2
0
Эх сурвалжийг харах

Switch to Rspamds milter interface

andryyy 8 жил өмнө
parent
commit
a41cafac3e

+ 30 - 0
data/conf/rspamd/local.d/arc.conf

@@ -0,0 +1,30 @@
+# If false, messages with empty envelope from are not signed
+allow_envfrom_empty = false;
+# If true, envelope/header domain mismatch is ignored
+allow_hdrfrom_mismatch = false;
+# If true, multiple from headers are allowed (but only first is used)
+allow_hdrfrom_multiple = true;
+# If true, username does not need to contain matching domain
+allow_username_mismatch = true;
+# If false, messages from authenticated users are not selected for signing
+auth_only = true;
+# Default path to key, can include '$domain' and '$selector' variables
+path = "/data/dkim/keys/$domain.dkim";
+# Default selector to use
+selector = "dkim";
+# If false, messages from local networks are not selected for signing
+sign_local = true;
+# Symbol to add when message is signed
+symbol = "ARC_SIGNED";
+# Whether to fallback to global config
+try_fallback = true;
+# Domain to use for DKIM signing: can be "header" or "envelope"
+use_domain = "envelope";
+# Whether to normalise domains to eSLD
+use_esld = false;
+# Whether to get keys from Redis
+use_redis = true;
+# Hash for DKIM keys in Redis
+key_prefix = "DKIM_PRIV_KEYS";
+# Selector map
+selector_prefix = "DKIM_SELECTORS";

+ 39 - 0
data/conf/rspamd/local.d/milter_headers.conf

@@ -0,0 +1,39 @@
+use = ["spam-header", "x-spamd-result", "x-rspamd-queue-id", "authentication-results"];
+skip_local = false;
+skip_authenticated = false;
+routines {
+  spam-header {
+    header = "X-Spam-Flag";
+    value = "YES";
+    remove = 1;
+  }
+  authentication-results {
+    header = "Authentication-Results";
+    remove = 1;
+    spf_symbols {
+      pass = "R_SPF_ALLOW";
+      fail = "R_SPF_FAIL";
+      softfail = "R_SPF_SOFTFAIL";
+      neutral = "R_SPF_NEUTRAL";
+      temperror = "R_SPF_DNSFAIL";
+      none = "R_SPF_NA";
+      permerror = "R_SPF_PERMFAIL";
+    }
+    dkim_symbols {
+      pass = "R_DKIM_ALLOW";
+      fail = "R_DKIM_REJECT";
+      temperror = "R_DKIM_TEMPFAIL";
+      none = "R_DKIM_NA";
+      permerror = "R_DKIM_PERMFAIL";
+    }
+    dmarc_symbols {
+      pass = "DMARC_POLICY_ALLOW";
+      permerror = "DMARC_BAD_POLICY";
+      temperror = "DMARC_DNSFAIL";
+      none = "DMARC_NA";
+      reject = "DMARC_POLICY_REJECT";
+      softfail = "DMARC_POLICY_SOFTFAIL";
+      quarantine = "DMARC_POLICY_QUARANTINE";
+    }
+  }
+}

+ 7 - 0
data/conf/rspamd/local.d/mx_check.conf

@@ -0,0 +1,7 @@
+timeout = 1.0;
+symbol_bad_mx = "MX_INVALID";
+symbol_no_mx = "MX_MISSING";
+symbol_good_mx = "MX_GOOD";
+expire = 86400;
+key_prefix = "rmx";
+enabled = true;

+ 9 - 0
data/conf/rspamd/local.d/rspamd.conf.local

@@ -3,3 +3,12 @@ history_redis {}
 worker "log_helper" {
   count = 1;
 }
+worker "rspamd_proxy" {
+  bind_socket = "rspamd:9900";
+  milter = true;
+  upstream {
+    name = "localhost";
+    default = true;
+    hosts = "rspamd:11333"
+  }
+}

+ 2 - 2
data/conf/rspamd/lua/rspamd.local.lua

@@ -43,13 +43,13 @@ rspamd_config:register_symbol({
         rspamd_logger.infox("user wants subject modified for tagged mail")
         local sbj = task:get_header('Subject')
         new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
-        task:set_rmilter_reply({
+        task:set_milter_reply({
           remove_headers = {['Subject'] = 1},
           add_headers = {['Subject'] = new_sbj}
         })
       else
         rspamd_logger.infox("Add X-Moo-Tag header")
-        task:set_rmilter_reply({
+        task:set_milter_reply({
           add_headers = {['X-Moo-Tag'] = 'YES'}
         })
       end