From 4d22969238a8d7bdc59d3037e3f48c5d2180dc94 Mon Sep 17 00:00:00 2001
From: Andreas Knuth <andreas.knuth@gmail.com>
Date: Fri, 30 Jan 2026 09:56:02 -0600
Subject: [PATCH] IP Whitelisting

---
 .../dms/config/rspamd/local.d/docker_networks.map     |  5 +++++
 .../dms/config/rspamd/local.d/multimap.conf           | 11 +++++++++++
 .../dms/config/rspamd/override.d/options.inc          |  9 ---------
 3 files changed, 16 insertions(+), 9 deletions(-)
 create mode 100644 DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map
 create mode 100644 DMS/docker-data/dms/config/rspamd/local.d/multimap.conf
 delete mode 100644 DMS/docker-data/dms/config/rspamd/override.d/options.inc

diff --git a/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map b/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map
new file mode 100644
index 0000000..bfd6a08
--- /dev/null
+++ b/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map
@@ -0,0 +1,5 @@
+# Private Docker IP Ranges
+172.16.0.0/12
+192.168.0.0/16
+10.0.0.0/8
+fd00::/8
\ No newline at end of file
diff --git a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf
new file mode 100644
index 0000000..b1a7c32
--- /dev/null
+++ b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf
@@ -0,0 +1,11 @@
+# --- Bestehende Domain-Regeln (falls vorhanden) ---
+# ...
+
+# --- NEU: IP-Whitelist für Docker ---
+DOCKER_WHITELIST {
+  type = "ip";
+  map = "${LOCAL_CONFDIR}/local.d/docker_networks.map";
+  score = -20.0; # Zieht 20 Punkte ab -> Score wird negativ -> Inbox
+  description = "Trust internal Docker networks";
+  action = "accept"; # Optional: Erzwingt Annahme
+}
\ No newline at end of file
diff --git a/DMS/docker-data/dms/config/rspamd/override.d/options.inc b/DMS/docker-data/dms/config/rspamd/override.d/options.inc
deleted file mode 100644
index 6936116..0000000
--- a/DMS/docker-data/dms/config/rspamd/override.d/options.inc
+++ /dev/null
@@ -1,9 +0,0 @@
-# Wir vertrauen dem internen Docker-Netzwerk
-local_addrs = [
-    "127.0.0.0/8",
-    "::1",
-    "172.16.0.0/12",
-    "192.168.0.0/16",
-    "10.0.0.0/8",
-    "fd00::/8"
-];
\ No newline at end of file