mail/rspamd: fix permissions and add sender whitelisting (#1357)

* Update Makefile
* Update pkg-descr
* Update setup.sh
* Update multimap.conf
* Create whitelist_sender_domains-map
* Update +TARGETS
* Update multimap.conf
* Update RSpamd.xml
* Update settings.xml

mail/rspamd/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		rspamd
-PLUGIN_VERSION=		1.5
+PLUGIN_VERSION=		1.6
 PLUGIN_COMMENT=		Protect your network from spam
 PLUGIN_DEPENDS=		rspamd
 PLUGIN_MAINTAINER=	franz.fabian.94@gmail.com

mail/rspamd/pkg-descr

@@ -5,6 +5,11 @@ lua.
 Plugin Changelog
 ----------------
 
+1.6
+
+* Fix permissions on maps.d folder
+* Add global sender whitelisting
+
 1.5
 
 * Add whitelisting to Graylist section

mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml

@@ -58,6 +58,14 @@
                 <allownew>true</allownew>
                 <help>If an attached file has a suffix in this list, the mail will be rejected via a hard reject, which means that the server will be immeadiately informed about the policy violation.</help>
             </field>
+            <field>
+                <id>rspamd.multimap.whitelistsender</id>
+                <label>Sender Whitelist</label>
+                <type>select_multiple</type>
+                <style>tokenize</style>
+                <allownew>true</allownew>
+                <help>All sender domains listed here are getting whitelisted, no matter if they have wrong SPF records or are on multiple blacklists.</help>
+            </field>
         </subtab>
         <subtab id="rspamd-general-milter-headers" description="Milter Headers">
             <field>

mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml

@@ -485,6 +485,9 @@
         <Required>N</Required>
         <default>exe,dll,scr,com,cmd,js,bat,vbs,ps1,bat,cpl,lnk,msi,msp,reg</default>
       </badfileextension>
+      <whitelistsender type="CSVListField">
+        <Required>N</Required>
+      </whitelistsender>
     </multimap>
   </items>
 </model>

mail/rspamd/src/opnsense/scripts/rspamd/setup.sh

@@ -5,6 +5,7 @@ mkdir -p /var/run/rspamd
 
 # fix permissions of files generated by configd
 chmod +r /usr/local/etc/rspamd/local.d/*
+chmod +r /usr/local/etc/rspamd/maps.d/*
 chmod o+rx /usr/local/etc/rspamd/local.d
 chown -R nobody /var/log/rspamd
 

mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS

@@ -3,6 +3,7 @@ actions.conf:/usr/local/etc/rspamd/local.d/actions.conf
 antivirus.wl:/usr/local/etc/rspamd/local.d/antivirus.wl
 antivirus.conf:/usr/local/etc/rspamd/local.d/antivirus.conf
 bad_file_extensions-map:/usr/local/etc/rspamd/local.d/bad_file_extensions.map
+whitelist_sender_domains-map:/usr/local/etc/rspamd/local.d/whitelist_sender_domains.map
 dkim_signing.conf:/usr/local/etc/rspamd/local.d/dkim_signing.conf
 dkim.conf:/usr/local/etc/rspamd/local.d/dkim.conf
 spf.conf:/usr/local/etc/rspamd/local.d/spf.conf

mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf

@@ -10,4 +10,11 @@ extension_blacklist {
   symbol = "FILENAME_BLACKLISTED";
   action = "reject";
 }
+
+WHITELIST_SENDER_DOMAIN {
+  type = "from";
+  filter = "email:domain";
+  map = "/${LOCAL_CONFDIR}/local.d/whitelist_sender_domains.map";
+  score = -50.0
+  }
 {% endif %}

mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/whitelist_sender_domains-map

@@ -0,0 +1,5 @@
+{% if helpers.exists('OPNsense.Rspamd.general.enabled') and OPNsense.Rspamd.general.enabled == '1' and helpers.exists('OPNsense.Rspamd.multimap.whitelistsender') and OPNsense.Rspamd.multimap.whitelistsender != '' %}
+{%   for sender in OPNsense.Rspamd.multimap.whitelistsender.split(',') %}
+{{ sender }}
+{%   endfor %}
+{% endif %}