbs.net=127.0.0.8*2
-      dnsbl.sorbs.net=127.0.0.6*2
-      dnsbl.sorbs.net=127.0.0.9*2
-      zen.spamhaus.org=127.0.0.[10;11]*8
-      zen.spamhaus.org=127.0.0.[4..7]*6
-      zen.spamhaus.org=127.0.0.3*4
-      zen.spamhaus.org=127.0.0.2*3
+  cat <<EOF > /tmp/spamhaus.cf
+# Autogenerated by mailcow, using public spamhaus lists
+  zen.spamhaus.org=127.0.0.[10;11]*8
+  zen.spamhaus.org=127.0.0.[4..7]*6
+  zen.spamhaus.org=127.0.0.3*4
+  zen.spamhaus.org=127.0.0.2*3
 EOF
 
   else
   echo -e "\e[31mWe couldn't determine your AS... (maybe DNS/Network issue?) Response Code: $response\e[0m"
   echo -e "\e[33mDeactivating Spamhaus DNS Blocklists to be on the safe site!\e[0m"
-  cat <<EOF > /opt/postfix/conf/dns_blocklists.cf
-    # Autogenerated by mailcow
-    postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
-      hostkarma.junkemailfilter.com=127.0.0.1*-2
-      list.dnswl.org=127.0.[0..255].0*-2
-      list.dnswl.org=127.0.[0..255].1*-4
-      list.dnswl.org=127.0.[0..255].2*-6
-      list.dnswl.org=127.0.[0..255].3*-8
-      ix.dnsbl.manitu.net*2
-      bl.spamcop.net*2
-      bl.suomispam.net*2
-      hostkarma.junkemailfilter.com=127.0.0.2*3
-      hostkarma.junkemailfilter.com=127.0.0.4*2
-      hostkarma.junkemailfilter.com=127.0.1.2*1
-      backscatter.spameatingmonkey.net*2
-      bl.ipv6.spameatingmonkey.net*2
-      bl.spameatingmonkey.net*2
-      b.barracudacentral.org=127.0.0.2*7
-      bl.mailspike.net=127.0.0.2*5
-      bl.mailspike.net=127.0.0.[10;11;12]*4
-      dnsbl.sorbs.net=127.0.0.10*8
-      dnsbl.sorbs.net=127.0.0.5*6
-      dnsbl.sorbs.net=127.0.0.7*3
-      dnsbl.sorbs.net=127.0.0.8*2
-      dnsbl.sorbs.net=127.0.0.6*2
-      dnsbl.sorbs.net=127.0.0.9*2
+  cat <<EOF > /tmp/spamhaus.cf
+# Autogenerated by mailcow, using no Spamhaus DNSBL
 EOF
   fi
 fi
@@ -541,6 +445,7 @@ cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf
 
 # Append postscreen dnsbl sites to main.cf
 cat /opt/postfix/conf/dns_blocklists.cf >> /opt/postfix/conf/main.cf
+cat /tmp/spamhaus.cf >> /opt/postfix/conf/main.cf
 
 if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then
   echo "Creating dummy custom_transport.pcre"

docker-compose.yml

@@ -297,7 +297,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.69
+      image: mailcow/postfix:1.70
       depends_on:
         - mysql-mailcow
       volumes: