From 2927cc47c74a4985fa70970ec64e7ec2e79d6f14 Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Mon, 21 Feb 2022 10:48:28 +0100
Subject: [PATCH] Add SpamAssassin KAM (#2418)

---
 Dockerfile                            |  6 +++++-
 docs/content/config/environment.md    | 16 ++++++++++++----
 mailserver.env                        | 10 +++++++++-
 target/scripts/start-mailserver.sh    |  1 +
 target/scripts/startup/setup-stack.sh | 17 +++++++++++++++++
 5 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index dfcf8145..2dc73f5f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -133,7 +133,11 @@ COPY \
 # hadolint ignore=SC2016
 RUN \
   sedfile -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin && \
-  sedfile -i -r 's/^\$INIT restart/supervisorctl restart amavis/g' /etc/spamassassin/sa-update-hooks.d/amavisd-new
+  sedfile -i -r 's/^\$INIT restart/supervisorctl restart amavis/g' \
+    /etc/spamassassin/sa-update-hooks.d/amavisd-new && \
+  mkdir -p /etc/spamassassin/kam/ && \
+  curl -sSfLo /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key \
+    https://mcgrail.com/downloads/kam.sa-channels.mcgrail.com.key
 
 # -----------------------------------------------
 # --- PostSRSD, Postgrey & Amavis ---------------
diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index 19c2502c..3091aa40 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -345,16 +345,24 @@ Finally the logrotate interval **may** affect the period for generated reports.
 
 ##### SPAMASSASSIN_SPAM_TO_INBOX
 
-- **1** => Spam messages will be delivered to the inbox and tagged as spam using `SA_SPAM_SUBJECT`.
 - 0 => Spam messages will be bounced (_rejected_) without any notification (_dangerous_).
+- **1** => Spam messages will be delivered to the inbox and tagged as spam using `SA_SPAM_SUBJECT`.
+
+##### ENABLE_SPAMASSASSIN_KAM
+
+[KAM](https://mcgrail.com/template/projects#KAM1) is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation. If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
+
+- **0** => KAM disabled
+- 1 => KAM enabled
 
 ##### MOVE_SPAM_TO_JUNK
 
-- **1** => Spam messages will be delivered in the `Junk` folder.
-- 0 => Spam messages will be delivered in the mailbox.
-
+Spam messages can be moved in the Junk folder.
 Note: this setting needs `SPAMASSASSIN_SPAM_TO_INBOX=1`
 
+- 0 => Spam messages will be delivered in the mailbox.
+- **1** => Spam messages will be delivered in the `Junk` folder.
+
 ##### SA_TAG
 
 - **2.0** => add spam info headers if at, or above that level
diff --git a/mailserver.env b/mailserver.env
index c1f2fd27..519330fe 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -260,7 +260,15 @@ ENABLE_SPAMASSASSIN=0
 # deliver spam messages in the inbox (eventually tagged using SA_SPAM_SUBJECT)
 SPAMASSASSIN_SPAM_TO_INBOX=1
 
-# spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required)
+# KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation.
+# If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
+# - **0** => KAM disabled
+# - 1 => KAM enabled
+#
+# Note: only has an effect if `ENABLE_SPAMASSASSIN=1`
+ENABLE_SPAMASSASSIN_KAM=0
+
+# this setting needs `SPAMASSASSIN_SPAM_TO_INBOX=1`
 MOVE_SPAM_TO_JUNK=1
 
 # add spam info headers if at, or above that level:
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index 4bb020b4..08f90202 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -34,6 +34,7 @@ VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
 VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
 VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
 VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
+VARS[ENABLE_SPAMASSASSIN_KAM]="${ENABLE_SPAMASSASSIN_KAM:=0}"
 VARS[ENABLE_SRS]="${ENABLE_SRS:=0}"
 VARS[ENABLE_UPDATE_CHECK]="${ENABLE_UPDATE_CHECK:=1}"
 VARS[FAIL2BAN_BLOCKTYPE]="${FAIL2BAN_BLOCKTYPE:=drop}"
diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh
index 814b4e65..b7c54c55 100644
--- a/target/scripts/startup/setup-stack.sh
+++ b/target/scripts/startup/setup-stack.sh
@@ -960,6 +960,23 @@ function _setup_security_stack
       sed -i "s|\$final_spam_destiny.*=.*$|\$final_spam_destiny = D_BOUNCE;|g" /etc/amavis/conf.d/49-docker-mailserver
       sed -i "s|\$final_bad_header_destiny.*=.*$|\$final_bad_header_destiny = D_BOUNCE;|g" /etc/amavis/conf.d/49-docker-mailserver
     fi
+
+    if [[ ${ENABLE_SPAMASSASSIN_KAM} -eq 1 ]]
+    then
+      _notify 'inf' 'Configuring Spamassassin KAM'
+      local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
+
+      sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key
+      cat >"${SPAMASSASSIN_KAM_CRON_FILE}" <<"EOM"
+#! /bin/bash
+
+sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com && \
+/etc/init.d/spamassassin reload
+
+EOM
+
+      chmod +x "${SPAMASSASSIN_KAM_CRON_FILE}"
+    fi
   fi
 
   # Clamav