diff --git a/DMS/Dockerfile b/DMS/Dockerfile index 8b722ec..eaba22a 100644 --- a/DMS/Dockerfile +++ b/DMS/Dockerfile @@ -4,7 +4,6 @@ LABEL maintainer="andreas.knuth@bayarea-cc.com" LABEL description="Custom DMS with Python3 support and Sieve Sync" # 1. Python, pip und dependencies installieren -# croniter hinzufügen! RUN apt-get update && \ apt-get install -y --no-install-recommends \ python3 \ @@ -20,9 +19,8 @@ WORKDIR /scripts COPY sync_dynamodb_to_sieve.py /scripts/sync.py RUN chmod +x /scripts/sync.py -# 4. Schedule Konfiguration kopieren (Der Cron-String) +# 4. Schedule Konfiguration kopieren COPY sieve-schedule /etc/sieve-schedule # 5. Supervisor Konfiguration kopieren -# DMS scannt diesen Ordner beim Start COPY sieve-supervisor.conf /etc/supervisor/conf.d/sieve-sync.conf \ No newline at end of file diff --git a/DMS/docker-compose.yml b/DMS/docker-compose.yml index 98a13e3..978f24a 100644 --- a/DMS/docker-compose.yml +++ b/DMS/docker-compose.yml @@ -17,6 +17,7 @@ services: - "993:993" # IMAP SSL - "110:110" # POP3 - "995:995" # POP3 SSL + - "127.0.0.1:11334:11334" # Bindet nur an Localhost! volumes: - ./docker-data/dms/mail-data/:/var/mail/ - ./docker-data/dms/mail-state/:/var/mail-state/ @@ -32,25 +33,36 @@ services: - SSL_TYPE=manual # Diese Pfade beziehen sich auf das INNERE des Containers (wo wir hin mounten) - SSL_CERT_PATH=/etc/mail/certs/mail.email-srvr.com.crt - - SSL_KEY_PATH=/etc/mail/certs/mail.email-srvr.com.key - - ENABLE_RSPAMD=0 + - SSL_KEY_PATH=/etc/mail/certs/mail.email-srvr.com.key - ENABLE_OPENDKIM=1 - ENABLE_OPENDMARC=0 - ENABLE_POLICYD_SPF=0 + # #### SPAM SECTION ##### + # SPAM Rspamd aktivieren + - ENABLE_RSPAMD=1 + # Greylisting AUS (vermeidet Verzögerungen) + - RSPAMD_GREYLISTING=0 + # Eigene Mails NICHT scannen (vermeidet Probleme beim Senden) + - RSPAMD_CHECK_AUTHENTICATED=0 + # Hostname Check AN (filtert Botnets, sehr sicher) + - RSPAMD_HFILTER=1 + # Spam sortieren statt löschen (Sieve Magic) + - MOVE_SPAM_TO_JUNK=1 + # Alte Dienste aus - ENABLE_AMAVIS=0 - ENABLE_SPAMASSASSIN=0 - ENABLE_POSTGREY=0 - - RSPAMD_GREYLISTING=0 + # 2. ClamAV deaktivieren (Anti-Virus) - ENABLE_CLAMAV=0 - #- ENABLE_FAIL2BAN=1 - - ENABLE_FAIL2BAN=0 - #- ENABLE_MANAGESIEVE=1 + # HACKERSCHUTZ (Pflicht!) + - ENABLE_FAIL2BAN=1 + # DNS Resolver (verhindert Spamhaus-Probleme) + - ENABLE_UNBOUND=1 + # #### END SPAM SECTION ##### + # END SPAM SECTION - ENABLE_MANAGESIEVE=0 - ENABLE_POP3=1 - RSPAMD_LEARN=1 - - MOVE_SPAM_TO_JUNK=1 - - RSPAMD_CHECK_AUTHENTICATED=0 - - RSPAMD_HFILTER=0 - ONE_DIR=1 - ENABLE_UPDATE_CHECK=0 - PERMIT_DOCKER=network diff --git a/DMS/docker-data/dms/config/rspamd/override.d/actions.conf b/DMS/docker-data/dms/config/rspamd/override.d/actions.conf new file mode 100644 index 0000000..e7a7e39 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/actions.conf @@ -0,0 +1,4 @@ +# Standard-Aktionen überschreiben +reject = 500; # Erst ab 500 Punkten ablehnen (passiert nie) +add_header = 6; # Ab 6 Punkten: X-Spam Header setzen +greylist = 500; # Greylisting faktisch deaktivieren (Schwellwert unerreichbar hoch) \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map b/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map new file mode 100644 index 0000000..7a5d779 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map @@ -0,0 +1,9 @@ +bayarea-cc.com +ruehrgedoens.de +annavillesda.org +bizmatch.net +biz-match.com +qrmaster.net +nqsltd.com +iitwelders.com +# Weitere Domains hier eintragen \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/greylist.conf b/DMS/docker-data/dms/config/rspamd/override.d/greylist.conf new file mode 100644 index 0000000..8f4abbf --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/greylist.conf @@ -0,0 +1 @@ +enabled = false; \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf new file mode 100644 index 0000000..8055a78 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf @@ -0,0 +1,14 @@ +DOCKER_WL { + # ÄNDERUNG: Wir prüfen jetzt den Absender (Envelope From) + type = "from"; + filter = "email:domain"; + + # Pfad bleibt gleich + map = "/etc/rspamd/override.d/docker_whitelist.map"; + + symbol = "DOCKER_WHITELIST"; + score = -50.0; + description = "Whitelist fuer eigene Domains"; + prefilter = true; + action = "accept"; +} \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/worker-controller.inc b/DMS/docker-data/dms/config/rspamd/override.d/worker-controller.inc new file mode 100644 index 0000000..bcd0509 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/worker-controller.inc @@ -0,0 +1 @@ +password = "$2$eitni68mkfaaq957jx3bcx57sg1mmd9c$d9xyhjmmih7sjm3fpfu7r7tshhfm4ud93km65w5dkh151f5phiiy"; \ No newline at end of file diff --git a/DMS/docker-data/dms/config/user-patches.sh b/DMS/docker-data/dms/config/user-patches.sh new file mode 100644 index 0000000..a84b070 --- /dev/null +++ b/DMS/docker-data/dms/config/user-patches.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# user-patches.sh läuft bei jedem Start von DMS automatisch + +ACCOUNTS_FILE="/tmp/docker-mailserver/postfix-accounts.cf" +WHITELIST_FILE="/etc/rspamd/override.d/docker_whitelist.map" + +echo "Patching: Generiere Rspamd Whitelist aus Accounts..." + +if [ -f "$ACCOUNTS_FILE" ]; then + # Whitelist generieren + awk -F'|' '{print $1}' "$ACCOUNTS_FILE" | cut -d'@' -f2 | sort | uniq > "$WHITELIST_FILE" + + # Berechtigungen korrigieren + chmod 644 "$WHITELIST_FILE" + chown _rspamd:_rspamd "$WHITELIST_FILE" 2>/dev/null || true + + echo "Whitelist erfolgreich erstellt:" + cat "$WHITELIST_FILE" +else + echo "FEHLER: $ACCOUNTS_FILE wurde nicht gefunden!" +fi \ No newline at end of file