From 8dfb5d2aa62d25e464b9b8faa6fb23297cbfbb94 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Thu, 29 Jan 2026 17:15:05 -0600 Subject: [PATCH 01/14] Spam first version --- DMS/docker-compose.yml | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/DMS/docker-compose.yml b/DMS/docker-compose.yml index 98a13e3..8efba69 100644 --- a/DMS/docker-compose.yml +++ b/DMS/docker-compose.yml @@ -32,25 +32,36 @@ services: - SSL_TYPE=manual # Diese Pfade beziehen sich auf das INNERE des Containers (wo wir hin mounten) - SSL_CERT_PATH=/etc/mail/certs/mail.email-srvr.com.crt - - SSL_KEY_PATH=/etc/mail/certs/mail.email-srvr.com.key - - ENABLE_RSPAMD=0 + - SSL_KEY_PATH=/etc/mail/certs/mail.email-srvr.com.key - ENABLE_OPENDKIM=1 - ENABLE_OPENDMARC=0 - ENABLE_POLICYD_SPF=0 + # #### SPAM SECTION ##### + # SPAM Rspamd aktivieren + - ENABLE_RSPAMD=1 + # Greylisting AUS (vermeidet Verzögerungen) + - RSPAMD_GREYLISTING=0 + # Eigene Mails NICHT scannen (vermeidet Probleme beim Senden) + - RSPAMD_CHECK_AUTHENTICATED=0 + # Hostname Check AN (filtert Botnets, sehr sicher) + - RSPAMD_HFILTER=1 + # Spam sortieren statt löschen (Sieve Magic) + - MOVE_SPAM_TO_JUNK=1 + # Alte Dienste aus - ENABLE_AMAVIS=0 - ENABLE_SPAMASSASSIN=0 - ENABLE_POSTGREY=0 - - RSPAMD_GREYLISTING=0 + # 2. ClamAV deaktivieren (Anti-Virus) - ENABLE_CLAMAV=0 - #- ENABLE_FAIL2BAN=1 - - ENABLE_FAIL2BAN=0 - #- ENABLE_MANAGESIEVE=1 + # HACKERSCHUTZ (Pflicht!) + - ENABLE_FAIL2BAN=1 + # DNS Resolver (verhindert Spamhaus-Probleme) + - ENABLE_UNBOUND=1 + # #### END SPAM SECTION ##### + # END SPAM SECTION - ENABLE_MANAGESIEVE=0 - ENABLE_POP3=1 - RSPAMD_LEARN=1 - - MOVE_SPAM_TO_JUNK=1 - - RSPAMD_CHECK_AUTHENTICATED=0 - - RSPAMD_HFILTER=0 - ONE_DIR=1 - ENABLE_UPDATE_CHECK=0 - PERMIT_DOCKER=network From 4687b8e582f20a7e8604ce50c39148f86940d7c4 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Thu, 29 Jan 2026 17:16:07 -0600 Subject: [PATCH 02/14] RSPAMD Port only localhost --- DMS/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/DMS/docker-compose.yml b/DMS/docker-compose.yml index 8efba69..978f24a 100644 --- a/DMS/docker-compose.yml +++ b/DMS/docker-compose.yml @@ -17,6 +17,7 @@ services: - "993:993" # IMAP SSL - "110:110" # POP3 - "995:995" # POP3 SSL + - "127.0.0.1:11334:11334" # Bindet nur an Localhost! volumes: - ./docker-data/dms/mail-data/:/var/mail/ - ./docker-data/dms/mail-state/:/var/mail-state/ From 51c5cf673cde0fca3f14d194010d85e9b286e49c Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Thu, 29 Jan 2026 20:59:57 -0600 Subject: [PATCH 03/14] rspamd pw --- DMS/docker-data/dms/config/rspamd/worker-controller.inc | 1 + 1 file changed, 1 insertion(+) create mode 100644 DMS/docker-data/dms/config/rspamd/worker-controller.inc diff --git a/DMS/docker-data/dms/config/rspamd/worker-controller.inc b/DMS/docker-data/dms/config/rspamd/worker-controller.inc new file mode 100644 index 0000000..bcd0509 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/worker-controller.inc @@ -0,0 +1 @@ +password = "$2$eitni68mkfaaq957jx3bcx57sg1mmd9c$d9xyhjmmih7sjm3fpfu7r7tshhfm4ud93km65w5dkh151f5phiiy"; \ No newline at end of file From 1cb469b49d539683641d8adf6636a78227bbccde Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Thu, 29 Jan 2026 21:10:56 -0600 Subject: [PATCH 04/14] move location --- .../dms/config/rspamd/{ => override.d}/worker-controller.inc | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename DMS/docker-data/dms/config/rspamd/{ => override.d}/worker-controller.inc (100%) diff --git a/DMS/docker-data/dms/config/rspamd/worker-controller.inc b/DMS/docker-data/dms/config/rspamd/override.d/worker-controller.inc similarity index 100% rename from DMS/docker-data/dms/config/rspamd/worker-controller.inc rename to DMS/docker-data/dms/config/rspamd/override.d/worker-controller.inc From 81c62446f51d4f177c6a61f115ff105f073fb620 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Thu, 29 Jan 2026 21:23:59 -0600 Subject: [PATCH 05/14] whitelisting --- DMS/docker-data/dms/config/rspamd/override.d/options.inc | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 DMS/docker-data/dms/config/rspamd/override.d/options.inc diff --git a/DMS/docker-data/dms/config/rspamd/override.d/options.inc b/DMS/docker-data/dms/config/rspamd/override.d/options.inc new file mode 100644 index 0000000..6936116 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/options.inc @@ -0,0 +1,9 @@ +# Wir vertrauen dem internen Docker-Netzwerk +local_addrs = [ + "127.0.0.0/8", + "::1", + "172.16.0.0/12", + "192.168.0.0/16", + "10.0.0.0/8", + "fd00::/8" +]; \ No newline at end of file From 4d22969238a8d7bdc59d3037e3f48c5d2180dc94 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 09:56:02 -0600 Subject: [PATCH 06/14] IP Whitelisting --- .../dms/config/rspamd/local.d/docker_networks.map | 5 +++++ .../dms/config/rspamd/local.d/multimap.conf | 11 +++++++++++ .../dms/config/rspamd/override.d/options.inc | 9 --------- 3 files changed, 16 insertions(+), 9 deletions(-) create mode 100644 DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map create mode 100644 DMS/docker-data/dms/config/rspamd/local.d/multimap.conf delete mode 100644 DMS/docker-data/dms/config/rspamd/override.d/options.inc diff --git a/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map b/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map new file mode 100644 index 0000000..bfd6a08 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map @@ -0,0 +1,5 @@ +# Private Docker IP Ranges +172.16.0.0/12 +192.168.0.0/16 +10.0.0.0/8 +fd00::/8 \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf new file mode 100644 index 0000000..b1a7c32 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf @@ -0,0 +1,11 @@ +# --- Bestehende Domain-Regeln (falls vorhanden) --- +# ... + +# --- NEU: IP-Whitelist für Docker --- +DOCKER_WHITELIST { + type = "ip"; + map = "${LOCAL_CONFDIR}/local.d/docker_networks.map"; + score = -20.0; # Zieht 20 Punkte ab -> Score wird negativ -> Inbox + description = "Trust internal Docker networks"; + action = "accept"; # Optional: Erzwingt Annahme +} \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/options.inc b/DMS/docker-data/dms/config/rspamd/override.d/options.inc deleted file mode 100644 index 6936116..0000000 --- a/DMS/docker-data/dms/config/rspamd/override.d/options.inc +++ /dev/null @@ -1,9 +0,0 @@ -# Wir vertrauen dem internen Docker-Netzwerk -local_addrs = [ - "127.0.0.0/8", - "::1", - "172.16.0.0/12", - "192.168.0.0/16", - "10.0.0.0/8", - "fd00::/8" -]; \ No newline at end of file From 7fb7f33e72f8bc6d0b93fde6261a460671d14955 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 14:18:01 -0600 Subject: [PATCH 07/14] try next fix --- .../dms/config/rspamd/local.d/docker_networks.map | 5 ----- .../dms/config/rspamd/local.d/multimap.conf | 11 ----------- .../dms/config/rspamd/override.d/actions.conf | 4 ++++ .../dms/config/rspamd/override.d/greylist.conf | 1 + .../dms/config/rspamd/override.d/settings.conf | 13 +++++++++++++ 5 files changed, 18 insertions(+), 16 deletions(-) delete mode 100644 DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map delete mode 100644 DMS/docker-data/dms/config/rspamd/local.d/multimap.conf create mode 100644 DMS/docker-data/dms/config/rspamd/override.d/actions.conf create mode 100644 DMS/docker-data/dms/config/rspamd/override.d/greylist.conf create mode 100644 DMS/docker-data/dms/config/rspamd/override.d/settings.conf diff --git a/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map b/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map deleted file mode 100644 index bfd6a08..0000000 --- a/DMS/docker-data/dms/config/rspamd/local.d/docker_networks.map +++ /dev/null @@ -1,5 +0,0 @@ -# Private Docker IP Ranges -172.16.0.0/12 -192.168.0.0/16 -10.0.0.0/8 -fd00::/8 \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf deleted file mode 100644 index b1a7c32..0000000 --- a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf +++ /dev/null @@ -1,11 +0,0 @@ -# --- Bestehende Domain-Regeln (falls vorhanden) --- -# ... - -# --- NEU: IP-Whitelist für Docker --- -DOCKER_WHITELIST { - type = "ip"; - map = "${LOCAL_CONFDIR}/local.d/docker_networks.map"; - score = -20.0; # Zieht 20 Punkte ab -> Score wird negativ -> Inbox - description = "Trust internal Docker networks"; - action = "accept"; # Optional: Erzwingt Annahme -} \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/actions.conf b/DMS/docker-data/dms/config/rspamd/override.d/actions.conf new file mode 100644 index 0000000..e7a7e39 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/actions.conf @@ -0,0 +1,4 @@ +# Standard-Aktionen überschreiben +reject = 500; # Erst ab 500 Punkten ablehnen (passiert nie) +add_header = 6; # Ab 6 Punkten: X-Spam Header setzen +greylist = 500; # Greylisting faktisch deaktivieren (Schwellwert unerreichbar hoch) \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/greylist.conf b/DMS/docker-data/dms/config/rspamd/override.d/greylist.conf new file mode 100644 index 0000000..8f4abbf --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/greylist.conf @@ -0,0 +1 @@ +enabled = false; \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/settings.conf b/DMS/docker-data/dms/config/rspamd/override.d/settings.conf new file mode 100644 index 0000000..8ee6f4b --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/settings.conf @@ -0,0 +1,13 @@ +docker_trust { + priority = high; + # Dein Docker-Netzwerk (wie im Screenshot zu sehen) + from_ip = ["172.16.0.0/12", "172.18.0.0/16", "10.0.0.0/8", "192.168.0.0/16"]; + + apply { + # Zieht 20 Punkte ab + score = -20.0; + + # Deaktiviert die Checks, die bei Weiterleitungen oft falsch anschlagen + symbols_disabled = ["SPOOF_REPLYTO", "DMARC_FAIL", "SPF_FAIL", "R_SPF_FAIL"]; + } +} \ No newline at end of file From 8d8b227f6b1e86a4c0fba20b695f091e59a5d387 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 15:33:28 -0600 Subject: [PATCH 08/14] next fix --- .../dms/config/rspamd/local.d/docker_whitelist.map | 5 +++++ .../dms/config/rspamd/local.d/multimap.conf | 9 +++++++++ .../dms/config/rspamd/override.d/settings.conf | 13 ------------- 3 files changed, 14 insertions(+), 13 deletions(-) create mode 100644 DMS/docker-data/dms/config/rspamd/local.d/docker_whitelist.map create mode 100644 DMS/docker-data/dms/config/rspamd/local.d/multimap.conf delete mode 100644 DMS/docker-data/dms/config/rspamd/override.d/settings.conf diff --git a/DMS/docker-data/dms/config/rspamd/local.d/docker_whitelist.map b/DMS/docker-data/dms/config/rspamd/local.d/docker_whitelist.map new file mode 100644 index 0000000..33f63ef --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/local.d/docker_whitelist.map @@ -0,0 +1,5 @@ +# Interne Docker Netzwerke +172.16.0.0/12 +192.168.0.0/16 +10.0.0.0/8 +fd00::/8 \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf new file mode 100644 index 0000000..67e5b27 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf @@ -0,0 +1,9 @@ +# Wir definieren eine neue Regel namens DOCKER_WL +DOCKER_WL { + type = "ip"; + map = "${LOCAL_CONFDIR}/local.d/docker_whitelist.map"; + symbol = "DOCKER_WHITELIST"; + score = -50.0; # Zieht 50 Punkte ab -> Sofort in die Inbox + description = "Whitelist fuer interne Docker IPs"; + action = "accept"; # Erzwingt Annahme +} \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/settings.conf b/DMS/docker-data/dms/config/rspamd/override.d/settings.conf deleted file mode 100644 index 8ee6f4b..0000000 --- a/DMS/docker-data/dms/config/rspamd/override.d/settings.conf +++ /dev/null @@ -1,13 +0,0 @@ -docker_trust { - priority = high; - # Dein Docker-Netzwerk (wie im Screenshot zu sehen) - from_ip = ["172.16.0.0/12", "172.18.0.0/16", "10.0.0.0/8", "192.168.0.0/16"]; - - apply { - # Zieht 20 Punkte ab - score = -20.0; - - # Deaktiviert die Checks, die bei Weiterleitungen oft falsch anschlagen - symbols_disabled = ["SPOOF_REPLYTO", "DMARC_FAIL", "SPF_FAIL", "R_SPF_FAIL"]; - } -} \ No newline at end of file From aaec33365e4fb673ae48a76aa2f0d6b06ad46c0c Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 15:43:29 -0600 Subject: [PATCH 09/14] type = "radix"; --- DMS/docker-data/dms/config/rspamd/local.d/multimap.conf | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf index 67e5b27..326eeee 100644 --- a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf +++ b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf @@ -1,9 +1,8 @@ -# Wir definieren eine neue Regel namens DOCKER_WL +# Interne Docker Whitelist DOCKER_WL { - type = "ip"; + type = "radix"; map = "${LOCAL_CONFDIR}/local.d/docker_whitelist.map"; symbol = "DOCKER_WHITELIST"; - score = -50.0; # Zieht 50 Punkte ab -> Sofort in die Inbox + score = -50.0; description = "Whitelist fuer interne Docker IPs"; - action = "accept"; # Erzwingt Annahme } \ No newline at end of file From c3d992a479a9d2e62c550734b6fc31e9b0072715 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 16:14:29 -0600 Subject: [PATCH 10/14] moved --- .../dms/config/rspamd/local.d/multimap.conf | 8 -------- .../{local.d => override.d}/docker_whitelist.map | 0 .../dms/config/rspamd/override.d/multimap.conf | 10 ++++++++++ 3 files changed, 10 insertions(+), 8 deletions(-) delete mode 100644 DMS/docker-data/dms/config/rspamd/local.d/multimap.conf rename DMS/docker-data/dms/config/rspamd/{local.d => override.d}/docker_whitelist.map (100%) create mode 100644 DMS/docker-data/dms/config/rspamd/override.d/multimap.conf diff --git a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf deleted file mode 100644 index 326eeee..0000000 --- a/DMS/docker-data/dms/config/rspamd/local.d/multimap.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Interne Docker Whitelist -DOCKER_WL { - type = "radix"; - map = "${LOCAL_CONFDIR}/local.d/docker_whitelist.map"; - symbol = "DOCKER_WHITELIST"; - score = -50.0; - description = "Whitelist fuer interne Docker IPs"; -} \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/local.d/docker_whitelist.map b/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map similarity index 100% rename from DMS/docker-data/dms/config/rspamd/local.d/docker_whitelist.map rename to DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map diff --git a/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf new file mode 100644 index 0000000..c627247 --- /dev/null +++ b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf @@ -0,0 +1,10 @@ +DOCKER_WL { + type = "radix"; + # JETZT KORREKT: Pfad zum override.d Ordner + map = "/etc/rspamd/override.d/docker_whitelist.map"; + symbol = "DOCKER_WHITELIST"; + score = -50.0; + description = "Whitelist fuer interne Docker IPs"; + prefilter = true; + action = "accept"; +} \ No newline at end of file From d74eb937637c320e47cd6c5987606d9f5d2ce343 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 16:22:09 -0600 Subject: [PATCH 11/14] ip instead of radix --- DMS/docker-data/dms/config/rspamd/override.d/multimap.conf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf index c627247..0aa4bf9 100644 --- a/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf +++ b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf @@ -1,6 +1,8 @@ DOCKER_WL { - type = "radix"; - # JETZT KORREKT: Pfad zum override.d Ordner + # HIER WAR DER FEHLER: "radix" -> "ip" + type = "ip"; + + # Der Pfad bleibt gleich (da wir wissen, dass die Datei dort liegt) map = "/etc/rspamd/override.d/docker_whitelist.map"; symbol = "DOCKER_WHITELIST"; score = -50.0; From fd3c9bedda29290e4a40388348f3f39aac002c2c Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 16:39:57 -0600 Subject: [PATCH 12/14] whitelist based on Domains --- .../config/rspamd/override.d/docker_whitelist.map | 14 +++++++++----- .../dms/config/rspamd/override.d/multimap.conf | 10 ++++++---- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map b/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map index 33f63ef..7a5d779 100644 --- a/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map +++ b/DMS/docker-data/dms/config/rspamd/override.d/docker_whitelist.map @@ -1,5 +1,9 @@ -# Interne Docker Netzwerke -172.16.0.0/12 -192.168.0.0/16 -10.0.0.0/8 -fd00::/8 \ No newline at end of file +bayarea-cc.com +ruehrgedoens.de +annavillesda.org +bizmatch.net +biz-match.com +qrmaster.net +nqsltd.com +iitwelders.com +# Weitere Domains hier eintragen \ No newline at end of file diff --git a/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf index 0aa4bf9..8055a78 100644 --- a/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf +++ b/DMS/docker-data/dms/config/rspamd/override.d/multimap.conf @@ -1,12 +1,14 @@ DOCKER_WL { - # HIER WAR DER FEHLER: "radix" -> "ip" - type = "ip"; + # ÄNDERUNG: Wir prüfen jetzt den Absender (Envelope From) + type = "from"; + filter = "email:domain"; - # Der Pfad bleibt gleich (da wir wissen, dass die Datei dort liegt) + # Pfad bleibt gleich map = "/etc/rspamd/override.d/docker_whitelist.map"; + symbol = "DOCKER_WHITELIST"; score = -50.0; - description = "Whitelist fuer interne Docker IPs"; + description = "Whitelist fuer eigene Domains"; prefilter = true; action = "accept"; } \ No newline at end of file From 2026e6afcdf1a208bbc0d095dace8df464e5c8c5 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 16:52:26 -0600 Subject: [PATCH 13/14] automated whitelist --- DMS/Dockerfile | 11 +++++++---- DMS/update-whitelist.sh | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 DMS/update-whitelist.sh diff --git a/DMS/Dockerfile b/DMS/Dockerfile index 8b722ec..5ef59f2 100644 --- a/DMS/Dockerfile +++ b/DMS/Dockerfile @@ -4,7 +4,6 @@ LABEL maintainer="andreas.knuth@bayarea-cc.com" LABEL description="Custom DMS with Python3 support and Sieve Sync" # 1. Python, pip und dependencies installieren -# croniter hinzufügen! RUN apt-get update && \ apt-get install -y --no-install-recommends \ python3 \ @@ -20,9 +19,13 @@ WORKDIR /scripts COPY sync_dynamodb_to_sieve.py /scripts/sync.py RUN chmod +x /scripts/sync.py -# 4. Schedule Konfiguration kopieren (Der Cron-String) +# 4. Schedule Konfiguration kopieren COPY sieve-schedule /etc/sieve-schedule # 5. Supervisor Konfiguration kopieren -# DMS scannt diesen Ordner beim Start -COPY sieve-supervisor.conf /etc/supervisor/conf.d/sieve-sync.conf \ No newline at end of file +COPY sieve-supervisor.conf /etc/supervisor/conf.d/sieve-sync.conf + +# --- NEU: Startup-Skript für Whitelist --- +# DMS führt Skripte in /docker-entrypoint-init.d/ beim Start automatisch aus +COPY update-whitelist.sh /docker-entrypoint-init.d/update-whitelist.sh +RUN chmod +x /docker-entrypoint-init.d/update-whitelist.sh \ No newline at end of file diff --git a/DMS/update-whitelist.sh b/DMS/update-whitelist.sh new file mode 100644 index 0000000..b3b8197 --- /dev/null +++ b/DMS/update-whitelist.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Pfade im Container +ACCOUNTS_FILE="/tmp/docker-mailserver/postfix-accounts.cf" +WHITELIST_FILE="/etc/rspamd/override.d/docker_whitelist.map" + +echo "Startup-Script: Generiere Rspamd Whitelist aus Accounts..." + +if [ -f "$ACCOUNTS_FILE" ]; then + # 1. Alles vor dem Pipe (|) nehmen -> user@domain.com + # 2. Alles nach dem @ nehmen -> domain.com + # 3. Sortieren und Duplikate entfernen + # 4. In die Whitelist schreiben + awk -F'|' '{print $1}' "$ACCOUNTS_FILE" | cut -d'@' -f2 | sort | uniq > "$WHITELIST_FILE" + + # Berechtigung setzen (zur Sicherheit) + chmod 644 "$WHITELIST_FILE" + + echo "Whitelist aktualisiert. Gefundene Domains:" + cat "$WHITELIST_FILE" +else + echo "WARNUNG: $ACCOUNTS_FILE nicht gefunden!" +fi \ No newline at end of file From 38fcf8c4d8af3c7303ac0d13d223eebf103b6545 Mon Sep 17 00:00:00 2001 From: Andreas Knuth Date: Fri, 30 Jan 2026 17:12:26 -0600 Subject: [PATCH 14/14] script --- DMS/Dockerfile | 7 +------ DMS/docker-data/dms/config/user-patches.sh | 21 +++++++++++++++++++++ DMS/update-whitelist.sh | 22 ---------------------- 3 files changed, 22 insertions(+), 28 deletions(-) create mode 100644 DMS/docker-data/dms/config/user-patches.sh delete mode 100644 DMS/update-whitelist.sh diff --git a/DMS/Dockerfile b/DMS/Dockerfile index 5ef59f2..eaba22a 100644 --- a/DMS/Dockerfile +++ b/DMS/Dockerfile @@ -23,9 +23,4 @@ RUN chmod +x /scripts/sync.py COPY sieve-schedule /etc/sieve-schedule # 5. Supervisor Konfiguration kopieren -COPY sieve-supervisor.conf /etc/supervisor/conf.d/sieve-sync.conf - -# --- NEU: Startup-Skript für Whitelist --- -# DMS führt Skripte in /docker-entrypoint-init.d/ beim Start automatisch aus -COPY update-whitelist.sh /docker-entrypoint-init.d/update-whitelist.sh -RUN chmod +x /docker-entrypoint-init.d/update-whitelist.sh \ No newline at end of file +COPY sieve-supervisor.conf /etc/supervisor/conf.d/sieve-sync.conf \ No newline at end of file diff --git a/DMS/docker-data/dms/config/user-patches.sh b/DMS/docker-data/dms/config/user-patches.sh new file mode 100644 index 0000000..a84b070 --- /dev/null +++ b/DMS/docker-data/dms/config/user-patches.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# user-patches.sh läuft bei jedem Start von DMS automatisch + +ACCOUNTS_FILE="/tmp/docker-mailserver/postfix-accounts.cf" +WHITELIST_FILE="/etc/rspamd/override.d/docker_whitelist.map" + +echo "Patching: Generiere Rspamd Whitelist aus Accounts..." + +if [ -f "$ACCOUNTS_FILE" ]; then + # Whitelist generieren + awk -F'|' '{print $1}' "$ACCOUNTS_FILE" | cut -d'@' -f2 | sort | uniq > "$WHITELIST_FILE" + + # Berechtigungen korrigieren + chmod 644 "$WHITELIST_FILE" + chown _rspamd:_rspamd "$WHITELIST_FILE" 2>/dev/null || true + + echo "Whitelist erfolgreich erstellt:" + cat "$WHITELIST_FILE" +else + echo "FEHLER: $ACCOUNTS_FILE wurde nicht gefunden!" +fi \ No newline at end of file diff --git a/DMS/update-whitelist.sh b/DMS/update-whitelist.sh deleted file mode 100644 index b3b8197..0000000 --- a/DMS/update-whitelist.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# Pfade im Container -ACCOUNTS_FILE="/tmp/docker-mailserver/postfix-accounts.cf" -WHITELIST_FILE="/etc/rspamd/override.d/docker_whitelist.map" - -echo "Startup-Script: Generiere Rspamd Whitelist aus Accounts..." - -if [ -f "$ACCOUNTS_FILE" ]; then - # 1. Alles vor dem Pipe (|) nehmen -> user@domain.com - # 2. Alles nach dem @ nehmen -> domain.com - # 3. Sortieren und Duplikate entfernen - # 4. In die Whitelist schreiben - awk -F'|' '{print $1}' "$ACCOUNTS_FILE" | cut -d'@' -f2 | sort | uniq > "$WHITELIST_FILE" - - # Berechtigung setzen (zur Sicherheit) - chmod 644 "$WHITELIST_FILE" - - echo "Whitelist aktualisiert. Gefundene Domains:" - cat "$WHITELIST_FILE" -else - echo "WARNUNG: $ACCOUNTS_FILE nicht gefunden!" -fi \ No newline at end of file