use Sieve for Rspamd and SA/Amavis
As mentioned by @polarathene, the previous changes included a mixture of Dovecot Sieve (for Rspamd) and a native implementation for SA/Amavis. Now, we handle everything through Sieve. This is really a breaking change.
This commit is contained in:
parent
8d58e1565f
commit
8ea0ae2ff0
|
@ -49,6 +49,7 @@ function _register_functions() {
|
|||
_register_setup_function '_setup_dovecot_sieve'
|
||||
_register_setup_function '_setup_dovecot_dhparam'
|
||||
_register_setup_function '_setup_dovecot_quota'
|
||||
_register_setup_function '_setup_spam_subject'
|
||||
_register_setup_function '_setup_spam_to_junk'
|
||||
_register_setup_function '_setup_spam_mark_as_read'
|
||||
fi
|
||||
|
|
|
@ -81,13 +81,9 @@ function __setup__security__spamassassin() {
|
|||
# shellcheck disable=SC2016
|
||||
sed -i -r 's|^\$sa_kill_level_deflt (.*);|\$sa_kill_level_deflt = '"${SA_KILL}"';|g' /etc/amavis/conf.d/20-debian_defaults
|
||||
|
||||
if [[ -z ${SPAM_SUBJECT} ]]; then
|
||||
# shellcheck disable=SC2016
|
||||
sed -i -r 's|^\$sa_spam_subject_tag (.*);|\$sa_spam_subject_tag = undef;|g' /etc/amavis/conf.d/20-debian_defaults
|
||||
else
|
||||
# shellcheck disable=SC2016
|
||||
sed -i -r 's|^\$sa_spam_subject_tag (.*);|\$sa_spam_subject_tag = '"'${SPAM_SUBJECT}'"';|g' /etc/amavis/conf.d/20-debian_defaults
|
||||
fi
|
||||
# disable rewriting the subject as this is handles by _setup_spam_subject (which uses Dovecot Sieve)
|
||||
# shellcheck disable=SC2016
|
||||
sed -i -r 's|^\$sa_spam_subject_tag (.*);|\$sa_spam_subject_tag = undef;|g' /etc/amavis/conf.d/20-debian_defaults
|
||||
|
||||
# activate short circuits when SA BAYES is certain it has spam or ham.
|
||||
if [[ ${SA_SHORTCIRCUIT_BAYES_SPAM} -eq 1 ]]; then
|
||||
|
@ -245,6 +241,56 @@ function __setup__security__amavis() {
|
|||
fi
|
||||
}
|
||||
|
||||
# If `SPAM_SUBJECT` is not empty, we create a Sieve script that alters the `Subject`
|
||||
# header, in order to prepend a user-defined string.
|
||||
function _setup_spam_subject() {
|
||||
if [[ -z ${SPAM_SUBJECT} ]]
|
||||
then
|
||||
__rspamd__log 'debug' 'Spam subject is not set - no prefix will be added to spam e-mails'
|
||||
else
|
||||
__rspamd__log 'debug' "Spam subject is set - the prefix '${SPAM_SUBJECT}' will be added to spam e-mails"
|
||||
|
||||
__rspamd__log 'trace' "Enabling '+editheader' Sieve extension"
|
||||
# check whether sieve_global_extensions is disabled (and enabled it if so)
|
||||
sed -i -E 's|#(sieve_global_extensions.*)|\1|' /etc/dovecot/conf.d/90-sieve.conf
|
||||
# then append the extension
|
||||
sedfile -i -E 's|(sieve_global_extensions.*)|\1 +editheader|' /etc/dovecot/conf.d/90-sieve.conf
|
||||
|
||||
# This directory contains Sieve scripts that are executed before user-defined Sieve
|
||||
# scripts run.
|
||||
local DOVECOT_SIEVE_GLOBAL_BEFORE_DIR='/usr/lib/dovecot/sieve-global/before'
|
||||
local DOVECOT_SIEVE_FILE='spam_subject'
|
||||
readonly DOVECOT_SIEVE_GLOBAL_BEFORE_DIR DOVECOT_SIEVE_FILE
|
||||
|
||||
mkdir -p "${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}"
|
||||
# ref: https://superuser.com/a/1502589
|
||||
cat >"${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}/${DOVECOT_SIEVE_FILE}.sieve" << EOF
|
||||
require ["editheader","variables"];
|
||||
|
||||
if anyof (header :contains "X-Spam-Flag" "YES",
|
||||
header :contains "X-Spam" "Yes")
|
||||
{
|
||||
# Match the entire subject ...
|
||||
if header :matches "Subject" "*" {
|
||||
# ... to get it in a match group that can then be stored in a variable:
|
||||
set "subject" "\${1}";
|
||||
}
|
||||
|
||||
# We can't "replace" a header, but we can delete (all instances of) it and
|
||||
# re-add (a single instance of) it:
|
||||
deleteheader "Subject";
|
||||
|
||||
# Note that the header is added ":last" (so it won't appear before possible
|
||||
# "Received" headers).
|
||||
addheader :last "Subject" "${SPAM_SUBJECT}\${subject}";
|
||||
}
|
||||
EOF
|
||||
|
||||
sievec "${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}/${DOVECOT_SIEVE_FILE}.sieve"
|
||||
chown dovecot:root "${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}/${DOVECOT_SIEVE_FILE}."{sieve,svbin}
|
||||
fi
|
||||
}
|
||||
|
||||
# We can use Sieve to move spam emails to the "Junk" folder.
|
||||
function _setup_spam_to_junk() {
|
||||
if [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]; then
|
||||
|
|
|
@ -21,7 +21,6 @@ function _setup_rspamd() {
|
|||
__rspamd__setup_greylisting
|
||||
__rspamd__setup_hfilter_group
|
||||
__rspamd__setup_check_authenticated
|
||||
__rspamd__setup_spam_subject
|
||||
_rspamd_handle_user_modules_adjustments # must run last
|
||||
|
||||
# only performing checks, no further setup handled from here onwards
|
||||
|
@ -305,55 +304,6 @@ function __rspamd__setup_check_authenticated() {
|
|||
fi
|
||||
}
|
||||
|
||||
# If `SPAM_SUBJECT` is not empty, we create a Sieve script that alters the `Subject`
|
||||
# header, in order to prepend a user-defined string.
|
||||
function __rspamd__setup_spam_subject() {
|
||||
if [[ -z ${SPAM_SUBJECT} ]]
|
||||
then
|
||||
__rspamd__log 'debug' 'Spam subject is not set - no prefix will be added to spam e-mails'
|
||||
else
|
||||
__rspamd__log 'debug' "Spam subject is set - the prefix '${SPAM_SUBJECT}' will be added to spam e-mails"
|
||||
|
||||
__rspamd__log 'trace' "Enabling '+editheader' Sieve extension"
|
||||
# check whether sieve_global_extensions is disabled (and enabled it if so)
|
||||
sed -i -E 's|#(sieve_global_extensions.*)|\1|' /etc/dovecot/conf.d/90-sieve.conf
|
||||
# then append the extension
|
||||
sedfile -i -E 's|(sieve_global_extensions.*)|\1 +editheader|' /etc/dovecot/conf.d/90-sieve.conf
|
||||
|
||||
# This directory contains Sieve scripts that are executed before user-defined Sieve
|
||||
# scripts run.
|
||||
local DOVECOT_SIEVE_GLOBAL_BEFORE_DIR='/usr/lib/dovecot/sieve-global/before'
|
||||
local DOVECOT_SIEVE_FILE='rspamd_spam_subject'
|
||||
readonly DOVECOT_SIEVE_GLOBAL_BEFORE_DIR DOVECOT_SIEVE_FILE
|
||||
|
||||
mkdir -p "${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}"
|
||||
# ref: https://superuser.com/a/1502589
|
||||
cat >"${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}/${DOVECOT_SIEVE_FILE}.sieve" << EOF
|
||||
require ["editheader","variables"];
|
||||
|
||||
if header :contains "X-Spam" "Yes"
|
||||
{
|
||||
# Match the entire subject ...
|
||||
if header :matches "Subject" "*" {
|
||||
# ... to get it in a match group that can then be stored in a variable:
|
||||
set "subject" "\${1}";
|
||||
}
|
||||
|
||||
# We can't "replace" a header, but we can delete (all instances of) it and
|
||||
# re-add (a single instance of) it:
|
||||
deleteheader "Subject";
|
||||
|
||||
# Note that the header is added ":last" (so it won't appear before possible
|
||||
# "Received" headers).
|
||||
addheader :last "Subject" "${SPAM_SUBJECT}\${subject}";
|
||||
}
|
||||
EOF
|
||||
|
||||
sievec "${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}/${DOVECOT_SIEVE_FILE}.sieve"
|
||||
chown dovecot:root "${DOVECOT_SIEVE_GLOBAL_BEFORE_DIR}/${DOVECOT_SIEVE_FILE}."{sieve,svbin}
|
||||
fi
|
||||
}
|
||||
|
||||
# This function performs a simple check: go through DKIM configuration files, acquire
|
||||
# all private key file locations and check whether they exist and whether they can be
|
||||
# accessed by Rspamd.
|
||||
|
|
Loading…
Reference in New Issue