From 9674bb26da2510873f2641eb3ad7cf735fa09589 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 3 Jun 2019 18:45:46 +0200 Subject: [PATCH] mail/rspamd: fix permissions and add sender whitelisting (#1357) * Update Makefile * Update pkg-descr * Update setup.sh * Update multimap.conf * Create whitelist_sender_domains-map * Update +TARGETS * Update multimap.conf * Update RSpamd.xml * Update settings.xml --- mail/rspamd/Makefile | 2 +- mail/rspamd/pkg-descr | 5 +++++ .../app/controllers/OPNsense/Rspamd/forms/settings.xml | 8 ++++++++ .../opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml | 3 +++ mail/rspamd/src/opnsense/scripts/rspamd/setup.sh | 1 + .../opnsense/service/templates/OPNsense/Rspamd/+TARGETS | 1 + .../service/templates/OPNsense/Rspamd/multimap.conf | 7 +++++++ .../OPNsense/Rspamd/whitelist_sender_domains-map | 5 +++++ 8 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/whitelist_sender_domains-map diff --git a/mail/rspamd/Makefile b/mail/rspamd/Makefile index a321e1c9b..669c5c70e 100644 --- a/mail/rspamd/Makefile +++ b/mail/rspamd/Makefile @@ -1,5 +1,5 @@ PLUGIN_NAME= rspamd -PLUGIN_VERSION= 1.5 +PLUGIN_VERSION= 1.6 PLUGIN_COMMENT= Protect your network from spam PLUGIN_DEPENDS= rspamd PLUGIN_MAINTAINER= franz.fabian.94@gmail.com diff --git a/mail/rspamd/pkg-descr b/mail/rspamd/pkg-descr index ac70e172d..94f31e996 100644 --- a/mail/rspamd/pkg-descr +++ b/mail/rspamd/pkg-descr @@ -5,6 +5,11 @@ lua. Plugin Changelog ---------------- +1.6 + +* Fix permissions on maps.d folder +* Add global sender whitelisting + 1.5 * Add whitelisting to Graylist section diff --git a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml index 2f4600609..ede741126 100644 --- a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml +++ b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml @@ -58,6 +58,14 @@ true If an attached file has a suffix in this list, the mail will be rejected via a hard reject, which means that the server will be immeadiately informed about the policy violation. + + rspamd.multimap.whitelistsender + + select_multiple + + true + All sender domains listed here are getting whitelisted, no matter if they have wrong SPF records or are on multiple blacklists. + diff --git a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml index fc55ed794..85b654f1c 100644 --- a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml +++ b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml @@ -485,6 +485,9 @@ N exe,dll,scr,com,cmd,js,bat,vbs,ps1,bat,cpl,lnk,msi,msp,reg + + N + diff --git a/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh b/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh index fef896945..ceb224cb8 100755 --- a/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh +++ b/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh @@ -5,6 +5,7 @@ mkdir -p /var/run/rspamd # fix permissions of files generated by configd chmod +r /usr/local/etc/rspamd/local.d/* +chmod +r /usr/local/etc/rspamd/maps.d/* chmod o+rx /usr/local/etc/rspamd/local.d chown -R nobody /var/log/rspamd diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS index d6263bbf7..bf3870cbb 100644 --- a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS +++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS @@ -3,6 +3,7 @@ actions.conf:/usr/local/etc/rspamd/local.d/actions.conf antivirus.wl:/usr/local/etc/rspamd/local.d/antivirus.wl antivirus.conf:/usr/local/etc/rspamd/local.d/antivirus.conf bad_file_extensions-map:/usr/local/etc/rspamd/local.d/bad_file_extensions.map +whitelist_sender_domains-map:/usr/local/etc/rspamd/local.d/whitelist_sender_domains.map dkim_signing.conf:/usr/local/etc/rspamd/local.d/dkim_signing.conf dkim.conf:/usr/local/etc/rspamd/local.d/dkim.conf spf.conf:/usr/local/etc/rspamd/local.d/spf.conf diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf index 9407cc4d5..f357673dc 100644 --- a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf +++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf @@ -10,4 +10,11 @@ extension_blacklist { symbol = "FILENAME_BLACKLISTED"; action = "reject"; } + +WHITELIST_SENDER_DOMAIN { + type = "from"; + filter = "email:domain"; + map = "/${LOCAL_CONFDIR}/local.d/whitelist_sender_domains.map"; + score = -50.0 + } {% endif %} diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/whitelist_sender_domains-map b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/whitelist_sender_domains-map new file mode 100644 index 000000000..8f339fe6b --- /dev/null +++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/whitelist_sender_domains-map @@ -0,0 +1,5 @@ +{% if helpers.exists('OPNsense.Rspamd.general.enabled') and OPNsense.Rspamd.general.enabled == '1' and helpers.exists('OPNsense.Rspamd.multimap.whitelistsender') and OPNsense.Rspamd.multimap.whitelistsender != '' %} +{% for sender in OPNsense.Rspamd.multimap.whitelistsender.split(',') %} +{{ sender }} +{% endfor %} +{% endif %}