Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Tree: b8888521f1
Branches Tags
mailcow-dockeri...
/
data
/
Dockerfiles
/
bootstrap
/
modules
/
BootstrapRspamd.py

BootstrapRspamd.py 4.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. from jinja2 import Environment, FileSystemLoader
    2. 

  2. from modules.BootstrapBase import BootstrapBase
    3. 

  3. from pathlib import Path
    4. 

  4. import os
    5. 

  5. import sys
    6. 

  6. import time
    7. 

  7. import platform
    8. 

  8. 

  9. class Bootstrap(BootstrapBase):
    10. 

  10.   def bootstrap(self):
    11. 

  11.     # Connect to MySQL
    12. 

  12.     self.connect_mysql()
    13. 

  13. 

  14.     # Connect to MySQL
    15. 

  15.     self.connect_redis()
    16. 

  16. 

  17.     # get dovecot ips
    18. 

  18.     dovecot_v4 = []
    19. 

  19.     dovecot_v6 = []
    20. 

  20.     while not dovecot_v4 and not dovecot_v6:
    21. 

  21.       try:
    22. 

  22.         dovecot_v4 = self.resolve_docker_dns_record("dovecot-mailcow", "A")
    23. 

  23.         dovecot_v6 = self.resolve_docker_dns_record("dovecot-mailcow", "AAAA")
    24. 

  24.       except Exception as e:
    25. 

  25.         print(e)
    26. 

  26.       if not dovecot_v4 and not dovecot_v6:
    27. 

  27.         print("Waiting for Dovecot IPs...")
    28. 

  28.         time.sleep(3)
    29. 

  29. 

  30.     # get rspamd ips
    31. 

  31.     rspamd_v4 = []
    32. 

  32.     rspamd_v6 = []
    33. 

  33.     while not rspamd_v4 and not rspamd_v6:
    34. 

  34.       try:
    35. 

  35.         rspamd_v4 = self.resolve_docker_dns_record("rspamd-mailcow", "A")
    36. 

  36.         rspamd_v6 = self.resolve_docker_dns_record("rspamd-mailcow", "AAAA")
    37. 

  37.       except Exception:
    38. 

  38.         print(e)
    39. 

  39.       if not rspamd_v4 and not rspamd_v6:
    40. 

  40.         print("Waiting for Rspamd IPs...")
    41. 

  41.         time.sleep(3)
    42. 

  42. 

  43.     # wait for Services
    44. 

  44.     services = [
    45. 

  45.       ["php-fpm-mailcow", 9001],
    46. 

  46.       ["php-fpm-mailcow", 9002]
    47. 

  47.     ]
    48. 

  48.     for service in services:
    49. 

  49.       while not self.is_port_open(service[0], service[1]):
    50. 

  50.         print(f"Waiting for {service[0]} on port {service[1]}...")
    51. 

  51.         time.sleep(1)
    52. 

  52.       print(f"Service {service[0]} on port {service[1]} is ready!")
    53. 

  53. 

  54.     for dir_path in ["/etc/rspamd/plugins.d", "/etc/rspamd/custom"]:
    55. 

  55.       Path(dir_path).mkdir(parents=True, exist_ok=True)
    56. 

  56.     for file_path in ["/etc/rspamd/rspamd.conf.local", "/etc/rspamd/rspamd.conf.override"]:
    57. 

  57.       Path(file_path).touch(exist_ok=True)
    58. 

  58.     self.set_permissions("/var/lib/rspamd", 0o755)
    59. 

  59. 

  60. 

  61.     # Setup Jinja2 Environment and load vars
    62. 

  62.     self.env = Environment(
    63. 

  63.       loader=FileSystemLoader('./etc/rspamd/config_templates'),
    64. 

  64.       keep_trailing_newline=True,
    65. 

  65.       lstrip_blocks=True,
    66. 

  66.       trim_blocks=True
    67. 

  67.     )
    68. 

  68.     extra_vars = {
    69. 

  69.       "DOVECOT_V4": dovecot_v4[0],
    70. 

  70.       "DOVECOT_V6": dovecot_v6[0],
    71. 

  71.       "RSPAMD_V4": rspamd_v4[0],
    72. 

  72.       "RSPAMD_V6": rspamd_v6[0],
    73. 

  73.     }
    74. 

  74.     self.env_vars = self.prepare_template_vars('/overwrites.json', extra_vars)
    75. 

  75. 

  76.     print("Set Timezone")
    77. 

  77.     self.set_timezone()
    78. 

  78. 

  79.     print("Render config")
    80. 

  80.     self.render_config("mailcow_networks.map.j2", "/etc/rspamd/custom/mailcow_networks.map")
    81. 

  81.     self.render_config("dovecot_trusted.map.j2", "/etc/rspamd/custom/dovecot_trusted.map")
    82. 

  82.     self.render_config("rspamd_trusted.map.j2", "/etc/rspamd/custom/rspamd_trusted.map")
    83. 

  83.     self.render_config("external_services.conf.j2", "/etc/rspamd/local.d/external_services.conf")
    84. 

  84.     self.render_config("redis.conf.j2", "/etc/rspamd/local.d/redis.conf")
    85. 

  85.     self.render_config("dqs-rbl.conf.j2", "/etc/rspamd/custom/dqs-rbl.conf")
    86. 

  86.     self.render_config("worker-controller-password.inc.j2", "/etc/rspamd/override.d/worker-controller-password.inc")
    87. 

  87. 

  88.     # Fix missing default global maps, if any
    89. 

  89.     # These exists in mailcow UI and should not be removed
    90. 

  90.     files = [
    91. 

  91.       "/etc/rspamd/custom/global_mime_from_blacklist.map",
    92. 

  92.       "/etc/rspamd/custom/global_rcpt_blacklist.map",
    93. 

  93.       "/etc/rspamd/custom/global_smtp_from_blacklist.map",
    94. 

  94.       "/etc/rspamd/custom/global_mime_from_whitelist.map",
    95. 

  95.       "/etc/rspamd/custom/global_rcpt_whitelist.map",
    96. 

  96.       "/etc/rspamd/custom/global_smtp_from_whitelist.map",
    97. 

  97.       "/etc/rspamd/custom/bad_languages.map",
    98. 

  98.       "/etc/rspamd/custom/sa-rules",
    99. 

  99.       "/etc/rspamd/custom/dovecot_trusted.map",
    100. 

  100.       "/etc/rspamd/custom/rspamd_trusted.map",
    101. 

  101.       "/etc/rspamd/custom/mailcow_networks.map",
    102. 

  102.       "/etc/rspamd/custom/ip_wl.map",
    103. 

  103.       "/etc/rspamd/custom/fishy_tlds.map",
    104. 

  104.       "/etc/rspamd/custom/bad_words.map",
    105. 

  105.       "/etc/rspamd/custom/bad_asn.map",
    106. 

  106.       "/etc/rspamd/custom/bad_words_de.map",
    107. 

  107.       "/etc/rspamd/custom/bulk_header.map",
    108. 

  108.       "/etc/rspamd/custom/bad_header.map"
    109. 

  109.     ]
    110. 

  110.     for file in files:
    111. 

  111.       path = Path(file)
    112. 

  112.       path.parent.mkdir(parents=True, exist_ok=True)
    113. 

  113.       path.touch(exist_ok=True)
    114. 

  114. 

  115.     # Fix permissions
    116. 

  116.     paths_rspamd = [
    117. 

  117.       "/var/lib/rspamd",
    118. 

  118.       "/etc/rspamd/local.d",
    119. 

  119.       "/etc/rspamd/override.d",
    120. 

  120.       "/etc/rspamd/rspamd.conf.local",
    121. 

  121.       "/etc/rspamd/rspamd.conf.override",
    122. 

  122.       "/etc/rspamd/plugins.d"
    123. 

  123.     ]
    124. 

  124.     for path in paths_rspamd:
    125. 

  125.       self.set_owner(path, "_rspamd", "_rspamd", recursive=True)
    126. 

  126.     self.set_owner("/etc/rspamd/custom", "_rspamd", "_rspamd")
    127. 

  127.     self.set_permissions("/etc/rspamd/custom", 0o755)
    128. 

  128. 

  129.     custom_path = Path("/etc/rspamd/custom")
    130. 

  130.     for child in custom_path.iterdir():
    131. 

  131.       if child.is_file():
    132. 

  132.         self.set_owner(child, 82, 82)
    133. 

  133.         self.set_permissions(child, 0o644)
    134. 

  134. 

  135.     # Provide additional lua modules
    136. 

  136.     arch = platform.machine()
    137. 

  137.     self.run_command(["ln", "-s", f"/usr/lib/{arch}-linux-gnu/liblua5.1-cjson.so.0.0.0", "/usr/lib/rspamd/cjson.so"], check=False)
    138.