[enh] Replace the email stack by Rspamd/Rmilter

2024-09-03 20:06:10 +02:00 · 2015-10-31 12:33:06 +01:00 · 2015-10-31 12:33:06 +01:00 · 813ab01e9d
commit 813ab01e9d
parent ee1e3cdd3d
23 changed files with 1292 additions and 572 deletions
--- a/data/hooks/conf_regen/22-email-legacy
+++ b/data/hooks/conf_regen/22-email-legacy
@ -0,0 +1,26 @@
 #!/bin/bash
 set -e 
 # Add new email services
 sudo yunohost service add rspamd -l /var/log/mail.log \
  || echo "Rspamd is already listed in services"
 sudo yunohost service add rmilter -l /var/log/mail.log \
  || echo "Rspamd is already listed in services"
 # Remove previous email services
 sudo yunohost service disable spamassassin \
  || echo "Spamassassin is already removed" \
  && systemctl disable spamassassin || true
 sudo yunohost service disable amavis \
  || echo "Amavis is already removed" \
  && systemctl disable spamassassin || true
 sudo yunohost service disable postgrey \
  || echo "Postgrey is already removed" \
  && systemctl disable postgrey || true
 sudo yunohost service disable postgrey \
  && sudo yunohost service remove amavis \
  || echo "Amavis is already removed"
--- a/data/hooks/conf_regen/22-postgrey
+++ b/data/hooks/conf_regen/22-postgrey
@ -1,23 +0,0 @@
 #!/bin/bash
 set -e 
 force=$1
 function safe_copy () {
    if [[ "$force" == "True" ]]; then
        sudo yunohost service safecopy \
          -s postgrey \
          $1 $2 \
          --force
    else
        sudo yunohost service safecopy \
          -s postgrey \
          $1 $2
    fi
 }
 cd /usr/share/yunohost/templates/postgrey
 if [[ "$(safe_copy postgrey.default /etc/default/postgrey)" == "True" ]]; then
    sudo service nslcd restart
 fi
--- a/data/hooks/conf_regen/25-dovecot
+++ b/data/hooks/conf_regen/25-dovecot
@ -41,8 +41,6 @@ safe_copy dovecot-ldap.conf /etc/dovecot/dovecot-ldap.conf
 # Setup Sieve
 sudo rm -rf /etc/dovecot/global_script
 sudo mkdir -p -m 0770 /etc/dovecot/global_script
 safe_copy sa-learn-pipe.sh /usr/bin/sa-learn-pipe.sh
 sudo chmod 755 /usr/bin/sa-learn-pipe.sh
 safe_copy dovecot.sieve /etc/dovecot/global_script/dovecot.sieve
 sudo chmod 660 /etc/dovecot/global_script/dovecot.sieve > /dev/null 2>&1 \
--- a/data/hooks/conf_regen/28-rmilter
+++ b/data/hooks/conf_regen/28-rmilter
@ -0,0 +1,37 @@
 #!/bin/bash
 set -e 
 force=$1
 function safe_copy () {
    if [[ "$force" == "True" ]]; then
        sudo yunohost service safecopy \
          -s rmilter $1 $2 --force
    else
        sudo yunohost service safecopy \
          -s rmilter $1 $2
    fi
 }
 cd /usr/share/yunohost/templates/rmilter
 # Copy Rmilter configuration
 safe_copy rmilter.conf /etc/rmilter/rmilter.conf
 # Create the PID directory
 sudo mkdir -p /var/run/rmilter
 sudo chown _rmilter: /var/run/rmilter
 # Create DKIM key for each YunoHost domain
 sudo mkdir -p /etc/dkim
 domain_list=$(sudo yunohost domain list --plain)
 for domain in $domain_list; do
    [ -f /etc/dkim/$domain.mail.key ] \
      || sudo opendkim-genkey --domain=$domain --selector=mail
    sudo chown _rmilter /etc/dkim/$domain.mail.key
    sudo chmod 400      /etc/dkim/$domain.mail.key
 done
 sudo service rmilter restart
--- a/data/hooks/conf_regen/28-spamassassin
+++ b/data/hooks/conf_regen/28-spamassassin
@ -1,21 +0,0 @@
 #!/bin/bash
 set -e 
 force=$1
 function safe_copy () {
    if [[ "$force" == "True" ]]; then
        sudo yunohost service safecopy \
          -s spamassassin $1 $2 --force
    else
        sudo yunohost service safecopy \
          -s spamassassin $1 $2
    fi
 }
 cd /usr/share/yunohost/templates/spamassassin
 safe_copy spamassassin.default /etc/default/spamassassin
 safe_copy local.cf /etc/spamassassin/local.cf
 sudo service spamassassin restart
--- a/data/hooks/conf_regen/31-amavis
+++ b/data/hooks/conf_regen/31-amavis
@ -1,37 +0,0 @@
 #!/bin/bash
 set -e 
 force=$1
 function safe_copy () {
    if [[ "$force" == "True" ]]; then
        sudo yunohost service safecopy \
          -s amavis $1 $2 --force
    else
        sudo yunohost service safecopy \
          -s amavis $1 $2
    fi
 }
 cd /usr/share/yunohost/templates/amavis
 sudo mkdir -p /etc/amavis/conf.d/
 # Copy plain single configuration files
 files="05-domain_id
 05-node_id
 15-content_filter_mode
 20-debian_defaults"
 for file in $files; do
    safe_copy $file /etc/amavis/conf.d/$file
 done
 main_domain=$(cat /etc/yunohost/current_host)
 cat 50-user.sed \
  | sed "s/{{ main_domain }}/$main_domain/g" \
  | sudo tee 50-user
 safe_copy 50-user /etc/amavis/conf.d/50-user
 sudo service amavis restart
--- a/data/hooks/conf_regen/31-rspamd
+++ b/data/hooks/conf_regen/31-rspamd
@ -0,0 +1,27 @@
 #!/bin/bash
 set -e 
 force=$1
 function safe_copy () {
    if [[ "$force" == "True" ]]; then
        sudo yunohost service safecopy \
          -s rspamd $1 $2 --force
    else
        sudo yunohost service safecopy \
          -s rspamd $1 $2
    fi
 }
 cd /usr/share/yunohost/templates/rspamd
 # Copy Rspamd configuration
 safe_copy metrics.conf /etc/rspamd/metrics.conf
 # Install Rspamd sieve script
 safe_copy rspamd.sieve /etc/dovecot/global_script/rspamd.sieve
 sudo sievec /etc/dovecot/global_script/rspamd.sieve
 sudo chmod 660 /etc/dovecot/global_script/rspamd.svbin
 sudo chown -R vmail:mail /etc/dovecot/global_script
 sudo service rspamd restart
--- a/data/templates/amavis/05-domain_id
+++ b/data/templates/amavis/05-domain_id
@ -1,19 +0,0 @@
 use strict;
 # $mydomain is used just for convenience in the config files and it is not
 # used internally by amavisd-new except in the default X_HEADER_LINE (which
 # Debian overrides by default anyway).
 #chomp($mydomain = `head -n 1 /etc/mailname`);
 # amavisd-new needs to know which email domains are to be considered local
 # to the administrative domain.  Only emails to "local" domains are subject
 # to certain functionality, such as the addition of spam tags.
 #
 # Default local domains to $mydomain and all subdomains.  Remember to
 # override or redefine this if $mydomain is changed later in the config
 # sequence.
@local_domains_acl = ( ".$mydomain" );
 1;  # ensure a defined return
--- a/data/templates/amavis/05-node_id
+++ b/data/templates/amavis/05-node_id
@ -1,13 +0,0 @@
 use strict;
 # $myhostname is used by amavisd-new for node identification, and it is
 # important to get it right (e.g. for ESMTP EHLO, loop detection, and so on).
 #chomp($myhostname = `hostname --fqdn`);
 # To manually set $myhostname, edit the following line with the correct Fully
 # Qualified Domain Name (FQDN) and remove the # at the beginning of the line.
 #
 #$myhostname = "mail.example.com";
 1;  # ensure a defined return
--- a/data/templates/amavis/15-content_filter_mode
+++ b/data/templates/amavis/15-content_filter_mode
@ -1,23 +0,0 @@
 use strict;
 # You can modify this file to re-enable SPAM checking through spamassassin
 # and to re-enable antivirus checking.
 #
 # Default antivirus checking mode
 # Uncomment the two lines below to enable it back
 #
 #@bypass_virus_checks_maps = (
 #   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
 #
 # Default SPAM checking mode
 # Uncomment the two lines below to enable it back
 #
@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
 1;  # ensure a defined return
--- a/data/templates/amavis/20-debian_defaults
+++ b/data/templates/amavis/20-debian_defaults
@ -1,216 +0,0 @@
 use strict;
 # ADMINISTRATORS:
 # Debian suggests that any changes you need to do that should never
 # be "updated" by the Debian package should be made in another file,
 # overriding the settings in this file.
 #
 # The package will *not* overwrite your settings, but by keeping
 # them separate, you will make the task of merging changes on these
 # configuration files much simpler...
 #   see /usr/share/doc/amavisd-new/examples/amavisd.conf-default for
 #       a list of all variables with their defaults;
 #   see /usr/share/doc/amavisd-new/examples/amavisd.conf-sample for
 #       a traditional-style commented file  
 #   [note: the above files were not converted to Debian settings!]
 #
 #   for more details see documentation in /usr/share/doc/amavisd-new
 #   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
 $QUARANTINEDIR = "$MYHOME/virusmails";
 $quarantine_subdir_levels = 1; # enable quarantine dir hashing
 $log_recip_templ = undef;    # disable by-recipient level-0 log entries
 $DO_SYSLOG = 1;              # log via syslogd (preferred)
 $syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
 $syslog_facility = 'mail';
 $syslog_priority = 'debug';  # switch to info to drop debug output, etc
 $enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
 $enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1
 $inet_socket_port = 10024;   # default listening socket
 $sa_spam_subject_tag = '***SPAM*** ';
 $sa_tag_level_deflt  = undef;  # add spam info headers if at, or above that level
 $sa_tag2_level_deflt = 4.00; # add 'spam detected' headers at that level
 $sa_kill_level_deflt = 20.00; # triggers spam evasive actions
 $sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
 $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
 $sa_local_tests_only = 0;    # only tests which do not require internet access?
 $recipient_delimiter = '+';
@addr_extension_spam_maps = ('Junk');
 # Quota limits to avoid bombs (like 42.zip)
 $MAXLEVELS = 14;
 $MAXFILES = 1500;
 $MIN_EXPANSION_QUOTA =      100*1024;  # bytes
 $MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes
 # You should:
 #   Use D_DISCARD to discard data (viruses)
 #   Use D_BOUNCE to generate local bounces by amavisd-new
 #   Use D_REJECT to generate local or remote bounces by the calling MTA
 #   Use D_PASS to deliver the message
 #
 # Whatever you do, *NEVER* use D_REJECT if you have other MTAs *forwarding*
 # mail to your account.  Use D_BOUNCE instead, otherwise you are delegating
 # the bounce work to your friendly forwarders, which might not like it at all.
 #
 # On dual-MTA setups, one can often D_REJECT, as this just makes your own
 # MTA generate the bounce message.  Test it first.
 #
 # Bouncing viruses is stupid, always discard them after you are sure the AV
 # is working correctly.  Bouncing real SPAM is also useless, if you cannot
 # D_REJECT it (and don't D_REJECT mail coming from your forwarders!).
 $final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
 $final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
 $final_spam_destiny       = D_DISCARD;
 $final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
 $enable_dkim_verification = 1; #disabled to prevent warning
 $enable_dkim_signing =1;
 $virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default
 # Set to empty ("") to add no header
 $X_HEADER_LINE = "Debian $myproduct_name at $mydomain";
 # REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS
 #
 # DO NOT SEND VIRUS NOTIFICATIONS TO OUTSIDE OF YOUR DOMAIN. EVER.
 #
 # These days, almost all viruses fake the envelope sender and mail headers.
 # Therefore, "virus notifications" became nothing but undesired, aggravating
 # SPAM.  This holds true even inside one's domain.  We disable them all by
 # default, except for the EICAR test pattern.
 #
@viruses_that_fake_sender_maps = (new_RE(
  [qr'\bEICAR\b'i => 0],            # av test pattern name
  [qr/.*/ => 1],  # true for everything else
 ));
@keep_decoded_original_maps = (new_RE(
 # qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
 # qr'^Zip archive data',     # don't trust Archive::Zip
 ));
 # for $banned_namepath_re, a new-style of banned table, see amavisd.conf-sample
 $banned_filename_re = new_RE(
 # qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
  # block certain double extensions anywhere in the base name
  qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
  qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?$'i, # Windows Class ID CLSID, strict
  qr'^application/x-msdownload$'i,                  # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
 # qr'^application/x-msmetafile$'i,	# Windows Metafile MIME type
 # qr'^\.wmf$',				# Windows Metafile file(1) type
 # qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046 MIME types
 # [ qr'^\.(Z|gz|bz2)$'           => 0 ],  # allow any in Unix-compressed
 # [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives
 # [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within such archives
 # [ qr'^application/x-zip-compressed$'i => 0],  # allow any within such archives
  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
 # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
 #        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
 #        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
 #        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long
 # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
  qr'^\.(exe-ms)$',                       # banned file(1) types
 # qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) types
 );
 # See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
 # and http://www.cknow.com/vtutor/vtextensions.htm
 # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed
 # ## per-recipient personal tables  (NOTE: positive: black, negative: white)
 # 'user1@example.com'  => [{'bla-mobile.press@example.com' => 10.0}],
 # 'user3@example.com'  => [{'.ebay.com'                 => -3.0}],
 # 'user4@example.com'  => [{'cleargreen@cleargreen.com' => -7.0,
 #                           '.cleargreen.com'           => -5.0}],
  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost
   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),
 #  read_hash("/var/amavis/sender_scores_sitewide"),
 # This are some examples for whitelists, since envelope senders can be forged
 # they are not enabled by default. 
   { # a hash-type lookup table (associative array)
     #'nobody@cert.org'                        => -3.0,
     #'cert-advisory@us-cert.gov'              => -3.0,
     #'owner-alert@iss.net'                    => -3.0,
     #'slashdot@slashdot.org'                  => -3.0,
     #'securityfocus.com'                      => -3.0,
     #'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     #'security-alerts@linuxsecurity.com'      => -3.0,
     #'mailman-announce-admin@python.org'      => -3.0,
     #'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     #'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     #'spamassassin.apache.org'                => -3.0,
     #'notification-return@lists.sophos.com'   => -3.0,
     #'owner-postfix-users@postfix.org'        => -3.0,
     #'owner-postfix-announce@postfix.org'     => -3.0,
     #'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     #'sendmail-announce-request@lists.sendmail.org' => -3.0,
     #'donotreply@sendmail.org'                => -3.0,
     #'ca+envelope@sendmail.org'               => -3.0,
     #'noreply@freshmeat.net'                  => -3.0,
     #'owner-technews@postel.acm.org'          => -3.0,
     #'ietf-123-owner@loki.ietf.org'           => -3.0,
     #'cvs-commits-list-admin@gnome.org'       => -3.0,
     #'rt-users-admin@lists.fsck.com'          => -3.0,
     #'clp-request@comp.nus.edu.sg'            => -3.0,
     #'surveys-errors@lists.nua.ie'            => -3.0,
     #'emailnews@genomeweb.com'                => -5.0,
     #'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     #'returns.groups.yahoo.com'               => -3.0,
     #'clusternews@linuxnetworx.com'           => -3.0,
     #lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     #lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,
     # soft-blacklisting (positive score)
     #'sender@example.net'                     =>  3.0,
     #'.example.net'                           =>  1.0,
   },
  ],  # end of site-wide tables
 });
 1;  # ensure a defined return
--- a/data/templates/amavis/50-user.sed
+++ b/data/templates/amavis/50-user.sed
@ -1,30 +0,0 @@
 use strict;
 #
 # Place your configuration directives here.  They will override those in
 # earlier files.
 #
 # See /usr/share/doc/amavisd-new/ for documentation and examples of
 # the directives you can use in this file
 #
 $myhostname = "{{ main_domain }}";
 $mydomain = "{{ main_domain }}";
 # Enable LDAP support 
 $enable_ldap  = 1;
 # Default LDAP settings 
 $default_ldap = {
    hostname => "127.0.0.1",
    tls => 0,
    version => 3,
    base => "dc=yunohost,dc=org",
    scope => "sub",
    query_filter => "(&(objectClass=inetOrgPerson)(mail=%m))",
 };
 #------------ Do not modify anything below this line -------------
 1;  # ensure a defined return
--- a/data/templates/dovecot/dovecot.conf.sed
+++ b/data/templates/dovecot/dovecot.conf.sed
@ -57,12 +57,12 @@ plugin {
  antispam_debug_target = syslog
  antispam_verbose_debug = 0
  antispam_backend = pipe
  antispam_spam = Junk;SPAM
  antispam_trash = Trash
-  antispam_spam = SPAM;Junk
+  antispam_pipe_program = /usr/bin/rspamc
-  antispam_allow_append_to_spam = no
+  antispam_pipe_program_args = -h;localhost:11334;-P;q1
-  antispam_pipe_program = /usr/bin/sa-learn-pipe.sh
+  antispam_pipe_program_spam_arg = learn_spam
-  antispam_pipe_program_spam_arg = --spam
+  antispam_pipe_program_notspam_arg = learn_ham
  antispam_pipe_program_notspam_arg = --ham
 }
 plugin {
--- a/data/templates/dovecot/sa-learn-pipe.sh
+++ b/data/templates/dovecot/sa-learn-pipe.sh
@ -1,9 +0,0 @@
 #!/bin/sh
 echo /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ;
 echo "$$-start ($*)" >> /tmp/sa-learn-pipe.log ;
 #echo $* > /tmp/sendmail-parms.txt ;
 cat<&0 >> /tmp/sendmail-msg-$$.txt ;
 /usr/bin/sa-learn $* /tmp/sendmail-msg-$$.txt ;
 rm -f /tmp/sendmail-msg-$$.txt ;
 echo "$$-end" >> /tmp/sa-learn-pipe.log ;
 exit 0;
--- a/data/templates/postfix/main.cf.sed
+++ b/data/templates/postfix/main.cf.sed
@ -86,9 +86,6 @@ smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain =
 # Use AMaVis 
 content_filter = amavis:[127.0.0.1]:10024
 # Wait until the RCPT TO command before evaluating restrictions 
 smtpd_delay_reject = yes 
@ -128,8 +125,6 @@ smtpd_recipient_restrictions =
    reject_non_fqdn_recipient, 
    reject_unknown_recipient_domain, 
    reject_unauth_destination,
    check_policy_service unix:private/policy-spf
    check_policy_service inet:127.0.0.1:10023
    permit
 # Use SPF
@ -143,3 +138,11 @@ sender_canonical_classes = envelope_sender
 smtp_header_checks = regexp:/etc/postfix/header_checks
 smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter
 # Rmilter
 milter_mail_macros =  i {mail_addr} {client_addr} {client_name} {auth_authen}
 milter_protocol = 6
 smtpd_milters = inet:localhost:11000
 # Skip email without checking if milter has died
 milter_default_action = accept
--- a/data/templates/postfix/master.cf
+++ b/data/templates/postfix/master.cf
@ -116,32 +116,3 @@ dovecot    unix  -       n       n       -       -       pipe
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 # Added using postfix-add-filter script:
 amavis unix    -       -       -       -       2     smtp
     -o smtp_data_done_timeout=1200
     -o smtp_send_xforward_command=yes
     -o smtp_tls_note_starttls_offer=no
 policy-spf  unix  -       n       n       -       -       spawn
     user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
 127.0.0.1:10025 inet n    -       -       -       -     smtpd
     -o content_filter=
     -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_data_restrictions=reject_unauth_pipelining
     -o smtpd_end_of_data_restrictions=
     -o smtpd_restriction_classes=
     -o mynetworks=127.0.0.0/8
     -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001
     -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
     -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
     -o local_header_rewrite_clients=
     -o smtpd_milters=
     -o local_recipient_maps=
     -o relay_recipient_maps=
--- a/data/templates/postgrey/postgrey.default
+++ b/data/templates/postgrey/postgrey.default
@ -1,12 +0,0 @@
 # postgrey startup options, created for Debian
 # you may want to set
 #   --delay=N   how long to greylist, seconds (default: 300)
 #   --max-age=N delete old entries after N days (default: 35)
 # see also the postgrey(8) manpage
 POSTGREY_OPTS="--inet=10023 --delay=30"
 # the --greylist-text commandline argument can not be easily passed through
 # POSTGREY_OPTS when it contains spaces.  So, insert your text here:
 #POSTGREY_TEXT="Your customized rejection message here"
--- a/data/templates/rmilter/rmilter.conf
+++ b/data/templates/rmilter/rmilter.conf
@ -0,0 +1,18 @@
 # systemd-specific settings for rmilter
 .include /etc/rmilter.conf.common 
 pidfile = /var/run/rmilter/rmilter.pid;
 # listen on TCP socket
 bind_socket = inet:11000@localhost;
 # DKIM signing
 dkim {
        domain {
                key = /etc/dkim;
                domain = "*";
                selector = "mail";
        };
 };
--- a/data/templates/rspamd/metrics.conf
+++ b/data/templates/rspamd/metrics.conf
--- a/data/templates/rspamd/rspamd.sieve
+++ b/data/templates/rspamd/rspamd.sieve
@ -0,0 +1,4 @@
 require ["fileinto"];
 if header :is "X-Spam" "yes" {
    fileinto "Junk";
 }
--- a/data/templates/spamassassin/local.cf
+++ b/data/templates/spamassassin/local.cf
@ -1,94 +0,0 @@
 # This is the right place to customize your installation of SpamAssassin.
 report_safe 0 
 lock_method flock 
 # Bayes-related operations 
 use_bayes 1 
 use_bayes_rules 1 
 bayes_auto_learn 1 
 bayes_auto_expire 1 
 bayes_path /var/lib/amavis/.spamassassin/bayes 
 bayes_file_mode 0777 
 # External network tests 
 dns_available yes 
 skip_rbl_checks 0 
 use_razor2 1 
 use_pyzor 1 
 # Use URIBL (http://www.uribl.com/about.shtml) 
 urirhssub       URIBL_BLACK  multi.uribl.com.        A   2 
 body            URIBL_BLACK  eval:check_uridnsbl('URIBL_BLACK') 
 describe        URIBL_BLACK  Contains an URL listed in the URIBL blacklist 
 tflags          URIBL_BLACK  net 
 score           URIBL_BLACK  3.0 
 urirhssub       URIBL_GREY  multi.uribl.com.        A   4 
 body            URIBL_GREY  eval:check_uridnsbl('URIBL_GREY') 
 describe        URIBL_GREY  Contains an URL listed in the URIBL greylist 
 tflags          URIBL_GREY  net 
 score           URIBL_GREY  0.25 
 # Use SURBL (http://www.surbl.org/) 
 urirhssub       URIBL_JP_SURBL  multi.surbl.org.        A   64 
 body            URIBL_JP_SURBL  eval:check_uridnsbl('URIBL_JP_SURBL') 
 describe        URIBL_JP_SURBL  Has URI in JP at http://www.surbl.org/lists.html 
 tflags          URIBL_JP_SURBL  net 
 score           URIBL_JP_SURBL  3.0
 score SPF_FAIL 10.000
 score SPF_HELO_FAIL 10.000
 score RAZOR2_CHECK 2.500
 score RAZOR2_CF_RANGE_51_100 3.500
 #
 # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
 # tweaked.
 #
 # Only a small subset of options are listed below
 #
 ###########################################################################
 #   Add *****SPAM***** to the Subject header of spam e-mails
 #
 # rewrite_header Subject *****SPAM*****
 #   Save spam messages as a message/rfc822 MIME attachment instead of
 #   modifying the original message (0: off, 2: use text/plain instead)
 #
 # report_safe 1
 #   Set which networks or hosts are considered 'trusted' by your mail
 #   server (i.e. not spammers)
 #
 # trusted_networks 212.17.35.
 #   Set file-locking method (flock is not safe over NFS, but is faster)
 #
 # lock_method flock
 #   Set the threshold at which a message is considered spam (default: 5.0)
 #
 # required_score 5.0
 #   Use Bayesian classifier (default: 1)
 #
 # use_bayes 1
 #   Bayesian classifier auto-learning (default: 1)
 #
 # bayes_auto_learn 1
 #   Set headers which may provide inappropriate cues to the Bayesian
 #   classifier
 #
 # bayes_ignore_header X-Bogosity
 # bayes_ignore_header X-Spam-Flag
 # bayes_ignore_header X-Spam-Status
--- a/data/templates/spamassassin/spamassassin.default
+++ b/data/templates/spamassassin/spamassassin.default
@ -1,31 +0,0 @@
 # /etc/default/spamassassin
 # Duncan Findlay
 # WARNING: please read README.spamd before using.
 # There may be security risks.
 # Change to one to enable spamd
 ENABLED=0
 # Options
 # See man spamd for possible options. The -d option is automatically added.
 # SpamAssassin uses a preforking model, so be careful! You need to
 # make sure --max-children is not set to anything higher than 5,
 # unless you know what you're doing.
 OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
 # Pid file
 # Where should spamd write its PID to file? If you use the -u or
 # --username option above, this needs to be writable by that user.
 # Otherwise, the init script will not be able to shut spamd down.
 PIDFILE="/var/run/spamd.pid"
 # Set nice level of spamd
 #NICE="--nicelevel 15"
 # Cronjob
 # Set to anything but 0 to enable the cron job to automatically update
 # spamassassin's rules on a nightly basis
 CRON=1
--- a/debian/control
+++ b/debian/control
@ -28,12 +28,13 @@ Depends: ${python:Depends}, ${misc:Depends},
 curl,
 mariadb-server | mysql-server, php5-mysql | php5-mysqlnd,
 slapd, ldap-utils, sudo-ldap, libnss-ldapd,
- postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, postgrey,
+ postfix-ldap, postfix-policyd-spf-perl, postfix-pcre,
 dovecot-ldap, dovecot-lmtpd, dovecot-managesieved,
- amavisd-new, razor, pyzor, dovecot-antispam, spamassassin, fail2ban,
+ dovecot-antispam, fail2ban,
 nginx-extras (>=1.6.2), php5-fpm, php5-ldap, php5-intl,
 dnsmasq, openssl, avahi-daemon,
- ssowat, metronome
+ ssowat, metronome,
 rspamd, rmilter, memcached, opendkim-tools
 Recommends: yunohost-admin,
 bash-completion, rsyslog, ntp, openssh-server,
 php5-gd, php5-curl, php-gettext, php5-mcrypt,