8 жил өмнө · 34aba178ac
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -9,8 +9,8 @@ RUN dpkg-divert --local --rename --add /sbin/initctl \
 
				     && dpkg-divert --local --rename --add /usr/bin/ischroot \
			
 
				     && ln -sf /bin/true /usr/bin/ischroot
			
 
				 
			
 
				-RUN apt-key adv --fetch-keys http://rspamd.com/apt/gpg.key \
			
 
				-    && echo "deb http://rspamd.com/apt/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
			
 
				+RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
			
 
				+    && echo "deb http://rspamd.com/apt-stable/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
			
 
				     && apt-get update \
			
 
				     && apt-get -y install rspamd ca-certificates python-pip
			
 
				 
			
--- a/data/conf/rspamd/local.d/dkim.conf
+++ b/data/conf/rspamd/local.d/dkim.conf
@@ -0,0 +1,34 @@
 
				+sign_condition =<<EOD
			
 
				+return function(task)
			
 
				+  local smtp_from = task:get_from('smtp')
			
 
				+  local mime_from = task:get_from('mime')
			
 
				+  local rspamd_logger = require "rspamd_logger"
			
 
				+  if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
			
 
				+    domain = smtp_from[1]['domain']
			
 
				+    rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
			
 
				+    if not task:get_user() then
			
 
				+      rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
			
 
				+      return false
			
 
				+    end
			
 
				+  elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
			
 
				+    domain = mime_from[1]['domain']
			
 
				+    rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
			
 
				+  else
			
 
				+    rspamd_logger.infox(task, "cannot determine domain for dkim signing")
			
 
				+    return false
			
 
				+  end
			
 
				+  local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
			
 
				+  if keyfile then
			
 
				+    rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
			
 
				+    keyfile:close()
			
 
				+    return {
			
 
				+      key = "/data/dkim/keys/" .. domain .. ".dkim",
			
 
				+      domain = domain,
			
 
				+      selector = "dkim"
			
 
				+    }
			
 
				+  else
			
 
				+    rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
			
 
				+  end
			
 
				+  return false
			
 
				+end
			
 
				+EOD;
			
--- a/data/conf/rspamd/local.d/dkim_signing.conf
+++ b/data/conf/rspamd/local.d/dkim_signing.conf
@@ -1,38 +0,0 @@
 
				-# If false, messages with empty envelope from are not signed
			
 
				-allow_envfrom_empty = true;
			
 
				-# If true, envelope/header domain mismatch is ignored
			
 
				-allow_hdrfrom_mismatch = false;
			
 
				-# If true, multiple from headers are allowed (but only first is used)
			
 
				-allow_hdrfrom_multiple = false;
			
 
				-# If true, username does not need to contain matching domain
			
 
				-allow_username_mismatch = false;
			
 
				-# If false, messages from authenticated users are not selected for signing
			
 
				-auth_only = true;
			
 
				-# Default path to key, can include '$domain' and '$selector' variables
			
 
				-path = "/data/dkim/keys/$domain.$selector";
			
 
				-# Default selector to use
			
 
				-selector = "dkim";
			
 
				-# If false, messages from local networks are not selected for signing
			
 
				-sign_local = true;
			
 
				-# Symbol to add when message is signed
			
 
				-symbol = "DKIM_SIGNED";
			
 
				-# Whether to fallback to global config
			
 
				-try_fallback = true;
			
 
				-# Domain to use for DKIM signing: can be "header" or "envelope"
			
 
				-use_domain = "header";
			
 
				-# Whether to normalise domains to eSLD
			
 
				-use_esld = true;
			
 
				-# Whether to get keys from Redis
			
 
				-use_redis = false;
			
 
				-# Hash for DKIM keys in Redis
			
 
				-hash_key = "DKIM_KEYS";
			
 
				-
			
 
				-# Domain specific settings
			
 
				-#domain {
			
 
				-#  example.com {
			
 
				-#    # Private key path
			
 
				-#    path = "/var/lib/rspamd/dkim/example.key";
			
 
				-#    # Selector
			
 
				-#    selector = "ds";
			
 
				-#  }
			
 
				-#}
			
--- a/docs/u_and_e.md
+++ b/docs/u_and_e.md
@@ -15,6 +15,25 @@ mailcow UI configuration parameters can be to...
 
				 
			
 
				 \* To change SOGos default language, you will need to edit `data/conf/sogo/sogo.conf` and replace "English" by your preferred language.
			
 
				 
			
 
				+## Anonymize headers
			
 
				+
			
 
				+Save as `data/conf/postfix/mailcow_anonymize_headers.pcre`:
			
 
				+
			
 
				+```
			
 
				+/^\s*Received:[^\)]+\)\s+\(Authenticated sender:(.+)/
			
 
				+	REPLACE Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:$1
			
 
				+/^\s*User-Agent/        IGNORE
			
 
				+/^\s*X-Enigmail/        IGNORE
			
 
				+/^\s*X-Mailer/          IGNORE
			
 
				+/^\s*X-Originating-IP/  IGNORE
			
 
				+/^\s*X-Forward/         IGNORE
			
 
				+```
			
 
				+
			
 
				+Add this to `data/conf/postfix/main.cf`:
			
 
				+```
			
 
				+smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre
			
 
				+```
			
 
				+
			
 
				 ## Backup and restore maildir (simple tar file)
			
 
				 
			
 
				 ### Backup