Skip to content

Commit

Permalink
mail: Switch to rspamd
Browse files Browse the repository at this point in the history
  • Loading branch information
jcmdln committed Apr 18, 2024
1 parent 1fce487 commit 8b87ea5
Show file tree
Hide file tree
Showing 5 changed files with 64 additions and 79 deletions.
61 changes: 30 additions & 31 deletions roles/mail/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# jcmdln.openbsd.mail

Setup a simple mail server using OpenSMTPD, spamd, and Dovecot.
Setup a simple mail server using OpenSMTPD, Dovecot and Rspamd.

## About

Expand All @@ -17,15 +17,14 @@ system resources as well as a mailbox to get work done.

- Dovecot
- https://www.dovecot.org
- https://www.rspamd.com/
- OpenBSD
- https://man.openbsd.org/acme-client.1
- https://man.openbsd.org/openssl.1
- https://man.openbsd.org/pf.4
- https://man.openbsd.org/pf.conf.5
- https://man.openbsd.org/smtpd.8
- https://man.openbsd.org/smtpd.conf.5
- https://man.openbsd.org/spamd.8
- https://man.openbsd.org/spamd.conf.5

### DNS Records

Expand Down Expand Up @@ -73,39 +72,39 @@ Consider enabling DNSSEC:

### Examples

```perl
```ruby
# ~/Mail/dovecot.sieve

require ["fileinto", "mailbox"];

if exists "list-id" {
if header :contains "list-id" "alpinelinux.org" {
if header :contains "list-id" "~alpine/announce" {
fileinto :create "alpine-announce";
} elsif header :contains "list-id" "~alpine/aports" {
fileinto :create "alpine-aports";
} elsif header :contains "list-id" "~alpine/devel" {
fileinto :create "alpine-devel";
}
} elsif header :contains "list-id" "freelists.org" {
if header :contains "list-id" "bootstrappable" {
fileinto :create "bootstrappable";
}
} elsif header :contains "list-id" "openbsd.org" {
if header :contains "list-id" "advocacy" {
fileinto :create "openbsd-advocacy";
} elsif header :contains "list-id" "announce" {
fileinto :create "openbsd-announce";
} elsif header :contains "list-id" "bugs" {
fileinto :create "openbsd-bugs";
} elsif header :contains "list-id" "misc" {
fileinto :create "openbsd-misc";
} elsif header :contains "list-id" "ports" {
fileinto :create "openbsd-ports";
} elsif header :contains "list-id" "tech" {
fileinto :create "openbsd-tech";
}
}
if header :contains "list-id" "alpinelinux.org" {
if header :contains "list-id" "~alpine/announce" {
fileinto :create "alpine-announce";
} elsif header :contains "list-id" "~alpine/aports" {
fileinto :create "alpine-aports";
} elsif header :contains "list-id" "~alpine/devel" {
fileinto :create "alpine-devel";
}
} elsif header :contains "list-id" "freelists.org" {
if header :contains "list-id" "bootstrappable" {
fileinto :create "bootstrappable";
}
} elsif header :contains "list-id" "openbsd.org" {
if header :contains "list-id" "advocacy" {
fileinto :create "openbsd-advocacy";
} elsif header :contains "list-id" "announce" {
fileinto :create "openbsd-announce";
} elsif header :contains "list-id" "bugs" {
fileinto :create "openbsd-bugs";
} elsif header :contains "list-id" "misc" {
fileinto :create "openbsd-misc";
} elsif header :contains "list-id" "ports" {
fileinto :create "openbsd-ports";
} elsif header :contains "list-id" "tech" {
fileinto :create "openbsd-tech";
}
}
}
```

Expand Down
14 changes: 10 additions & 4 deletions roles/mail/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,20 @@
#
# Copyright (c) 2024 Johnathan C. Maudlin <[email protected]>
---
mail_aliases_root: root
mail_dkim_selector: domain
mail_domain: domain.tld
mail_packages:
- dovecot
- dovecot-pigeonhole
- opensmtpd-filter-dkimsign
- opensmtpd-filter-rspamd
- py3-cryptography
- rspamd--hyperscan

#
# Domain
#

mail_aliases_root: root
mail_dkim_selector: domain
mail_domain: domain.tld

#
# SSL
Expand Down
42 changes: 14 additions & 28 deletions roles/mail/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,20 @@
name: dovecot
state: started

#
# Rspamd
#

- name: Enable rspamd
ansible.builtin.service:
name: rspamd
enabled: true

- name: Start rspamd
ansible.builtin.service:
name: rspamd
state: started

#
# OpenSMTPD
#
Expand Down Expand Up @@ -149,31 +163,3 @@
ansible.builtin.service:
name: smtpd
state: started

#
# spamd
#

- name: Enable spamd
ansible.builtin.service:
name: spamd
enabled: true

# FIXME: Create an rcctl module
- name: Set spamd to blacklist-only mode (ie disable greylisting)
ansible.builtin.raw: rcctl set spamd flags -b

- name: Start spamd
ansible.builtin.service:
name: spamd
state: started

- name: Enable spamlogd
ansible.builtin.service:
name: spamlogd
state: started

- name: Start spamlogd
ansible.builtin.service:
name: spamlogd
state: started
24 changes: 9 additions & 15 deletions roles/mail/templates/etc/mail/smtpd.conf.j2
Original file line number Diff line number Diff line change
@@ -1,24 +1,18 @@
# {{ template_destpath }}
# {{ ansible_managed }}

pki "mail" cert "/etc/ssl/{{ mail_domain }}.crt"
pki "mail" key "/etc/ssl/private/{{ mail_domain }}.key"

table aliases file:/etc/mail/aliases

filter "dkimsign" proc-exec \
"filter-dkimsign \
-d {{ mail_domain }} \
-k /etc/mail/dkim/{{ mail_dkim_selector }}.private.key \
-s {{ mail_dkim_selector }}" \
user _dkimsign \
group _dkimsign
pki "{{ mail_domain }}" cert "/etc/ssl/{{ mail_domain }}.crt"
pki "{{ mail_domain }}" key "/etc/ssl/private/{{ mail_domain }}.key"

filter "rspamd" proc-exec "filter-rspamd"

listen on socket filter {"dkimsign"}
listen on lo0 filter {"dkimsign"}
listen on egress port 25 tls pki "mail" filter {"dkimsign"}
listen on egress port 465 smtps pki "mail" auth filter {"dkimsign"}
listen on egress port 587 tls pki "mail" auth filter {"dkimsign"}
listen on socket
listen on lo0
listen on egress port 25 tls pki "{{ mail_domain }}" auth-optional filter "rspamd"
listen on egress port 465 smtps pki "{{ mail_domain }}" auth-optional filter "rspamd"
listen on egress port 587 tls pki "{{ mail_domain }}" auth-optional filter "rspamd"

action "local_mail" maildir "~/Mail" alias <aliases>
action "dovecot" lmtp "/var/dovecot/lmtp" alias <aliases>
Expand Down
2 changes: 1 addition & 1 deletion tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ skip_install = true
[testenv:ansible-lint]
commands =
ansible-lint --version
ansible-lint -v --offline --project-dir {toxinidir}
ansible-lint -v --project-dir {toxinidir}
deps = ansible-lint

[testenv:mypy]
Expand Down

0 comments on commit 8b87ea5

Please sign in to comment.