feat(amavis): added amavis and configured spam

Spamassassin added as spam filter. MR !1
2022-02-14 09:49:31 +09:30
parent df8997f07d
commit 4db1b34d38
7 changed files with 237 additions and 1 deletions
--- a/16
+++ b/16
@ -32,6 +32,17 @@ RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends
      postfix-ldap=3.5.6-1+b1 \
      libsasl2-modules \
      sasl2-bin \
+        # Amavis
+      amavisd-new=1:2.11.1-5 \
+      spamassassin=3.4.6-1 \
+      spamc=3.4.6-1 \
+        # Amavis decoders
+      arj bzip2 cabextract cpio file gzip nomarch pax unzip zip xzdec lrzip lzop rpm2cpio unrar-free p7zip-full lz4 \
+#      clamav=0.103.5+dfsg-0+deb11u1 \
+#      clamav-daemon=0.103.5+dfsg-0+deb11u1 \
+      libmailtools-perl=2.21-1 \
+      fam=2.7.0-17.3 \
+      libnet-dns-perl=1.29-1 \
 # Cleanup, remove cron jobs not required
 RUN rm -f /etc/cron.d/e2scrub_all \
    && rm -f /etc/cron.daily/apt-compat \
@ -68,9 +79,12 @@ RUN chmod +x /docker-entrypoint.sh \
    && mkdir -p /var/spool/postfix/private/dovecot \
    && chown postfix:postfix /var/spool/postfix/private/dovecot \
    && chown vmail:vmail /var/lib/dovecot \
+      # Spammassassin related Commands
+    && mkdir -p /var/spool/spamassassin \
+    && chmod 777 /var/spool/spamassassin \

 # Setup data volumes
-VOLUME /srv/mail /ssl /var/log
+VOLUME /srv/mail /ssl /var/spool/spamassassin /var/log

 # Configure postfix
 RUN postconf -e "maillog_file=/var/log/postfix.log" \
--- a/include/docker-entrypoint.sh
+++ b/include/docker-entrypoint.sh
@ -8,6 +8,20 @@ if [ "0$POST_MASTER_EMAIL" != "0" ]; then export MAILTO="$POST_MASTER_EMAIL"; fi
 printenv | grep -v "no_proxy" > /etc/environment


+if [ -f "/var/run/amavis/amavisd.pid" ]; then rm /var/run/amavis/amavisd.pid; fi
+
+
+if [ "$1" == "" ]; then
+
+    echo "Setup server type ($SERVERTYPE)"
+
+    echo "[Information] starting supervisor daemon"
+    /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+
+    bash
+
+fi
+
 # compile sieve scripts
 for file in /etc/dovecot/sieve/*.sieve ; 
 do 
--- a/include/etc/amavis/conf.d/15-content_filter_mode
+++ b/include/etc/amavis/conf.d/15-content_filter_mode
@ -0,0 +1,27 @@
+use strict;
+
+# You can modify this file to re-enable SPAM checking through spamassassin
+# and to re-enable antivirus checking.
+
+#
+# Default antivirus checking mode
+# Please note, that anti-virus checking is DISABLED by 
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+#@bypass_virus_checks_maps = (
+#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
+
+
+#
+# Default SPAM checking mode
+# Please note, that anti-spam checking is DISABLED by 
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+@bypass_spam_checks_maps = (
+   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
+
+1;  # ensure a defined return
--- a/include/etc/amavis/conf.d/50-user
+++ b/include/etc/amavis/conf.d/50-user
@ -0,0 +1,39 @@
+use strict;
+
+#
+# Place your configuration directives here.  They will override those in
+# earlier files.
+#
+# See /usr/share/doc/amavisd-new/ for documentation and examples of
+# the directives you can use in this file
+#
+
+# Higher log level to get expected messages at startup
+$log_level = 2;
+
+$X_HEADER_LINE = "Virus Scanning product";
+
+$virus_admin = "postmaster";
+$banned_admin = "postmaster";
+
+$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
+$final_banned_destiny     = D_DISCARD;  
+$final_spam_destiny       = D_PASS;    
+$final_bad_header_destiny = D_PASS;
+
+$sa_spam_subject_tag = '';
+$sa_tag_level_deflt  = -999;  # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
+$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
+
+$spam_quarantine_to       = undef;
+
+# disable the "Received" headers to be added to the mail header
+$allowed_added_header_fields{lc('Received')} = 0;
+
+
+#------------ Do not modify anything below this line -------------
+1;  # ensure a defined return
+
+
--- a/include/etc/default/spamassassin
+++ b/include/etc/default/spamassassin
@ -0,0 +1,2 @@
+OPTIONS="--create-prefs --max-children 5 --username debian-spamd --helper-home-dir /home/spamd/ -s /var/log/spamd.log"
+CRON=1
--- a/include/etc/spamassassin/local.cf
+++ b/include/etc/spamassassin/local.cf
@ -0,0 +1,119 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# Only a small subset of options are listed below
+#
+###########################################################################
+
+#    A 'contact address' users should contact for more info. (replaces
+#    _CONTACTADDRESS_ in the report template)
+# report_contact youremailaddress@domain.tld
+
+
+#   Add *****SPAM***** to the Subject header of spam e-mails
+#
+# rewrite_header Subject *****SPAM*****
+
+
+#   Save spam messages as a message/rfc822 MIME attachment instead of
+#   modifying the original message (0: off, 2: use text/plain instead)
+#
+report_safe 2
+
+
+#   Set which networks or hosts are considered 'trusted' by your mail
+#   server (i.e. not spammers)
+#
+# trusted_networks 212.17.35.
+
+
+#   Set file-locking method (flock is not safe over NFS, but is faster)
+#
+# lock_method flock
+
+
+#   Set the threshold at which a message is considered spam (default: 5.0)
+#
+required_score 5.0
+
+
+#   Use Bayesian classifier (default: 1)
+#
+use_bayes 1
+
+
+#   Bayesian classifier auto-learning (default: 1)
+#
+bayes_auto_learn 1
+
+bayes_path /var/spool/spamassassin/bayes
+
+bayes_file_mode 775
+
+
+
+#   Set headers which may provide inappropriate cues to the Bayesian
+#   classifier
+#
+# bayes_ignore_header X-Bogosity
+# bayes_ignore_header X-Spam-Flag
+# bayes_ignore_header X-Spam-Status
+
+
+#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+#   them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+#   Textual body scan limit    (default: 50000)
+#
+#   Amount of data per email text/* mimepart, that will be run through body
+#   rules.  This enables safer and faster scanning of large messages,
+#   perhaps having very large textual attachments.  There should be no need
+#   to change this well tested default.
+#
+# body_part_scan_size 50000
+
+#   Textual rawbody data scan limit    (default: 500000)
+#
+#   Amount of data per email text/* mimepart, that will be run through
+#   rawbody rules.
+#
+# rawbody_part_scan_size 500000
+
+#   Some shortcircuiting, if the plugin is enabled
+# 
+ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
+#
+#   default: strongly-whitelisted mails are *really* whitelisted now, if the
+#   shortcircuiting plugin is active, causing early exit to save CPU load.
+#   Uncomment to turn this on
+#
+#   SpamAssassin tries hard not to launch DNS queries before priority -100. 
+#   If you want to shortcircuit without launching unneeded queries, make
+#   sure such rule priority is below -100. These examples are already:
+#
+# shortcircuit USER_IN_WHITELIST       on
+# shortcircuit USER_IN_DEF_WHITELIST   on
+# shortcircuit USER_IN_ALL_SPAM_TO     on
+# shortcircuit SUBJECT_IN_WHITELIST    on
+
+#   the opposite; blacklisted mails can also save CPU
+#
+# shortcircuit USER_IN_BLACKLIST       on
+# shortcircuit USER_IN_BLACKLIST_TO    on
+# shortcircuit SUBJECT_IN_BLACKLIST    on
+
+#   if you have taken the time to correctly specify your "trusted_networks",
+#   this is another good way to save CPU
+#
+# shortcircuit ALL_TRUSTED             on
+
+#   and a well-trained bayes DB can save running rules, too
+#
+# shortcircuit BAYES_99                spam
+# shortcircuit BAYES_00                ham
+
+endif # Mail::SpamAssassin::Plugin::Shortcircuit
--- a/include/etc/supervisor/conf.d/supervisord.conf
+++ b/include/etc/supervisor/conf.d/supervisord.conf
@ -31,6 +31,15 @@ stderr_logfile=/var/log/supervisor/%(program_name)s.log
 command=/usr/sbin/cron -f


+[program:amavis]
+startsecs=0
+stopwaitsecs=55
+autostart=true
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/amavisd-new foreground
+

 [program:dovecot]
 startsecs=0
@ -54,3 +63,15 @@ autostart=false
 stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log

+
+
+
+
+[program:spamassassin]
+#directory=/etc/dovecot
+command=spamd --username debian-spamd --nouser-config --syslog stderr --pidfile /var/run/spamd.pid --helper-home-dir /var/lib/spamassassin --ip-address --allowed-ips 0.0.0.0/0
+autorestart=false
+autostart=false
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+