Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Replace amavis with rmilter plus clamav and rspamd
- Loading branch information
Showing
12 changed files
with
163 additions
and
192 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
FROM alpine | ||
|
||
RUN apk add --update \ | ||
clamav \ | ||
rsyslog \ | ||
wget \ | ||
&& rm -rf /var/cache/apk/* | ||
|
||
|
||
COPY conf /etc/clamav | ||
|
||
|
||
CMD ["/usr/sbin/clamd"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,13 @@ | ||
FROM alpine | ||
FROM alpine:edge | ||
|
||
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ | ||
&& apk add --update \ | ||
perl-socket6 \ | ||
perl-io-socket-inet6@testing \ | ||
amavisd-new \ | ||
spamassassin \ | ||
clamav \ | ||
rsyslog \ | ||
wget \ | ||
rmilter@testing rsyslog \ | ||
&& rm -rf /var/cache/apk/* | ||
|
||
COPY conf /etc/ | ||
COPY rmilter.conf /etc/rmilter.conf | ||
COPY rsyslog.conf /etc/rsyslog.conf | ||
|
||
COPY start.sh /start.sh | ||
|
||
CMD ["/start.sh"] | ||
CMD ["/start.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
# pidfile - path to pid file | ||
pidfile = /run/rmilter.pid; | ||
|
||
# bind_socket - socket credits for local bind: | ||
bind_socket = inet:9900 | ||
|
||
# tempdir - path to directory that contains temporary files | ||
tempdir = /tmp; | ||
|
||
# tempfiles_mode - set permission for temp files | ||
tempfiles_mode = 00600; | ||
|
||
# max_size - maximum size of scanned mail with clamav and dcc | ||
max_size = 10M; | ||
|
||
# strict_auth - strict checks for mails from authenticated senders | ||
strict_auth = no; | ||
|
||
# use_dcc - whether use or not dcc system | ||
use_dcc = no; | ||
use_redis = yes; | ||
|
||
clamav { | ||
# servers - clamav socket definitions in format: | ||
servers = antivirus:3310; | ||
# connect_timeout - timeout in miliseconds for connecting to clamav | ||
connect_timeout = 1s; | ||
# port_timeout - timeout in miliseconds for waiting for clamav port response | ||
port_timeout = 4s; | ||
# results_timeout - timeout in miliseconds for waiting for clamav response | ||
results_timeout = 20s; | ||
# error_time - time in seconds during which we are counting errors | ||
error_time = 10; | ||
# dead_time - time in seconds during which we are thinking that server is down | ||
dead_time = 300; | ||
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that | ||
# Default: 10 | ||
maxerrors = 10; | ||
}; | ||
|
||
spamd { | ||
# servers - spamd socket definitions in format: | ||
servers = r:antispam:11333; | ||
# connect_timeout - timeout in milliseconds for connecting to spamd | ||
connect_timeout = 1s; | ||
# results_timeout - timeout in milliseconds for waiting for spamd response | ||
results_timeout = 20s; | ||
# error_time - time in seconds during which we are counting errors | ||
error_time = 10; | ||
# dead_time - time in seconds during which we are thinking that server is down | ||
dead_time = 300; | ||
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that | ||
maxerrors = 10; | ||
# reject_message - reject message for spam | ||
reject_message = "Spam message rejected; If this is not spam contact abuse"; | ||
# whitelist - list of ips or nets that should be not checked with spamd | ||
whitelist = 127.0.0.1/32, [::1]/128; | ||
# rspamd_metric - metric for using with rspamd | ||
rspamd_metric = "default"; | ||
# Do not reject, add header | ||
spamd_never_reject = yes; | ||
}; | ||
|
||
redis { | ||
# servers_grey - redis servers for greylisting in format: | ||
servers_grey = redis:6379; | ||
# servers_white - redis servers for whitelisting in format similar to that is used | ||
servers_white = redis:6379; | ||
# servers_limits - redis servers used for limits storing, can not be mirrored | ||
servers_limits = redis:6379; | ||
# servers_id - redis servers used for message id storing, can not be mirrored | ||
servers_id = redis:6379; | ||
# id_prefix - prefix for extracting message ids from redis | ||
id_prefix = "message_id."; | ||
# grey_prefix - prefix for extracting greylisted records from redis | ||
grey_prefix = "grey."; | ||
# id_prefix - prefix for extracting whitelisted records from redis | ||
white_prefix = "white."; | ||
# connect_timeout - timeout in miliseconds for waiting for redis | ||
connect_timeout = 1s; | ||
# error_time - time in seconds during which we are counting errors | ||
error_time = 10; | ||
# dead_time - time in seconds during which we are thinking that server is down | ||
dead_time = 300; | ||
# maxerrors - maximum number of errors that can occur during error_time to make us thinking that | ||
maxerrors = 10; | ||
}; | ||
|
||
# limits section | ||
limits { | ||
# Whitelisted ip or networks | ||
limit_whitelist = 127.0.0.1/32, [::1]/128; | ||
# Whitelisted recipients | ||
limit_whitelist_rcpt = postmaster, mailer-daemon; | ||
# Addrs for bounce checks | ||
limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon; | ||
# Limit for bounce mail | ||
limit_bounce_to = 5:0.000277778; | ||
# Limit for bounce mail per one source ip | ||
limit_bounce_to_ip = 5:0.000277778; | ||
# Limit for all mail per recipient | ||
limit_to = 20:0.016666667; | ||
# Limit for all mail per one source ip | ||
limit_to_ip = 30:0.025; | ||
# Limit for all mail per one source ip and from address | ||
limit_to_ip_from = 100:0.033333333; | ||
}; | ||
|
||
|
||
greylisting { | ||
timeout = 300s; | ||
expire = 3d; | ||
whitelist = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, [::1]/128; | ||
awl_enable = yes; | ||
awl_pool = 10M; | ||
awl_hits = 10; | ||
awl_ttl = 3600s; | ||
}; | ||
|
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/sh | ||
|
||
rm -f /var/run/rsyslogd.pid | ||
rmilter -c /etc/rmilter.conf | ||
rsyslogd -n |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
FROM alpine:edge | ||
|
||
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ | ||
&& apk add --update \ | ||
rspamd@testing rsyslog \ | ||
&& rm -rf /var/cache/apk/* | ||
|
||
RUN mkdir /run/rspamd | ||
|
||
CMD ["rspamd", "-f", "-i"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
$ModLoad imuxsock | ||
$template noTimestampFormat,"%syslogtag%%msg%\n" | ||
$ActionFileDefaultTemplate noTimestampFormat | ||
*.*;auth,authpriv.none /dev/stdout |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/sh | ||
|
||
rspamd -i | ||
rsyslogd -n |