From 813ab01e9d3f456a321c3ba184f26ce749ceebae Mon Sep 17 00:00:00 2001 From: kload Date: Sat, 31 Oct 2015 12:33:06 +0100 Subject: [PATCH] [enh] Replace the email stack by Rspamd/Rmilter --- data/hooks/conf_regen/22-email-legacy | 26 + data/hooks/conf_regen/22-postgrey | 23 - data/hooks/conf_regen/25-dovecot | 2 - data/hooks/conf_regen/28-rmilter | 37 + data/hooks/conf_regen/28-spamassassin | 21 - data/hooks/conf_regen/31-amavis | 37 - data/hooks/conf_regen/31-rspamd | 27 + data/templates/amavis/05-domain_id | 19 - data/templates/amavis/05-node_id | 13 - data/templates/amavis/15-content_filter_mode | 23 - data/templates/amavis/20-debian_defaults | 216 --- data/templates/amavis/50-user.sed | 30 - data/templates/dovecot/dovecot.conf.sed | 10 +- data/templates/dovecot/sa-learn-pipe.sh | 9 - data/templates/postfix/main.cf.sed | 13 +- data/templates/postfix/master.cf | 29 - data/templates/postgrey/postgrey.default | 12 - data/templates/rmilter/rmilter.conf | 18 + data/templates/rspamd/metrics.conf | 1163 +++++++++++++++++ data/templates/rspamd/rspamd.sieve | 4 + data/templates/spamassassin/local.cf | 94 -- .../spamassassin/spamassassin.default | 31 - debian/control | 7 +- 23 files changed, 1292 insertions(+), 572 deletions(-) create mode 100644 data/hooks/conf_regen/22-email-legacy delete mode 100644 data/hooks/conf_regen/22-postgrey create mode 100644 data/hooks/conf_regen/28-rmilter delete mode 100644 data/hooks/conf_regen/28-spamassassin delete mode 100644 data/hooks/conf_regen/31-amavis create mode 100644 data/hooks/conf_regen/31-rspamd delete mode 100644 data/templates/amavis/05-domain_id delete mode 100644 data/templates/amavis/05-node_id delete mode 100644 data/templates/amavis/15-content_filter_mode delete mode 100644 data/templates/amavis/20-debian_defaults delete mode 100644 data/templates/amavis/50-user.sed delete mode 100644 data/templates/dovecot/sa-learn-pipe.sh delete mode 100644 data/templates/postgrey/postgrey.default create mode 100644 data/templates/rmilter/rmilter.conf create mode 100644 data/templates/rspamd/metrics.conf create mode 100644 data/templates/rspamd/rspamd.sieve delete mode 100644 data/templates/spamassassin/local.cf delete mode 100644 data/templates/spamassassin/spamassassin.default diff --git a/data/hooks/conf_regen/22-email-legacy b/data/hooks/conf_regen/22-email-legacy new file mode 100644 index 000000000..e66a20045 --- /dev/null +++ b/data/hooks/conf_regen/22-email-legacy @@ -0,0 +1,26 @@ +#!/bin/bash +set -e + +# Add new email services +sudo yunohost service add rspamd -l /var/log/mail.log \ + || echo "Rspamd is already listed in services" + +sudo yunohost service add rmilter -l /var/log/mail.log \ + || echo "Rspamd is already listed in services" + +# Remove previous email services +sudo yunohost service disable spamassassin \ + || echo "Spamassassin is already removed" \ + && systemctl disable spamassassin || true + +sudo yunohost service disable amavis \ + || echo "Amavis is already removed" \ + && systemctl disable spamassassin || true + +sudo yunohost service disable postgrey \ + || echo "Postgrey is already removed" \ + && systemctl disable postgrey || true + +sudo yunohost service disable postgrey \ + && sudo yunohost service remove amavis \ + || echo "Amavis is already removed" diff --git a/data/hooks/conf_regen/22-postgrey b/data/hooks/conf_regen/22-postgrey deleted file mode 100644 index b1f924a0e..000000000 --- a/data/hooks/conf_regen/22-postgrey +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -set -e - -force=$1 - -function safe_copy () { - if [[ "$force" == "True" ]]; then - sudo yunohost service safecopy \ - -s postgrey \ - $1 $2 \ - --force - else - sudo yunohost service safecopy \ - -s postgrey \ - $1 $2 - fi -} - -cd /usr/share/yunohost/templates/postgrey - -if [[ "$(safe_copy postgrey.default /etc/default/postgrey)" == "True" ]]; then - sudo service nslcd restart -fi diff --git a/data/hooks/conf_regen/25-dovecot b/data/hooks/conf_regen/25-dovecot index 642fa9570..252828c7f 100644 --- a/data/hooks/conf_regen/25-dovecot +++ b/data/hooks/conf_regen/25-dovecot @@ -41,8 +41,6 @@ safe_copy dovecot-ldap.conf /etc/dovecot/dovecot-ldap.conf # Setup Sieve sudo rm -rf /etc/dovecot/global_script sudo mkdir -p -m 0770 /etc/dovecot/global_script -safe_copy sa-learn-pipe.sh /usr/bin/sa-learn-pipe.sh -sudo chmod 755 /usr/bin/sa-learn-pipe.sh safe_copy dovecot.sieve /etc/dovecot/global_script/dovecot.sieve sudo chmod 660 /etc/dovecot/global_script/dovecot.sieve > /dev/null 2>&1 \ diff --git a/data/hooks/conf_regen/28-rmilter b/data/hooks/conf_regen/28-rmilter new file mode 100644 index 000000000..ef31b6806 --- /dev/null +++ b/data/hooks/conf_regen/28-rmilter @@ -0,0 +1,37 @@ +#!/bin/bash +set -e + +force=$1 + +function safe_copy () { + if [[ "$force" == "True" ]]; then + sudo yunohost service safecopy \ + -s rmilter $1 $2 --force + else + sudo yunohost service safecopy \ + -s rmilter $1 $2 + fi +} + +cd /usr/share/yunohost/templates/rmilter + +# Copy Rmilter configuration +safe_copy rmilter.conf /etc/rmilter/rmilter.conf + +# Create the PID directory +sudo mkdir -p /var/run/rmilter +sudo chown _rmilter: /var/run/rmilter + +# Create DKIM key for each YunoHost domain +sudo mkdir -p /etc/dkim +domain_list=$(sudo yunohost domain list --plain) + +for domain in $domain_list; do + [ -f /etc/dkim/$domain.mail.key ] \ + || sudo opendkim-genkey --domain=$domain --selector=mail + + sudo chown _rmilter /etc/dkim/$domain.mail.key + sudo chmod 400 /etc/dkim/$domain.mail.key +done + +sudo service rmilter restart diff --git a/data/hooks/conf_regen/28-spamassassin b/data/hooks/conf_regen/28-spamassassin deleted file mode 100644 index e55f10dcd..000000000 --- a/data/hooks/conf_regen/28-spamassassin +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -set -e - -force=$1 - -function safe_copy () { - if [[ "$force" == "True" ]]; then - sudo yunohost service safecopy \ - -s spamassassin $1 $2 --force - else - sudo yunohost service safecopy \ - -s spamassassin $1 $2 - fi -} - -cd /usr/share/yunohost/templates/spamassassin - -safe_copy spamassassin.default /etc/default/spamassassin -safe_copy local.cf /etc/spamassassin/local.cf - -sudo service spamassassin restart diff --git a/data/hooks/conf_regen/31-amavis b/data/hooks/conf_regen/31-amavis deleted file mode 100644 index f25c70fe4..000000000 --- a/data/hooks/conf_regen/31-amavis +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -set -e - -force=$1 - -function safe_copy () { - if [[ "$force" == "True" ]]; then - sudo yunohost service safecopy \ - -s amavis $1 $2 --force - else - sudo yunohost service safecopy \ - -s amavis $1 $2 - fi -} - -cd /usr/share/yunohost/templates/amavis - -sudo mkdir -p /etc/amavis/conf.d/ - -# Copy plain single configuration files -files="05-domain_id -05-node_id -15-content_filter_mode -20-debian_defaults" - -for file in $files; do - safe_copy $file /etc/amavis/conf.d/$file -done - -main_domain=$(cat /etc/yunohost/current_host) -cat 50-user.sed \ - | sed "s/{{ main_domain }}/$main_domain/g" \ - | sudo tee 50-user -safe_copy 50-user /etc/amavis/conf.d/50-user - - -sudo service amavis restart diff --git a/data/hooks/conf_regen/31-rspamd b/data/hooks/conf_regen/31-rspamd new file mode 100644 index 000000000..0f6ef7c16 --- /dev/null +++ b/data/hooks/conf_regen/31-rspamd @@ -0,0 +1,27 @@ +#!/bin/bash +set -e + +force=$1 + +function safe_copy () { + if [[ "$force" == "True" ]]; then + sudo yunohost service safecopy \ + -s rspamd $1 $2 --force + else + sudo yunohost service safecopy \ + -s rspamd $1 $2 + fi +} + +cd /usr/share/yunohost/templates/rspamd + +# Copy Rspamd configuration +safe_copy metrics.conf /etc/rspamd/metrics.conf + +# Install Rspamd sieve script +safe_copy rspamd.sieve /etc/dovecot/global_script/rspamd.sieve +sudo sievec /etc/dovecot/global_script/rspamd.sieve +sudo chmod 660 /etc/dovecot/global_script/rspamd.svbin +sudo chown -R vmail:mail /etc/dovecot/global_script + +sudo service rspamd restart diff --git a/data/templates/amavis/05-domain_id b/data/templates/amavis/05-domain_id deleted file mode 100644 index 01a71e4b3..000000000 --- a/data/templates/amavis/05-domain_id +++ /dev/null @@ -1,19 +0,0 @@ -use strict; - -# $mydomain is used just for convenience in the config files and it is not -# used internally by amavisd-new except in the default X_HEADER_LINE (which -# Debian overrides by default anyway). - -#chomp($mydomain = `head -n 1 /etc/mailname`); - -# amavisd-new needs to know which email domains are to be considered local -# to the administrative domain. Only emails to "local" domains are subject -# to certain functionality, such as the addition of spam tags. -# -# Default local domains to $mydomain and all subdomains. Remember to -# override or redefine this if $mydomain is changed later in the config -# sequence. - -@local_domains_acl = ( ".$mydomain" ); - -1; # ensure a defined return diff --git a/data/templates/amavis/05-node_id b/data/templates/amavis/05-node_id deleted file mode 100644 index ee6665436..000000000 --- a/data/templates/amavis/05-node_id +++ /dev/null @@ -1,13 +0,0 @@ -use strict; - -# $myhostname is used by amavisd-new for node identification, and it is -# important to get it right (e.g. for ESMTP EHLO, loop detection, and so on). - -#chomp($myhostname = `hostname --fqdn`); - -# To manually set $myhostname, edit the following line with the correct Fully -# Qualified Domain Name (FQDN) and remove the # at the beginning of the line. -# -#$myhostname = "mail.example.com"; - -1; # ensure a defined return diff --git a/data/templates/amavis/15-content_filter_mode b/data/templates/amavis/15-content_filter_mode deleted file mode 100644 index 825e9e03c..000000000 --- a/data/templates/amavis/15-content_filter_mode +++ /dev/null @@ -1,23 +0,0 @@ -use strict; - -# You can modify this file to re-enable SPAM checking through spamassassin -# and to re-enable antivirus checking. - -# -# Default antivirus checking mode -# Uncomment the two lines below to enable it back -# - -#@bypass_virus_checks_maps = ( -# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); - - -# -# Default SPAM checking mode -# Uncomment the two lines below to enable it back -# - -@bypass_spam_checks_maps = ( - \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); - -1; # ensure a defined return diff --git a/data/templates/amavis/20-debian_defaults b/data/templates/amavis/20-debian_defaults deleted file mode 100644 index 83e553d28..000000000 --- a/data/templates/amavis/20-debian_defaults +++ /dev/null @@ -1,216 +0,0 @@ -use strict; - -# ADMINISTRATORS: -# Debian suggests that any changes you need to do that should never -# be "updated" by the Debian package should be made in another file, -# overriding the settings in this file. -# -# The package will *not* overwrite your settings, but by keeping -# them separate, you will make the task of merging changes on these -# configuration files much simpler... - -# see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for -# a list of all variables with their defaults; -# see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for -# a traditional-style commented file -# [note: the above files were not converted to Debian settings!] -# -# for more details see documentation in /usr/share/doc/amavisd-new -# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html - -$QUARANTINEDIR = "$MYHOME/virusmails"; -$quarantine_subdir_levels = 1; # enable quarantine dir hashing - -$log_recip_templ = undef; # disable by-recipient level-0 log entries -$DO_SYSLOG = 1; # log via syslogd (preferred) -$syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages -$syslog_facility = 'mail'; -$syslog_priority = 'debug'; # switch to info to drop debug output, etc - -$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) -$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 - -$inet_socket_port = 10024; # default listening socket - -$sa_spam_subject_tag = '***SPAM*** '; -$sa_tag_level_deflt = undef; # add spam info headers if at, or above that level -$sa_tag2_level_deflt = 4.00; # add 'spam detected' headers at that level -$sa_kill_level_deflt = 20.00; # triggers spam evasive actions -$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent - -$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger -$sa_local_tests_only = 0; # only tests which do not require internet access? - -$recipient_delimiter = '+'; -@addr_extension_spam_maps = ('Junk'); - -# Quota limits to avoid bombs (like 42.zip) - -$MAXLEVELS = 14; -$MAXFILES = 1500; -$MIN_EXPANSION_QUOTA = 100*1024; # bytes -$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes - -# You should: -# Use D_DISCARD to discard data (viruses) -# Use D_BOUNCE to generate local bounces by amavisd-new -# Use D_REJECT to generate local or remote bounces by the calling MTA -# Use D_PASS to deliver the message -# -# Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding* -# mail to your account. Use D_BOUNCE instead, otherwise you are delegating -# the bounce work to your friendly forwarders, which might not like it at all. -# -# On dual-MTA setups, one can often D_REJECT, as this just makes your own -# MTA generate the bounce message. Test it first. -# -# Bouncing viruses is stupid, always discard them after you are sure the AV -# is working correctly. Bouncing real SPAM is also useless, if you cannot -# D_REJECT it (and don't D_REJECT mail coming from your forwarders!). - -$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) -$final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA -$final_spam_destiny = D_DISCARD; -$final_bad_header_destiny = D_PASS; # False-positive prone (for spam) - -$enable_dkim_verification = 1; #disabled to prevent warning -$enable_dkim_signing =1; - -$virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default - -# Set to empty ("") to add no header -$X_HEADER_LINE = "Debian $myproduct_name at $mydomain"; - -# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS - -# -# DO NOT SEND VIRUS NOTIFICATIONS TO OUTSIDE OF YOUR DOMAIN. EVER. -# -# These days, almost all viruses fake the envelope sender and mail headers. -# Therefore, "virus notifications" became nothing but undesired, aggravating -# SPAM. This holds true even inside one's domain. We disable them all by -# default, except for the EICAR test pattern. -# - -@viruses_that_fake_sender_maps = (new_RE( - [qr'\bEICAR\b'i => 0], # av test pattern name - [qr/.*/ => 1], # true for everything else -)); - -@keep_decoded_original_maps = (new_RE( -# qr'^MAIL$', # retain full original message for virus checking (can be slow) - qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables - qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, -# qr'^Zip archive data', # don't trust Archive::Zip -)); - - -# for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample - -$banned_filename_re = new_RE( -# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components - - # block certain double extensions anywhere in the base name - qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, - - qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict - - qr'^application/x-msdownload$'i, # block these MIME types - qr'^application/x-msdos-program$'i, - qr'^application/hta$'i, - -# qr'^application/x-msmetafile$'i, # Windows Metafile MIME type -# qr'^\.wmf$', # Windows Metafile file(1) type - -# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types - -# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed -# [ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives -# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives -# [ qr'^application/x-zip-compressed$'i => 0], # allow any within such archives - - qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic -# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| -# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| -# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| -# wmf|wsc|wsf|wsh)$'ix, # banned ext - long - -# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. - - qr'^\.(exe-ms)$', # banned file(1) types -# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types -); -# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 -# and http://www.cknow.com/vtutor/vtextensions.htm - - -# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING - -@score_sender_maps = ({ # a by-recipient hash lookup table, - # results from all matching recipient tables are summed - -# ## per-recipient personal tables (NOTE: positive: black, negative: white) -# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], -# 'user3@example.com' => [{'.ebay.com' => -3.0}], -# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, -# '.cleargreen.com' => -5.0}], - - ## site-wide opinions about senders (the '.' matches any recipient) - '.' => [ # the _first_ matching sender determines the score boost - - new_RE( # regexp-type lookup table, just happens to be all soft-blacklist - [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], - [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], - [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], - [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], - [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], - [qr'^(your_friend|greatoffers)@'i => 5.0], - [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], - ), - -# read_hash("/var/amavis/sender_scores_sitewide"), - -# This are some examples for whitelists, since envelope senders can be forged -# they are not enabled by default. - { # a hash-type lookup table (associative array) - #'nobody@cert.org' => -3.0, - #'cert-advisory@us-cert.gov' => -3.0, - #'owner-alert@iss.net' => -3.0, - #'slashdot@slashdot.org' => -3.0, - #'securityfocus.com' => -3.0, - #'ntbugtraq@listserv.ntbugtraq.com' => -3.0, - #'security-alerts@linuxsecurity.com' => -3.0, - #'mailman-announce-admin@python.org' => -3.0, - #'amavis-user-admin@lists.sourceforge.net'=> -3.0, - #'amavis-user-bounces@lists.sourceforge.net' => -3.0, - #'spamassassin.apache.org' => -3.0, - #'notification-return@lists.sophos.com' => -3.0, - #'owner-postfix-users@postfix.org' => -3.0, - #'owner-postfix-announce@postfix.org' => -3.0, - #'owner-sendmail-announce@lists.sendmail.org' => -3.0, - #'sendmail-announce-request@lists.sendmail.org' => -3.0, - #'donotreply@sendmail.org' => -3.0, - #'ca+envelope@sendmail.org' => -3.0, - #'noreply@freshmeat.net' => -3.0, - #'owner-technews@postel.acm.org' => -3.0, - #'ietf-123-owner@loki.ietf.org' => -3.0, - #'cvs-commits-list-admin@gnome.org' => -3.0, - #'rt-users-admin@lists.fsck.com' => -3.0, - #'clp-request@comp.nus.edu.sg' => -3.0, - #'surveys-errors@lists.nua.ie' => -3.0, - #'emailnews@genomeweb.com' => -5.0, - #'yahoo-dev-null@yahoo-inc.com' => -3.0, - #'returns.groups.yahoo.com' => -3.0, - #'clusternews@linuxnetworx.com' => -3.0, - #lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, - #lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, - - # soft-blacklisting (positive score) - #'sender@example.net' => 3.0, - #'.example.net' => 1.0, - - }, - ], # end of site-wide tables -}); - -1; # ensure a defined return diff --git a/data/templates/amavis/50-user.sed b/data/templates/amavis/50-user.sed deleted file mode 100644 index b0e7ce148..000000000 --- a/data/templates/amavis/50-user.sed +++ /dev/null @@ -1,30 +0,0 @@ -use strict; - -# -# Place your configuration directives here. They will override those in -# earlier files. -# -# See /usr/share/doc/amavisd-new/ for documentation and examples of -# the directives you can use in this file -# - -$myhostname = "{{ main_domain }}"; - -$mydomain = "{{ main_domain }}"; - -# Enable LDAP support -$enable_ldap = 1; - -# Default LDAP settings -$default_ldap = { - hostname => "127.0.0.1", - tls => 0, - version => 3, - base => "dc=yunohost,dc=org", - scope => "sub", - query_filter => "(&(objectClass=inetOrgPerson)(mail=%m))", -}; - - -#------------ Do not modify anything below this line ------------- -1; # ensure a defined return diff --git a/data/templates/dovecot/dovecot.conf.sed b/data/templates/dovecot/dovecot.conf.sed index 6a5070078..44ce55147 100644 --- a/data/templates/dovecot/dovecot.conf.sed +++ b/data/templates/dovecot/dovecot.conf.sed @@ -57,12 +57,12 @@ plugin { antispam_debug_target = syslog antispam_verbose_debug = 0 antispam_backend = pipe + antispam_spam = Junk;SPAM antispam_trash = Trash - antispam_spam = SPAM;Junk - antispam_allow_append_to_spam = no - antispam_pipe_program = /usr/bin/sa-learn-pipe.sh - antispam_pipe_program_spam_arg = --spam - antispam_pipe_program_notspam_arg = --ham + antispam_pipe_program = /usr/bin/rspamc + antispam_pipe_program_args = -h;localhost:11334;-P;q1 + antispam_pipe_program_spam_arg = learn_spam + antispam_pipe_program_notspam_arg = learn_ham } plugin { diff --git a/data/templates/dovecot/sa-learn-pipe.sh b/data/templates/dovecot/sa-learn-pipe.sh deleted file mode 100644 index 67437e559..000000000 --- a/data/templates/dovecot/sa-learn-pipe.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; -echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log ; -#echo $* > /tmp/sendmail-parms.txt ; -cat<&0 >> /tmp/sendmail-msg-$$.txt ; -/usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ; -rm -f /tmp/sendmail-msg-$$.txt ; -echo "$$-end" >> /tmp/sa-learn-pipe.log ; -exit 0; diff --git a/data/templates/postfix/main.cf.sed b/data/templates/postfix/main.cf.sed index fd81ae64f..c6354bb42 100644 --- a/data/templates/postfix/main.cf.sed +++ b/data/templates/postfix/main.cf.sed @@ -86,9 +86,6 @@ smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = -# Use AMaVis -content_filter = amavis:[127.0.0.1]:10024 - # Wait until the RCPT TO command before evaluating restrictions smtpd_delay_reject = yes @@ -128,8 +125,6 @@ smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, - check_policy_service unix:private/policy-spf - check_policy_service inet:127.0.0.1:10023 permit # Use SPF @@ -143,3 +138,11 @@ sender_canonical_classes = envelope_sender smtp_header_checks = regexp:/etc/postfix/header_checks smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter + +# Rmilter +milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} +milter_protocol = 6 +smtpd_milters = inet:localhost:11000 + +# Skip email without checking if milter has died +milter_default_action = accept diff --git a/data/templates/postfix/master.cf b/data/templates/postfix/master.cf index cf7fd6267..ed6d87bd3 100644 --- a/data/templates/postfix/master.cf +++ b/data/templates/postfix/master.cf @@ -116,32 +116,3 @@ dovecot unix - n n - - pipe # (yes) (yes) (yes) (never) (100) # ========================================================================== # Added using postfix-add-filter script: -amavis unix - - - - 2 smtp - -o smtp_data_done_timeout=1200 - -o smtp_send_xforward_command=yes - -o smtp_tls_note_starttls_offer=no - -policy-spf unix - n n - - spawn - user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl - -127.0.0.1:10025 inet n - - - - smtpd - -o content_filter= - -o smtpd_delay_reject=no - -o smtpd_client_restrictions=permit_mynetworks,reject - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o smtpd_data_restrictions=reject_unauth_pipelining - -o smtpd_end_of_data_restrictions= - -o smtpd_restriction_classes= - -o mynetworks=127.0.0.0/8 - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 - -o smtpd_client_connection_count_limit=0 - -o smtpd_client_connection_rate_limit=0 - -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters - -o local_header_rewrite_clients= - -o smtpd_milters= - -o local_recipient_maps= - -o relay_recipient_maps= diff --git a/data/templates/postgrey/postgrey.default b/data/templates/postgrey/postgrey.default deleted file mode 100644 index 1af70c149..000000000 --- a/data/templates/postgrey/postgrey.default +++ /dev/null @@ -1,12 +0,0 @@ -# postgrey startup options, created for Debian - -# you may want to set -# --delay=N how long to greylist, seconds (default: 300) -# --max-age=N delete old entries after N days (default: 35) -# see also the postgrey(8) manpage - -POSTGREY_OPTS="--inet=10023 --delay=30" - -# the --greylist-text commandline argument can not be easily passed through -# POSTGREY_OPTS when it contains spaces. So, insert your text here: -#POSTGREY_TEXT="Your customized rejection message here" diff --git a/data/templates/rmilter/rmilter.conf b/data/templates/rmilter/rmilter.conf new file mode 100644 index 000000000..d74196df8 --- /dev/null +++ b/data/templates/rmilter/rmilter.conf @@ -0,0 +1,18 @@ +# systemd-specific settings for rmilter + +.include /etc/rmilter.conf.common + +pidfile = /var/run/rmilter/rmilter.pid; + +# listen on TCP socket +bind_socket = inet:11000@localhost; + +# DKIM signing +dkim { + domain { + key = /etc/dkim; + domain = "*"; + selector = "mail"; + }; +}; + diff --git a/data/templates/rspamd/metrics.conf b/data/templates/rspamd/metrics.conf new file mode 100644 index 000000000..1236b2a3e --- /dev/null +++ b/data/templates/rspamd/metrics.conf @@ -0,0 +1,1163 @@ +# Metrics settings + +metric { + name = "default"; + # If this param is set to non-zero + # then a metric would accept all symbols + # unknown_weight = 1.0 + + actions { + reject = 21; + add_header = 8; + greylist = 4; + }; + + group { + name = "header"; + symbol { + weight = 2.0; + description = "Subject is missing inside message"; + name = "MISSING_SUBJECT"; + } + symbol { + weight = 2.100000; + description = "Message pretends to be send from Outlook but has 'strange' tags "; + name = "FORGED_OUTLOOK_TAGS"; + } + symbol { + weight = 0.30; + description = "Sender is forged (different From: header and smtp MAIL FROM: addresses)"; + name = "FORGED_SENDER"; + } + symbol { + weight = 3.500000; + description = "Recipients seems to be autogenerated (works if recipients count is more than 5)"; + name = "SUSPICIOUS_RECIPS"; + } + symbol { + weight = 6.0; + description = "Fake reply (has RE in subject, but has not References header)"; + name = "FAKE_REPLY_C"; + } + symbol { + weight = 1.0; + description = "Messages that have only HTML part"; + name = "MIME_HTML_ONLY"; + } + symbol { + weight = 2.0; + description = "Forged yahoo msgid"; + name = "FORGED_MSGID_YAHOO"; + } + symbol { + weight = 2.0; + description = "Forged The Bat! MUA headers"; + name = "FORGED_MUA_THEBAT_BOUN"; + } + symbol { + weight = 5.0; + description = "Charset is missing in a message"; + name = "R_MISSING_CHARSET"; + } + symbol { + weight = 2.0; + description = "Two received headers with ip addresses"; + name = "RCVD_DOUBLE_IP_SPAM"; + } + symbol { + weight = 5.0; + description = "Forged outlook HTML signature"; + name = "FORGED_OUTLOOK_HTML"; + } + symbol { + weight = 5.0; + description = "Recipients are absent or undisclosed"; + name = "R_UNDISC_RCPT"; + } + symbol { + weight = 2.0; + description = "Fake helo for verizon provider"; + name = "FM_FAKE_HELO_VERIZON"; + } + symbol { + weight = 2.0; + description = "Quoted reply-to from yahoo (seems to be forged)"; + name = "REPTO_QUOTE_YAHOO"; + } + symbol { + weight = 5.0; + description = "Mime-OLE is needed but absent (e.g. fake Outlook or fake Exchange)"; + name = "MISSING_MIMEOLE"; + } + symbol { + weight = 2.0; + description = "To header is missing"; + name = "MISSING_TO"; + } + symbol { + weight = 1.500000; + description = "From that contains encoded characters while base 64 is not needed as all symbols are 7bit"; + name = "FROM_EXCESS_BASE64"; + } + symbol { + weight = 1.200000; + description = "From that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; + name = "FROM_EXCESS_QP"; + } + symbol { + weight = 1.500000; + description = "To that contains encoded characters while base 64 is not needed as all symbols are 7bit"; + name = "TO_EXCESS_BASE64"; + } + symbol { + weight = 1.200000; + description = "To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; + name = "TO_EXCESS_QP"; + } + symbol { + weight = 1.500000; + description = "Reply-To that contains encoded characters while base 64 is not needed as all symbols are 7bit"; + name = "REPLYTO_EXCESS_BASE64"; + } + symbol { + weight = 1.200000; + description = "Reply-To that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; + name = "REPLYTO_EXCESS_QP"; + } + symbol { + weight = 1.500000; + description = "Cc that contains encoded characters while base 64 is not needed as all symbols are 7bit"; + name = "CC_EXCESS_BASE64"; + } + symbol { + weight = 1.200000; + description = "Cc that contains encoded characters while quoted-printable is not needed as all symbols are 7bit"; + name = "CC_EXCESS_QP"; + } + symbol { + weight = 5.0; + description = "Mixed characters in a message"; + name = "R_MIXED_CHARSET"; + } + symbol { + weight = 3.500000; + description = "Recipients list seems to be sorted"; + name = "SORTED_RECIPS"; + } + symbol { + weight = 3.0; + description = "Spambots signatures in received headers"; + name = "R_RCVD_SPAMBOTS"; + } + symbol { + weight = 2.0; + description = "To header seems to be autogenerated"; + name = "R_TO_SEEMS_AUTO"; + } + symbol { + weight = 1.0; + description = "Subject needs encoding"; + name = "SUBJECT_NEEDS_ENCODING"; + } + symbol { + weight = 3.840000; + description = "Spam string at the end of message to make statistics faults 0"; + name = "TRACKER_ID"; + } + symbol { + weight = 1.0; + description = "No space in from header"; + name = "R_NO_SPACE_IN_FROM"; + } + symbol { + weight = 8.0; + description = "Subject seems to be spam"; + name = "R_SAJDING"; + } + symbol { + weight = 3.0; + description = "Detects bad content-transfer-encoding for text parts"; + name = "R_BAD_CTE_7BIT"; + } + symbol { + weight = 10.0; + description = "Flash redirect on imageshack.us"; + name = "R_FLASH_REDIR_IMGSHACK"; + } + symbol { + weight = 5.0; + description = "Message id is incorrect"; + name = "INVALID_MSGID"; + } + symbol { + weight = 3.0; + description = "Message id is missing "; + name = "MISSING_MID"; + } + symbol { + weight = 1.0; + description = "Recipients are not the same as RCPT TO: mail command"; + name = "FORGED_RECIPIENTS"; + } + symbol { + weight = 0.0; + description = "Recipients are not the same as RCPT TO: mail command, but a message from a maillist"; + name = "FORGED_RECIPIENTS_MAILLIST"; + } + symbol { + weight = 0.0; + description = "Sender is not the same as MAIL FROM: envelope, but a message is from a maillist"; + name = "FORGED_SENDER_MAILLIST"; + } + symbol { + weight = 2.0; + description = "Forged Exchange messages "; + name = "RATWARE_MS_HASH"; + } + symbol { + weight = 1.0; + description = "Reply-type in content-type"; + name = "STOX_REPLY_TYPE"; + } + symbol { + weight = 0.1; + description = "One received header in a message "; + name = "ONCE_RECEIVED"; + } + symbol { + weight = 2.0; + description = "One received header with 'bad' patterns inside"; + name = "ONCE_RECEIVED_STRICT"; + } + symbol { + weight = 2.0; + description = "Only Content-Type header without other MIME headers"; + name = "MIME_HEADER_CTYPE_ONLY"; + } + symbol { + weight = -1.0; + description = "Message seems to be from maillist"; + name = "MAILLIST"; + } + symbol { + weight = 1.0; + description = "Header From begins with tab"; + name = "HEADER_FROM_DELIMITER_TAB"; + } + symbol { + weight = 1.0; + description = "Header To begins with tab"; + name = "HEADER_TO_DELIMITER_TAB"; + } + symbol { + weight = 1.0; + description = "Header Cc begins with tab"; + name = "HEADER_CC_DELIMITER_TAB"; + } + symbol { + weight = 1.0; + description = "Header Reply-To begins with tab"; + name = "HEADER_REPLYTO_DELIMITER_TAB"; + } + symbol { + weight = 1.0; + description = "Header Date begins with tab"; + name = "HEADER_DATE_DELIMITER_TAB"; + } + symbol { + weight = 1.0; + description = "Header From has no delimiter between header name and header value"; + name = "HEADER_FROM_EMPTY_DELIMITER"; + } + symbol { + weight = 1.0; + description = "Header To has no delimiter between header name and header value"; + name = "HEADER_TO_EMPTY_DELIMITER"; + } + symbol { + weight = 1.0; + description = "Header Cc has no delimiter between header name and header value"; + name = "HEADER_CC_EMPTY_DELIMITER"; + } + symbol { + weight = 1.0; + description = "Header Reply-To has no delimiter between header name and header value"; + name = "HEADER_REPLYTO_EMPTY_DELIMITER"; + } + symbol { + weight = 1.0; + description = "Header Date has no delimiter between header name and header value"; + name = "HEADER_DATE_EMPTY_DELIMITER"; + } + symbol { + weight = 4.0; + description = "Header Received has raw illegal character"; + name = "RCVD_ILLEGAL_CHARS"; + } + symbol { + weight = 4.0; + description = "Fake helo mail.ru in header Received from non mail.ru sender address"; + name = "FAKE_RECEIVED_mail_ru"; + } + symbol { + weight = 4.0; + description = "Fake smtp.yandex.ru Received"; + name = "FAKE_RECEIVED_smtp_yandex_ru"; + } + symbol { + weight = 3.600000; + description = "Forged generic Received"; + name = "FORGED_GENERIC_RECEIVED"; + } + symbol { + weight = 3.600000; + description = "Forged generic Received"; + name = "FORGED_GENERIC_RECEIVED2"; + } + symbol { + weight = 3.600000; + description = "Forged generic Received"; + name = "FORGED_GENERIC_RECEIVED3"; + } + symbol { + weight = 3.600000; + description = "Forged generic Received"; + name = "FORGED_GENERIC_RECEIVED4"; + } + symbol { + weight = 4.600000; + description = "Forged generic Received"; + name = "FORGED_GENERIC_RECEIVED5"; + } + symbol { + weight = 3.0; + description = "Invalid Postfix Received"; + name = "INVALID_POSTFIX_RECEIVED"; + } + symbol { + weight = 5.0; + description = "Invalid Exim Received"; + name = "INVALID_EXIM_RECEIVED"; + } + symbol { + weight = 3.0; + description = "Invalid Exim Received"; + name = "INVALID_EXIM_RECEIVED2"; + } + } + + group { + name = "mua"; + symbol { + weight = 4.0; + description = "Message pretends to be send from The Bat! but has forged Message-ID"; + name = "FORGED_MUA_THEBAT_MSGID"; + } + symbol { + weight = 3.0; + description = "Message pretends to be send from The Bat! but has forged Message-ID"; + name = "FORGED_MUA_THEBAT_MSGID_UNKNOWN"; + } + symbol { + weight = 3.0; + description = "Message pretends to be send from KMail but has forged Message-ID"; + name = "FORGED_MUA_KMAIL_MSGID"; + } + symbol { + weight = 2.500000; + description = "Message pretends to be send from KMail but has forged Message-ID"; + name = "FORGED_MUA_KMAIL_MSGID_UNKNOWN"; + } + symbol { + weight = 4.0; + description = "Message pretends to be send from Opera Mail but has forged Message-ID"; + name = "FORGED_MUA_OPERA_MSGID"; + } + symbol { + weight = 4.0; + description = "Message pretends to be send from suspicious Opera Mail/10.x (Windows) but has forged Message-ID, apparently from KMail"; + name = "SUSPICIOUS_OPERA_10W_MSGID"; + } + symbol { + weight = 4.0; + description = "Message pretends to be send from Mozilla Mail but has forged Message-ID"; + name = "FORGED_MUA_MOZILLA_MAIL_MSGID"; + } + symbol { + weight = 2.500000; + description = "Message pretends to be send from Mozilla Mail but has forged Message-ID"; + name = "FORGED_MUA_MOZILLA_MAIL_MSGID_UNKNOWN"; + } + symbol { + weight = 4.0; + description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID"; + name = "FORGED_MUA_THUNDERBIRD_MSGID"; + } + symbol { + weight = 2.500000; + description = "Forged mail pretending to be from Mozilla Thunderbird but has forged Message-ID"; + name = "FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN"; + } + symbol { + weight = 4.0; + description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID"; + name = "FORGED_MUA_SEAMONKEY_MSGID"; + } + symbol { + weight = 2.500000; + description = "Forged mail pretending to be from Mozilla Seamonkey but has forged Message-ID"; + name = "FORGED_MUA_SEAMONKEY_MSGID_UNKNOWN"; + } + symbol { + weight = 3.0; + description = "Forged outlook MUA"; + name = "FORGED_MUA_OUTLOOK"; + } + } + symbol { + weight = 0.0; + description = "Avoid false positives for FORGED_MUA_* in maillist"; + name = "FORGED_MUA_MAILLIST"; + } + + group { + name = "body"; + symbol { + weight = 9.0; + description = "White color on white background in HTML messages"; + name = "R_WHITE_ON_WHITE"; + } + symbol { + weight = 3.0; + description = "Short html part with a link to an image"; + name = "HTML_SHORT_LINK_IMG_1"; + } + symbol { + weight = 1.0; + description = "Short html part with a link to an image"; + name = "HTML_SHORT_LINK_IMG_2"; + } + symbol { + weight = 0.5; + description = "Short html part with a link to an image"; + name = "HTML_SHORT_LINK_IMG_3"; + } + symbol { + weight = 5.0; + description = "Suspicious boundary in header Content-Type"; + name = "SUSPICIOUS_BOUNDARY"; + } + symbol { + weight = 4.0; + description = "Suspicious boundary in header Content-Type"; + name = "SUSPICIOUS_BOUNDARY2"; + } + symbol { + weight = 3.0; + description = "Suspicious boundary in header Content-Type"; + name = "SUSPICIOUS_BOUNDARY3"; + } + symbol { + weight = 4.0; + description = "Suspicious boundary in header Content-Type"; + name = "SUSPICIOUS_BOUNDARY4"; + } + symbol { + weight = 3.0; + description = "Text and HTML parts differ"; + name = "R_PARTS_DIFFER"; + } + + symbol { + weight = 2.0; + description = "Message contains empty parts and image"; + name = "R_EMPTY_IMAGE"; + } + symbol { + weight = 2.0; + description = "Drugs patterns inside message"; + name = "DRUGS_MANYKINDS"; + } + symbol { + weight = 2.0; + description = ""; + name = "DRUGS_ANXIETY"; + } + symbol { + weight = 2.0; + description = ""; + name = "DRUGS_MUSCLE"; + } + symbol { + weight = 2.0; + description = ""; + name = "DRUGS_ANXIETY_EREC"; + } + symbol { + weight = 2.0; + description = ""; + name = "DRUGS_DIET"; + } + symbol { + weight = 2.0; + description = ""; + name = "DRUGS_ERECTILE"; + } + symbol { + weight = 3.300000; + description = "2 'advance fee' patterns in a message"; + name = "ADVANCE_FEE_2"; + } + symbol { + weight = 2.120000; + description = "3 'advance fee' patterns in a message"; + name = "ADVANCE_FEE_3"; + } + symbol { + weight = 8.0; + description = "Lotto signatures"; + name = "R_LOTTO"; + } + } + + group { + name = "rbl"; + symbol { + name = "DNSWL_BLOCKED"; + weight = 0.0; + description = "Resolver blocked due to excessive queries"; + } + symbol { + name = "RCVD_IN_DNSWL"; + weight = 0.0; + description = "Unrecognised result from dnswl.org"; + } + symbol { + name = "RCVD_IN_DNSWL_NONE"; + weight = 0.0; + description = "Sender listed at http://www.dnswl.org, low none"; + } + symbol { + name = "RCVD_IN_DNSWL_LOW"; + weight = 0.0; + description = "Sender listed at http://www.dnswl.org, low trust"; + } + symbol { + name = "RCVD_IN_DNSWL_MED"; + weight = 0.0; + description = "Sender listed at http://www.dnswl.org, medium trust"; + } + symbol { + name = "RCVD_IN_DNSWL_HI"; + weight = 0.0; + description = "Sender listed at http://www.dnswl.org, high trust"; + } + + symbol { + name = "RBL_SPAMHAUS"; + weight = 0.0; + description = "Unrecognised result from Spamhaus zen"; + } + symbol { + name = "RBL_SPAMHAUS_SBL"; + weight = 2.0; + description = "From address is listed in zen sbl"; + } + symbol { + name = "RBL_SPAMHAUS_CSS"; + weight = 2.0; + description = "From address is listed in zen css"; + } + symbol { + name = "RBL_SPAMHAUS_XBL"; + weight = 4.0; + description = "From address is listed in zen xbl"; + } + symbol { + name = "RBL_SPAMHAUS_PBL"; + weight = 2.0; + description = "From address is listed in zen pbl"; + } + symbol { + name = "RECEIVED_SPAMHAUS_XBL"; + weight = 3.0; + description = "Received address is listed in zen pbl"; + one_shot = true; + } + + symbol { + name = "RWL_SPAMHAUS_WL"; + weight = 0.0; + description = "Unrecognised result from Spamhaus whitelist"; + } + symbol { + name = "RWL_SPAMHAUS_WL_IND"; + weight = 0.0; + description = "Sender listed at Spamhaus whitelist"; + } + symbol { + name = "RWL_SPAMHAUS_WL_TRANS"; + weight = 0.0; + description = "Sender listed at Spamhaus whitelist"; + } + symbol { + name = "RWL_SPAMHAUS_WL_IND_EXP"; + weight = 0.0; + description = "Sender listed at Spamhaus whitelist"; + } + symbol { + name = "RWL_SPAMHAUS_WL_TRANS_EXP"; + weight = 0.0; + description = "Sender listed at Spamhaus whitelist"; + } + + symbol { + weight = 2.0; + description = "From address is listed in senderscore.com BL"; + name = "RBL_SENDERSCORE"; + } + symbol { + weight = 1.0; + description = "From address is listed in ABUSE.CH BL"; + name = "RBL_ABUSECH"; + } + symbol { + weight = 1.0; + description = "From address is listed in UCEPROTECT LEVEL1 BL"; + name = "RBL_UCEPROTECT_LEVEL1"; + } + symbol { + name = "RBL_MAILSPIKE"; + weight = 0.0; + description = "Unrecognised result from Mailspike blacklist"; + } + symbol { + name = "RWL_MAILSPIKE"; + weight = 0.0; + description = "Unrecognised result from Mailspike whitelist"; + } + symbol { + name = "RBL_MAILSPIKE_ZOMBIE"; + weight = 2.0; + description = "From address is listed in RBL"; + } + symbol { + name = "RBL_MAILSPIKE_WORST"; + weight = 2.0; + description = "From address is listed in RBL"; + } + symbol { + name = "RBL_MAILSPIKE_VERYBAD"; + weight = 1.5; + description = "From address is listed in RBL"; + } + symbol { + name = "RBL_MAILSPIKE_BAD"; + weight = 1.0; + description = "From address is listed in RBL"; + } + symbol { + name = "RWL_MAILSPIKE_POSSIBLE"; + weight = 0.0; + description = "From address is listed in RWL"; + } + symbol { + name = "RWL_MAILSPIKE_GOOD"; + weight = 0.0; + description = "From address is listed in RWL"; + } + symbol { + name = "RWL_MAILSPIKE_VERYGOOD"; + weight = 0.0; + description = "From address is listed in RWL"; + } + symbol { + name = "RWL_MAILSPIKE_EXCELLENT"; + weight = 0.0; + description = "From address is listed in RWL"; + } + + symbol { + weight = 0.0; + name = "RBL_SORBS"; + description = "Unrecognised result from SORBS RBL"; + } + symbol { + weight = 2.5; + name = "RBL_SORBS_HTTP"; + description = "List of Open HTTP Proxy Servers."; + } + symbol { + weight = 2.5; + name = "RBL_SORBS_SOCKS"; + description = "List of Open SOCKS Proxy Servers."; + } + symbol { + weight = 1.0; + name = "RBL_SORBS_MISC"; + description = "List of open Proxy Servers not listed in the SOCKS or HTTP lists."; + } + symbol { + weight = 3.0; + name = "RBL_SORBS_SMTP"; + description = "List of Open SMTP relay servers."; + } + symbol { + weight = 1.5; + name = "RBL_SORBS_RECENT"; + description = "List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS within the last 28 days (includes new.spam.dnsbl.sorbs.net)."; + } + symbol { + weight = 0.4; + name = "RBL_SORBS_WEB"; + description = "List of web (WWW) servers which have spammer abusable vulnerabilities (e.g. FormMail scripts)"; + } + symbol { + weight = 2.0; + name = "RBL_SORBS_DUL"; + description = "Dynamic IP Address ranges (NOT a Dial Up list!)"; + } + symbol { + weight = 1.0; + name = "RBL_SORBS_BLOCK"; + description = "List of hosts demanding that they never be tested by SORBS."; + } + symbol { + weight = 1.0; + name = "RBL_SORBS_ZOMBIE"; + description = "List of networks hijacked from their original owners, some of which have already used for spamming."; + } + + symbol { + weight = 1.0; + name = "RBL_SEM"; + description = "Address is listed in Spameatingmonkey RBL"; + } + + symbol { + weight = 1.0; + name = "RBL_SEM_IPV6"; + description = "Address is listed in Spameatingmonkey RBL (ipv6)"; + } + } + + group { + name = "bayes"; + + symbol { + weight = 3.0; + description = "Message probably spam, probability: "; + name = "BAYES_SPAM"; + } + symbol { + weight = -3.0; + description = "Message probably ham, probability: "; + name = "BAYES_HAM"; + } + } + + group { + name = "fuzzy"; + symbol { + weight = 5.0; + description = "Generic fuzzy hash match"; + name = "FUZZY_UNKNOWN"; + } + symbol { + weight = 10.0; + description = "Denied fuzzy hash"; + name = "FUZZY_DENIED"; + } + symbol { + weight = 5.0; + description = "Probable fuzzy hash"; + name = "FUZZY_PROB"; + } + symbol { + weight = -2.1; + description = "Whitelisted fuzzy hash"; + name = "FUZZY_WHITE"; + } + } + + group { + name = "spf"; + symbol { + weight = 1.0; + description = "SPF verification failed"; + name = "R_SPF_FAIL"; + } + symbol { + weight = 0.0; + description = "SPF verification soft-failed"; + name = "R_SPF_SOFTFAIL"; + } + symbol { + weight = 0.0; + description = "SPF policy is neutral"; + name = "R_SPF_NEUTRAL"; + } + symbol { + weight = -1.1; + description = "SPF verification alowed"; + name = "R_SPF_ALLOW"; + } + } + + group { + name = "dkim"; + symbol { + weight = 1.0; + description = "DKIM verification failed"; + name = "R_DKIM_REJECT"; + } + symbol { + weight = 0.0; + description = "DKIM verification soft-failed"; + name = "R_DKIM_TEMPFAIL"; + } + symbol { + weight = -1.1; + description = "DKIM verification succeed"; + name = "R_DKIM_ALLOW"; + one_shot = true; + } + } + + group { + name = "surbl"; + symbol { + weight = 5.500000; + description = "SURBL: Phishing sites"; + name = "PH_SURBL_MULTI"; + } + symbol { + weight = 5.500000; + description = "SURBL: Malware sites"; + name = "MW_SURBL_MULTI"; + } + symbol { + weight = 5.500000; + description = "SURBL: AbuseButler web sites"; + name = "AB_SURBL_MULTI"; + } + symbol { + weight = 5.500000; + description = "SURBL: SpamCop web sites"; + name = "SC_SURBL_MULTI"; + } + symbol { + weight = 5.500000; + description = "SURBL: jwSpamSpy + Prolocation sites"; + name = "JP_SURBL_MULTI"; + } + symbol { + weight = 5.500000; + description = "SURBL: sa-blacklist web sites "; + name = "WS_SURBL_MULTI"; + } + symbol { + weight = 4.500000; + description = "rambler.ru uribl"; + name = "RAMBLER_URIBL"; + } + + symbol { + weight = 0.0; + name = "SEM_URIBL_UNKNOWN"; + description = "Spameatingmonkey uribl unknown"; + } + symbol { + weight = 3.5; + name = "SEM_URIBL"; + description = "Spameatingmonkey uribl"; + } + + symbol { + weight = 0.0; + name = "SEM_URIBL_FRESH15_UNKNOWN"; + description = "Spameatingmonkey uribl unknown"; + } + symbol { + weight = 3.0; + name = "SEM_URIBL_FRESH15"; + description = "Spameatingmonkey uribl. Domains registered in the last 15 days (.AERO,.BIZ,.COM,.INFO,.NAME,.NET,.PRO,.SK,.TEL,.US)"; + } + + symbol { + weight = 0.000000; + description = "DBL uribl unknown symbol (error)"; + name = "DBL"; + } + symbol { + weight = 6.500000; + description = "DBL uribl spam"; + name = "DBL_SPAM"; + } + symbol { + weight = 6.500000; + description = "DBL uribl phishing"; + name = "DBL_PHISH"; + } + symbol { + weight = 6.500000; + description = "DBL uribl malware"; + name = "DBL_MALWARE"; + } + symbol { + weight = 5.500000; + description = "DBL uribl botnet C&C domain"; + name = "DBL_BOTNET"; + } + symbol { + weight = 6.500000; + description = "DBL uribl abused legit spam"; + name = "DBL_ABUSE"; + } + symbol { + weight = 1.500000; + description = "DBL uribl abused spammed redirector domain"; + name = "DBL_ABUSE_REDIR"; + } + symbol { + weight = 7.500000; + description = "DBL uribl abused legit phish"; + name = "DBL_ABUSE_PHISH"; + } + symbol { + weight = 7.500000; + description = "DBL uribl abused legit malware"; + name = "DBL_ABUSE_MALWARE"; + } + symbol { + weight = 5.500000; + description = "DBL uribl abused legit botnet C&C"; + name = "DBL_ABUSE_BOTNET"; + } + symbol { + weight = 0.00000; + description = "DBL uribl IP queries prohibited!"; + name = "DBL_PROHIBIT"; + } + symbol { + weight = 7.5; + description = "uribl.com black url"; + name = "URIBL_BLACK"; + } + symbol { + weight = 3.5; + description = "uribl.com red url"; + name = "URIBL_RED"; + } + symbol { + weight = 1.5; + description = "uribl.com grey url"; + name = "URIBL_GREY"; + } + symbol { + weight = 9.500000; + description = "rambler.ru emailbl"; + name = "RAMBLER_EMAILBL"; + } + } + + group { + name = "phishing"; + + symbol { + weight = 5.0; + description = "Phished mail"; + name = "PHISHING"; + } + } + + group { + name = "date"; + + symbol { + weight = 4.0; + description = "Message date is in future"; + name = "DATE_IN_FUTURE"; + } + symbol { + weight = 1.0; + description = "Message date is in past"; + name = "DATE_IN_PAST"; + } + symbol { + weight = 1.0; + description = "Message date is missing"; + name = "MISSING_DATE"; + } + } + + group { + name = "hfilter"; + + symbol { + weight = 3.00; + name = "HFILTER_HELO_BAREIP"; + description = "Helo host is bare ip"; + } + symbol { + weight = 4.50; + name = "HFILTER_HELO_BADIP"; + description = "Helo host is very bad ip"; + } + symbol { + weight = 2.00; + name = "HFILTER_HELO_UNKNOWN"; + description = "Helo host empty or unknown"; + } + symbol { + weight = 0.5; + name = "HFILTER_HELO_1"; + description = "Helo host checks (very low)"; + } + symbol { + weight = 1.00; + name = "HFILTER_HELO_2"; + description = "Helo host checks (low)"; + } + symbol { + weight = 2.00; + name = "HFILTER_HELO_3"; + description = "Helo host checks (medium)"; + } + symbol { + weight = 2.50; + name = "HFILTER_HELO_4"; + description = "Helo host checks (hard)"; + } + symbol { + weight = 3.00; + name = "HFILTER_HELO_5"; + description = "Helo host checks (very hard)"; + } + symbol { + weight = 0.5; + name = "HFILTER_HOSTNAME_1"; + description = "Hostname checks (very low)"; + } + symbol { + weight = 1.00; + name = "HFILTER_HOSTNAME_2"; + description = "Hostname checks (low)"; + } + symbol { + weight = 2.00; + name = "HFILTER_HOSTNAME_3"; + description = "Hostname checks (medium)"; + } + symbol { + weight = 2.50; + name = "HFILTER_HOSTNAME_4"; + description = "Hostname checks (hard)"; + } + symbol { + weight = 3.00; + name = "HFILTER_HOSTNAME_5"; + description = "Hostname checks (very hard)"; + } + symbol { + weight = 0.20; + name = "HFILTER_HELO_NORESOLVE_MX"; + description = "MX found in Helo and no resolve"; + } + symbol { + weight = 0.3; + name = "HFILTER_HELO_NORES_A_OR_MX"; + description = "Helo no resolve to A or MX"; + } + symbol { + weight = 1.00; + name = "HFILTER_HELO_IP_A"; + description = "Helo A IP != hostname IP"; + } + symbol { + weight = 2.00; + name = "HFILTER_HELO_NOT_FQDN"; + description = "Helo not FQDN"; + } + symbol { + weight = 0.5; + name = "HFILTER_FROMHOST_NORESOLVE_MX"; + description = "MX found in FROM host and no resolve"; + } + symbol { + weight = 1.50; + name = "HFILTER_FROMHOST_NORES_A_OR_MX"; + description = "FROM host no resolve to A or MX"; + } + symbol { + weight = 3.00; + name = "HFILTER_FROMHOST_NOT_FQDN"; + description = "FROM host not FQDN"; + } + symbol { + weight = 0.00; + name = "HFILTER_FROM_BOUNCE"; + description = "Bounce message"; + } + symbol { + weight = 0.50; + name = "HFILTER_MID_NORESOLVE_MX"; + description = "MX found in Message-id host and no resolve"; + } + symbol { + weight = 0.50; + name = "HFILTER_MID_NORES_A_OR_MX"; + description = "Message-id host no resolve to A or MX"; + } + symbol { + weight = 0.50; + name = "HFILTER_MID_NOT_FQDN"; + description = "Message-id host not FQDN"; + } + symbol { + weight = 4.00; + name = "HFILTER_HOSTNAME_UNKNOWN"; + description = "Unknown hostname (no PTR or no resolve PTR to hostname)"; + } + symbol { + weight = 1.50; + name = "HFILTER_RCPT_BOUNCEMOREONE"; + description = "Message from bounce and over 1 recepient"; + } + symbol { + weight = 3.50; + name = "HFILTER_URL_ONLY"; + description = "URL only in body"; + } + symbol { + weight = 2.20; + name = "HFILTER_URL_ONELINE"; + description = "One line URL and text in body"; + } + } + + group { + name = "dmarc"; + + symbol { + weight = -1.0; + name = "DMARC_POLICY_ALLOW"; + description = "DMARC permit policy"; + } + symbol { + weight = 2.0; + name = "DMARC_POLICY_REJECT"; + description = "DMARC reject policy"; + } + symbol { + weight = 1.5; + name = "DMARC_POLICY_QUARANTINE"; + description = "DMARC quarantine policy"; + } + symbol { + weight = 0.1; + name = "DMARC_POLICY_SOFTFAIL"; + description = "DMARC failed"; + } + } +} diff --git a/data/templates/rspamd/rspamd.sieve b/data/templates/rspamd/rspamd.sieve new file mode 100644 index 000000000..38943eefa --- /dev/null +++ b/data/templates/rspamd/rspamd.sieve @@ -0,0 +1,4 @@ +require ["fileinto"]; +if header :is "X-Spam" "yes" { + fileinto "Junk"; +} diff --git a/data/templates/spamassassin/local.cf b/data/templates/spamassassin/local.cf deleted file mode 100644 index bc37b3a60..000000000 --- a/data/templates/spamassassin/local.cf +++ /dev/null @@ -1,94 +0,0 @@ -# This is the right place to customize your installation of SpamAssassin. -report_safe 0 -lock_method flock - -# Bayes-related operations -use_bayes 1 -use_bayes_rules 1 -bayes_auto_learn 1 -bayes_auto_expire 1 -bayes_path /var/lib/amavis/.spamassassin/bayes -bayes_file_mode 0777 - -# External network tests -dns_available yes -skip_rbl_checks 0 -use_razor2 1 -use_pyzor 1 - -# Use URIBL (http://www.uribl.com/about.shtml) -urirhssub URIBL_BLACK multi.uribl.com. A 2 -body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') -describe URIBL_BLACK Contains an URL listed in the URIBL blacklist -tflags URIBL_BLACK net -score URIBL_BLACK 3.0 - -urirhssub URIBL_GREY multi.uribl.com. A 4 -body URIBL_GREY eval:check_uridnsbl('URIBL_GREY') -describe URIBL_GREY Contains an URL listed in the URIBL greylist -tflags URIBL_GREY net -score URIBL_GREY 0.25 - -# Use SURBL (http://www.surbl.org/) -urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 -body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') -describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html -tflags URIBL_JP_SURBL net -score URIBL_JP_SURBL 3.0 - - -score SPF_FAIL 10.000 -score SPF_HELO_FAIL 10.000 -score RAZOR2_CHECK 2.500 -score RAZOR2_CF_RANGE_51_100 3.500 -# -# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be -# tweaked. -# -# Only a small subset of options are listed below -# -########################################################################### - -# Add *****SPAM***** to the Subject header of spam e-mails -# -# rewrite_header Subject *****SPAM***** - - -# Save spam messages as a message/rfc822 MIME attachment instead of -# modifying the original message (0: off, 2: use text/plain instead) -# -# report_safe 1 - - -# Set which networks or hosts are considered 'trusted' by your mail -# server (i.e. not spammers) -# -# trusted_networks 212.17.35. - - -# Set file-locking method (flock is not safe over NFS, but is faster) -# -# lock_method flock - - -# Set the threshold at which a message is considered spam (default: 5.0) -# -# required_score 5.0 - - -# Use Bayesian classifier (default: 1) -# -# use_bayes 1 - - -# Bayesian classifier auto-learning (default: 1) -# -# bayes_auto_learn 1 - - -# Set headers which may provide inappropriate cues to the Bayesian -# classifier -# -# bayes_ignore_header X-Bogosity -# bayes_ignore_header X-Spam-Flag -# bayes_ignore_header X-Spam-Status diff --git a/data/templates/spamassassin/spamassassin.default b/data/templates/spamassassin/spamassassin.default deleted file mode 100644 index da1b33110..000000000 --- a/data/templates/spamassassin/spamassassin.default +++ /dev/null @@ -1,31 +0,0 @@ -# /etc/default/spamassassin -# Duncan Findlay - -# WARNING: please read README.spamd before using. -# There may be security risks. - -# Change to one to enable spamd -ENABLED=0 - -# Options -# See man spamd for possible options. The -d option is automatically added. - -# SpamAssassin uses a preforking model, so be careful! You need to -# make sure --max-children is not set to anything higher than 5, -# unless you know what you're doing. - -OPTIONS="--create-prefs --max-children 5 --helper-home-dir" - -# Pid file -# Where should spamd write its PID to file? If you use the -u or -# --username option above, this needs to be writable by that user. -# Otherwise, the init script will not be able to shut spamd down. -PIDFILE="/var/run/spamd.pid" - -# Set nice level of spamd -#NICE="--nicelevel 15" - -# Cronjob -# Set to anything but 0 to enable the cron job to automatically update -# spamassassin's rules on a nightly basis -CRON=1 diff --git a/debian/control b/debian/control index f95292075..1dacf81c9 100644 --- a/debian/control +++ b/debian/control @@ -28,12 +28,13 @@ Depends: ${python:Depends}, ${misc:Depends}, curl, mariadb-server | mysql-server, php5-mysql | php5-mysqlnd, slapd, ldap-utils, sudo-ldap, libnss-ldapd, - postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, postgrey, + postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, dovecot-ldap, dovecot-lmtpd, dovecot-managesieved, - amavisd-new, razor, pyzor, dovecot-antispam, spamassassin, fail2ban, + dovecot-antispam, fail2ban, nginx-extras (>=1.6.2), php5-fpm, php5-ldap, php5-intl, dnsmasq, openssl, avahi-daemon, - ssowat, metronome + ssowat, metronome, + rspamd, rmilter, memcached, opendkim-tools Recommends: yunohost-admin, bash-completion, rsyslog, ntp, openssh-server, php5-gd, php5-curl, php-gettext, php5-mcrypt,