Merge pull request #164 from andryyy/dev
Fall back to dkim.conf for signing
This commit is contained in:
commit
34aba178ac
@ -9,8 +9,8 @@ RUN dpkg-divert --local --rename --add /sbin/initctl \
|
||||
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
|
||||
&& ln -sf /bin/true /usr/bin/ischroot
|
||||
|
||||
RUN apt-key adv --fetch-keys http://rspamd.com/apt/gpg.key \
|
||||
&& echo "deb http://rspamd.com/apt/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
|
||||
RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
|
||||
&& echo "deb http://rspamd.com/apt-stable/ xenial main" > /etc/apt/sources.list.d/rspamd.list \
|
||||
&& apt-get update \
|
||||
&& apt-get -y install rspamd ca-certificates python-pip
|
||||
|
||||
|
34
data/conf/rspamd/local.d/dkim.conf
Normal file
34
data/conf/rspamd/local.d/dkim.conf
Normal file
@ -0,0 +1,34 @@
|
||||
sign_condition =<<EOD
|
||||
return function(task)
|
||||
local smtp_from = task:get_from('smtp')
|
||||
local mime_from = task:get_from('mime')
|
||||
local rspamd_logger = require "rspamd_logger"
|
||||
if smtp_from[1]['domain'] ~= nil and smtp_from[1]['domain'] ~= '' then
|
||||
domain = smtp_from[1]['domain']
|
||||
rspamd_logger.infox(task, "set domain found in smtp from field to %s", domain)
|
||||
if not task:get_user() then
|
||||
rspamd_logger.infox(task, "found domain in smtp header field, but user is not authenticated - skipped")
|
||||
return false
|
||||
end
|
||||
elseif mime_from[1]['domain'] ~= nil and mime_from[1]['domain'] ~= '' then
|
||||
domain = mime_from[1]['domain']
|
||||
rspamd_logger.infox(task, "set domain found in mime from field to %s", domain)
|
||||
else
|
||||
rspamd_logger.infox(task, "cannot determine domain for dkim signing")
|
||||
return false
|
||||
end
|
||||
local keyfile = io.open("/data/dkim/keys/" .. domain .. ".dkim")
|
||||
if keyfile then
|
||||
rspamd_logger.infox(task, "found dkim key file for domain %s", domain)
|
||||
keyfile:close()
|
||||
return {
|
||||
key = "/data/dkim/keys/" .. domain .. ".dkim",
|
||||
domain = domain,
|
||||
selector = "dkim"
|
||||
}
|
||||
else
|
||||
rspamd_logger.infox(task, "no key file for domain %s - skipped", domain)
|
||||
end
|
||||
return false
|
||||
end
|
||||
EOD;
|
@ -1,38 +0,0 @@
|
||||
# If false, messages with empty envelope from are not signed
|
||||
allow_envfrom_empty = true;
|
||||
# If true, envelope/header domain mismatch is ignored
|
||||
allow_hdrfrom_mismatch = false;
|
||||
# If true, multiple from headers are allowed (but only first is used)
|
||||
allow_hdrfrom_multiple = false;
|
||||
# If true, username does not need to contain matching domain
|
||||
allow_username_mismatch = false;
|
||||
# If false, messages from authenticated users are not selected for signing
|
||||
auth_only = true;
|
||||
# Default path to key, can include '$domain' and '$selector' variables
|
||||
path = "/data/dkim/keys/$domain.$selector";
|
||||
# Default selector to use
|
||||
selector = "dkim";
|
||||
# If false, messages from local networks are not selected for signing
|
||||
sign_local = true;
|
||||
# Symbol to add when message is signed
|
||||
symbol = "DKIM_SIGNED";
|
||||
# Whether to fallback to global config
|
||||
try_fallback = true;
|
||||
# Domain to use for DKIM signing: can be "header" or "envelope"
|
||||
use_domain = "header";
|
||||
# Whether to normalise domains to eSLD
|
||||
use_esld = true;
|
||||
# Whether to get keys from Redis
|
||||
use_redis = false;
|
||||
# Hash for DKIM keys in Redis
|
||||
hash_key = "DKIM_KEYS";
|
||||
|
||||
# Domain specific settings
|
||||
#domain {
|
||||
# example.com {
|
||||
# # Private key path
|
||||
# path = "/var/lib/rspamd/dkim/example.key";
|
||||
# # Selector
|
||||
# selector = "ds";
|
||||
# }
|
||||
#}
|
@ -15,6 +15,25 @@ mailcow UI configuration parameters can be to...
|
||||
|
||||
\* To change SOGos default language, you will need to edit `data/conf/sogo/sogo.conf` and replace "English" by your preferred language.
|
||||
|
||||
## Anonymize headers
|
||||
|
||||
Save as `data/conf/postfix/mailcow_anonymize_headers.pcre`:
|
||||
|
||||
```
|
||||
/^\s*Received:[^\)]+\)\s+\(Authenticated sender:(.+)/
|
||||
REPLACE Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:$1
|
||||
/^\s*User-Agent/ IGNORE
|
||||
/^\s*X-Enigmail/ IGNORE
|
||||
/^\s*X-Mailer/ IGNORE
|
||||
/^\s*X-Originating-IP/ IGNORE
|
||||
/^\s*X-Forward/ IGNORE
|
||||
```
|
||||
|
||||
Add this to `data/conf/postfix/main.cf`:
|
||||
```
|
||||
smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre
|
||||
```
|
||||
|
||||
## Backup and restore maildir (simple tar file)
|
||||
|
||||
### Backup
|
||||
|
Loading…
Reference in New Issue
Block a user