From 32c6954e2eddf2350a512e9685defcfb9eda3049 Mon Sep 17 00:00:00 2001
From: Vincent Wilke <vincent@wilkeimnetz.de>
Date: Fri, 16 Apr 2021 13:35:11 +0200
Subject: [PATCH] chore(email): changes in configuration

---
 roles/email/defaults/main.yml                 |  8 +++--
 .../configdir/local.d/worker-controller.inc   |  1 +
 .../configdir/local.d/worker-normal.inc       |  6 ++--
 .../rspamd/configdir/local.d/worker-proxy.inc |  3 +-
 .../rspamd/{configdir => }/rspamd.conf.local  |  0
 .../email/templates/rspamd/worker-proxy.conf  |  6 ++++
 roles/email/templates/rspamd/worker-proxy.inc | 30 +++++++++++++++++++
 roles/email/tests/openrelaycheck.yml          |  8 ++---
 8 files changed, 51 insertions(+), 11 deletions(-)
 create mode 100644 roles/email/templates/rspamd/configdir/local.d/worker-controller.inc
 rename roles/email/templates/rspamd/{configdir => }/rspamd.conf.local (100%)
 create mode 100644 roles/email/templates/rspamd/worker-proxy.conf
 create mode 100644 roles/email/templates/rspamd/worker-proxy.inc

diff --git a/roles/email/defaults/main.yml b/roles/email/defaults/main.yml
index 6fca474..27c3e5d 100644
--- a/roles/email/defaults/main.yml
+++ b/roles/email/defaults/main.yml
@@ -68,12 +68,14 @@ rspamd_docker_conf_path: "/etc/rspamd"
 rspamd_docker_static_runtime_data_path: "/var/lib/rspamd" #*.hs, *.hsmp, *.map files in here get recreated every start and do not have to be backed up
 rspamd_docker_image: registry.gitlab.com/famedly/containers/email/rspamd
 rspamd_docker_name: rspamd
-rspamd_docker_ports: []
+rspamd_docker_ports:
+  - "{{ rspamd_milter_listening_port }}:{{ rspamd_milter_listening_port }}"
 rspamd_docker_labels: {}
 dkim_selector_name: ratzupaltuff-test #hostname or month/year
 dkim_cert_filename: "{{ dkim_selector_name }}.key.pem"
 #rspamd_listening_address: "{{ email_network_prefix }}.1" #v4 for any v4 interface
-rspamd_listening_address: "172.3.0.5" #v4 for any v4 interface
+#rspamd_listening_address: "172.3.0.5" #v4 for any v4 interface
 rspamd_milter_listening_port: "11332"
+rspamd_listening_address: "0.0.0.0" #v4 for any v4 interface
 rspamd_docker_volumes:
-  - "{{ rspamd_host_base_path }}/static_runtime_data/:{{ rspamd_docker_static_runtime_data_path }}:rw"
\ No newline at end of file
+  - "{{ rspamd_host_base_path }}/static_runtime_data/:{{ rspamd_docker_static_runtime_data_path }}:rw"
diff --git a/roles/email/templates/rspamd/configdir/local.d/worker-controller.inc b/roles/email/templates/rspamd/configdir/local.d/worker-controller.inc
new file mode 100644
index 0000000..02a4057
--- /dev/null
+++ b/roles/email/templates/rspamd/configdir/local.d/worker-controller.inc
@@ -0,0 +1 @@
+#bind_socket = "*:11334";
diff --git a/roles/email/templates/rspamd/configdir/local.d/worker-normal.inc b/roles/email/templates/rspamd/configdir/local.d/worker-normal.inc
index 777b261..8a9dfe6 100644
--- a/roles/email/templates/rspamd/configdir/local.d/worker-normal.inc
+++ b/roles/email/templates/rspamd/configdir/local.d/worker-normal.inc
@@ -1,6 +1,6 @@
 # /etc/rspamd/local.d/worker-normal.inc
-#bind_socket = "*:{{ rspamd_listening_port }}";
-bind_socket = "*:11333";
+#bind_socket = "*:{{ rspamd_milter_listening_port }}";
+#bind_socket = "*:11333";
 #count = 1;
 #enabled = true; #default
-#enabled = false; #not needed in proxy selfscan mode
\ No newline at end of file
+enabled = false; #not needed in proxy selfscan mode
diff --git a/roles/email/templates/rspamd/configdir/local.d/worker-proxy.inc b/roles/email/templates/rspamd/configdir/local.d/worker-proxy.inc
index 09ca6f9..17e34e0 100644
--- a/roles/email/templates/rspamd/configdir/local.d/worker-proxy.inc
+++ b/roles/email/templates/rspamd/configdir/local.d/worker-proxy.inc
@@ -14,5 +14,6 @@ spam_header = "X-Spam"; # Use the specific spam header
 reject_message = "Spam message rejected"; # Use custom rejection message
 
 bind_socket = "*:{{ rspamd_milter_listening_port }}";
+#bind_socket = "{{ email_local_send_network }}:{{ rspamd_milter_listening_port }}";
 #count = 1;
-#enabled = true; #default
\ No newline at end of file
+#enabled = true; #default
diff --git a/roles/email/templates/rspamd/configdir/rspamd.conf.local b/roles/email/templates/rspamd/rspamd.conf.local
similarity index 100%
rename from roles/email/templates/rspamd/configdir/rspamd.conf.local
rename to roles/email/templates/rspamd/rspamd.conf.local
diff --git a/roles/email/templates/rspamd/worker-proxy.conf b/roles/email/templates/rspamd/worker-proxy.conf
new file mode 100644
index 0000000..1e4cd8d
--- /dev/null
+++ b/roles/email/templates/rspamd/worker-proxy.conf
@@ -0,0 +1,6 @@
+worker "rspamd_proxy" {
+    bind_socket = "localhost:11332";
+    .include "$CONFDIR/worker-proxy.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-proxy.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-proxy.inc"
+}
diff --git a/roles/email/templates/rspamd/worker-proxy.inc b/roles/email/templates/rspamd/worker-proxy.inc
new file mode 100644
index 0000000..b04a2f3
--- /dev/null
+++ b/roles/email/templates/rspamd/worker-proxy.inc
@@ -0,0 +1,30 @@
+# Proxy worker setup
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify 'local.d/worker-proxy.inc' to add and merge
+# parameters defined inside this section
+#
+# You can modify 'override.d/worker-proxy.inc' to strictly override all
+# parameters defined inside this section
+#
+# See https://rspamd.com/doc/faq.html#what-are-the-locald-and-overrided-directories
+# for details
+# Module documentation: https://rspamd.com/doc/workers/rspamd_proxy.html
+
+milter = yes; # Enable milter mode
+timeout = 120s; # Needed for Milter usually
+
+upstream "local" {
+  default = yes;
+  hosts = "localhost";
+}
+
+count = 1; # Do not spawn too many processes of this type
+max_retries = 5; # How many times master is queried in case of failure
+discard_on_reject = false; # Discard message instead of rejection
+quarantine_on_reject = false; # Tell MTA to quarantine rejected messages
+spam_header = "X-Spam"; # Use the specific spam header
+reject_message = "Spam message rejected"; # Use custom rejection message
+
+
diff --git a/roles/email/tests/openrelaycheck.yml b/roles/email/tests/openrelaycheck.yml
index c520154..24bae39 100644
--- a/roles/email/tests/openrelaycheck.yml
+++ b/roles/email/tests/openrelaycheck.yml
@@ -3,9 +3,9 @@
   telnet:
     host: "{{ postfix_hostname }}"
     command:
-      - "HELO {{ postfix_hostname }}"
-      - "MAIL FROM: test@{{ email_domain }}"
-      - "RCPT TO: v.wilke@famedly.de"
+      - "HELO {{ postfix_hostname }}" #HELO mail.ratzupaltuff-test.famedly.de
+      - "MAIL FROM: test@{{ email_domain }}" #MAIL FROM: test@ratzupaltuff-test.famedly.de
+      - "RCPT TO: v.wilke@famedly.de" #RCPT TO: test-ji0oovxy9@srv1.mail-tester.com
       - "DATA" #not tested this file has to be reviewed!
       - "."
-      - "QUIT"
\ No newline at end of file
+      - "QUIT"