From 419daaab2750ab5225c82490748e2ac881e6a944 Mon Sep 17 00:00:00 2001 From: Flakebi Date: Sat, 27 Feb 2021 22:29:05 +0100 Subject: [PATCH] opensmtpd-filter-rspamd: init at 0.1.7 --- nixos/tests/all-tests.nix | 1 + nixos/tests/opensmtpd-rspamd.nix | 142 ++++++++++++++++++ pkgs/servers/mail/opensmtpd/default.nix | 1 + pkgs/servers/mail/opensmtpd/filter-rspamd.nix | 30 ++++ pkgs/top-level/all-packages.nix | 1 + 5 files changed, 175 insertions(+) create mode 100644 nixos/tests/opensmtpd-rspamd.nix create mode 100644 pkgs/servers/mail/opensmtpd/filter-rspamd.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 1173a177c3ca5c..6f72af11803d9d 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -299,6 +299,7 @@ in openarena = handleTest ./openarena.nix {}; openldap = handleTest ./openldap.nix {}; opensmtpd = handleTest ./opensmtpd.nix {}; + opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {}; openssh = handleTest ./openssh.nix {}; openstack-image-metadata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).metadata or {}; openstack-image-userdata = (handleTestOn ["x86_64-linux"] ./openstack-image.nix {}).userdata or {}; diff --git a/nixos/tests/opensmtpd-rspamd.nix b/nixos/tests/opensmtpd-rspamd.nix new file mode 100644 index 00000000000000..9cb2624e6c4e96 --- /dev/null +++ b/nixos/tests/opensmtpd-rspamd.nix @@ -0,0 +1,142 @@ +import ./make-test-python.nix { + name = "opensmtpd-rspamd"; + + nodes = { + smtp1 = { pkgs, ... }: { + imports = [ common/user-account.nix ]; + networking = { + firewall.allowedTCPPorts = [ 25 143 ]; + useDHCP = false; + interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [ + { address = "192.168.1.1"; prefixLength = 24; } + ]; + }; + environment.systemPackages = [ pkgs.opensmtpd ]; + services.opensmtpd = { + enable = true; + extraServerArgs = [ "-v" ]; + serverConfiguration = '' + listen on 0.0.0.0 + action dovecot_deliver mda \ + "${pkgs.dovecot}/libexec/dovecot/deliver -d %{user.username}" + match from any for local action dovecot_deliver + + action do_relay relay + # DO NOT DO THIS IN PRODUCTION! + # Setting up authentication requires a certificate which is painful in + # a test environment, but THIS WOULD BE DANGEROUS OUTSIDE OF A + # WELL-CONTROLLED ENVIRONMENT! + match from any for any action do_relay + ''; + }; + services.dovecot2 = { + enable = true; + enableImap = true; + mailLocation = "maildir:~/mail"; + protocols = [ "imap" ]; + }; + }; + + smtp2 = { pkgs, ... }: { + imports = [ common/user-account.nix ]; + virtualisation.memorySize = 512; + networking = { + firewall.allowedTCPPorts = [ 25 143 ]; + useDHCP = false; + interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [ + { address = "192.168.1.2"; prefixLength = 24; } + ]; + }; + environment.systemPackages = [ pkgs.opensmtpd ]; + services.rspamd = { + enable = true; + locals."worker-normal.inc".text = '' + bind_socket = "127.0.0.1:11333"; + ''; + }; + services.opensmtpd = { + enable = true; + extraServerArgs = [ "-v" ]; + serverConfiguration = '' + filter rspamd proc-exec "${pkgs.opensmtpd-filter-rspamd}/bin/filter-rspamd" + listen on 0.0.0.0 filter rspamd + action dovecot_deliver mda \ + "${pkgs.dovecot}/libexec/dovecot/deliver -d %{user.username}" + match from any for local action dovecot_deliver + ''; + }; + services.dovecot2 = { + enable = true; + enableImap = true; + mailLocation = "maildir:~/mail"; + protocols = [ "imap" ]; + }; + }; + + client = { pkgs, ... }: { + networking = { + useDHCP = false; + interfaces.eth1.ipv4.addresses = pkgs.lib.mkOverride 0 [ + { address = "192.168.1.3"; prefixLength = 24; } + ]; + }; + environment.systemPackages = let + sendTestMail = pkgs.writeScriptBin "send-a-test-mail" '' + #!${pkgs.python3.interpreter} + import smtplib, sys + + with smtplib.SMTP('192.168.1.1') as smtp: + smtp.sendmail('alice@[192.168.1.1]', 'bob@[192.168.1.2]', """ + From: alice@smtp1 + To: bob@smtp2 + Subject: Test + + Hello World + Here goes the spam test + XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X + """) + ''; + + checkMailBounced = pkgs.writeScriptBin "check-mail-bounced" '' + #!${pkgs.python3.interpreter} + import imaplib + + with imaplib.IMAP4('192.168.1.1', 143) as imap: + imap.login('alice', 'foobar') + imap.select() + status, refs = imap.search(None, 'ALL') + assert status == 'OK' + assert len(refs) == 1 + status, msg = imap.fetch(refs[0], 'BODY[TEXT]') + assert status == 'OK' + content = msg[0][1] + print("===> content:", content) + assert b"An error has occurred while attempting to deliver a message" in content + ''; + in [ sendTestMail checkMailBounced ]; + }; + }; + + testScript = '' + start_all() + + client.wait_for_unit("network-online.target") + smtp1.wait_for_unit("opensmtpd") + smtp2.wait_for_unit("opensmtpd") + smtp2.wait_for_unit("rspamd") + smtp2.wait_for_unit("dovecot2") + + # To prevent sporadic failures during daemon startup, make sure + # services are listening on their ports before sending requests + smtp1.wait_for_open_port(25) + smtp2.wait_for_open_port(25) + smtp2.wait_for_open_port(143) + smtp2.wait_for_open_port(11333) + + client.succeed("send-a-test-mail") + smtp1.wait_until_fails("smtpctl show queue | egrep .") + client.succeed("check-mail-bounced >&2") + ''; + + meta.timeout = 1800; +} diff --git a/pkgs/servers/mail/opensmtpd/default.nix b/pkgs/servers/mail/opensmtpd/default.nix index 6a9fc815fd92c8..72d4ca760e7e7a 100644 --- a/pkgs/servers/mail/opensmtpd/default.nix +++ b/pkgs/servers/mail/opensmtpd/default.nix @@ -62,5 +62,6 @@ stdenv.mkDerivation rec { }; passthru.tests = { basic-functionality-and-dovecot-interaction = nixosTests.opensmtpd; + rspamd-integration = nixosTests.opensmtpd-rspamd; }; } diff --git a/pkgs/servers/mail/opensmtpd/filter-rspamd.nix b/pkgs/servers/mail/opensmtpd/filter-rspamd.nix new file mode 100644 index 00000000000000..62b01cf9266c34 --- /dev/null +++ b/pkgs/servers/mail/opensmtpd/filter-rspamd.nix @@ -0,0 +1,30 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, nixosTests +}: + +buildGoModule rec { + pname = "opensmtpd-filter-rspamd"; + version = "0.1.7"; + + src = fetchFromGitHub { + owner = "poolpOrg"; + repo = "filter-rspamd"; + rev = "v${version}"; + sha256 = "pcHj4utpf/AIUv8/7mE8BLbE8LYkzNKfc4T4hIHgGeI="; + }; + + vendorSha256 = "sNF2c+22FMvKoROkA/3KtSnRdJh4YZLaIx35HD896HI="; + + passthru.tests = { + opensmtpd-rspamd-integration = nixosTests.opensmtpd-rspamd; + }; + + meta = with lib; { + homepage = "https://github.com/poolpOrg/filter-rspamd"; + description = "OpenSMTPD filter integration for the Rspamd daemon"; + license = licenses.isc; + maintainers = with maintainers; [ Flakebi ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index d695650e3547d4..f004807216c3a2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19039,6 +19039,7 @@ in opensmtpd = callPackage ../servers/mail/opensmtpd { }; opensmtpd-extras = callPackage ../servers/mail/opensmtpd/extras.nix { }; + opensmtpd-filter-rspamd = callPackage ../servers/mail/opensmtpd/filter-rspamd.nix { }; openxpki = callPackage ../servers/openxpki { };