efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

rspamd - new step to add ufw rules for web ui

Browse Source
This commit is contained in:
Martin Winkler
2022-11-29 21:09:18 +01:00
parent 768b6fef2b
commit 22d6de9fb0
1 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
seqs/rspamd.sh
View File

@@ -52,6 +52,12 @@ step_2() {
exe apt install rspamd redis-server exe apt install rspamd redis-server
} }
step_10_info() { echo "Add ufw rule for WebUI (11334)"; }
step_10_alias() { echo "ufw"; }
step_10() {
exe ufw allow 11334/tcp comment "rspamd WebUI"
}
step_50_info() { echo "Notes"; } step_50_info() { echo "Notes"; }
step_50_alias() { echo "notes"; } step_50_alias() { echo "notes"; }
step_50() { step_50() {
@@ -64,26 +70,26 @@ step_50() {
rspamadm pw rspamadm pw
and insert the result into: and insert the result into:
[/etc/rspamd/local.c/worker-controller.inc] [/etc/rspamd/local.d/worker-controller.inc]
bind_socket = "*:11334"; bind_socket = "*:11334";
password = <Result of rspamadm pw> password = <Result of rspamadm pw>
enable_password = <Result of rspamadm pw> enable_password = <Result of rspamadm pw>
[/etc/rspamd/local.c/redis.conf] [/etc/rspamd/local.d/redis.conf]
server = "127.0.0.1"; server = "127.0.0.1";
timeout = 3s; timeout = 3s;
[/etc/rspamd/local.c/classifier-bayes.conf] [/etc/rspamd/local.d/classifier-bayes.conf]
backend = "redis"; backend = "redis";
autolearn = true; autolearn = true;
[/etc/rspamd/local.c/dkim_signing.conf] [/etc/rspamd/local.d/dkim_signing.conf]
enabled = false; enabled = false;
[/etc/rspamd/local.c/milter_headers.conf] [/etc/rspamd/local.d/milter_headers.conf]
authenticated_headers = ["authentication-results"]; authenticated_headers = ["authentication-results"];
use = ["x-spamd-result","x-spam-level","x-spamd-bar", "my-x-spam-score","x-spam-status", "authentication-results"]; use = ["x-spamd-result","x-spam-level","x-spamd-bar", "my-x-spam-score","x-spam-status", "authentication-results"];
# add X-Spam-Score header (like SA does) # add X-Spam-Score header (like SA does)
# Source: https://groups.google.com/forum/#!topic/rspamd/fEdbnG0J18I # Source: https://groups.google.com/forum/#!topic/rspamd/fEdbnG0J18I
custom { custom {
@@ -102,18 +108,18 @@ step_50() {
EOD; EOD;
} }
[/etc/rspamd/local.c/phishing.conf] [/etc/rspamd/local.d/phishing.conf]
openphish_enabled = true; openphish_enabled = true;
phishtank_enabled = true; phishtank_enabled = true;
[/etc/rspamd/local.c/greylist.conf] [/etc/rspamd/local.d/greylist.conf]
enabled = true; enabled = true;
timeout = 1min; timeout = 1min;
[/etc/rspamd/local.c/mx_check.conf] [/etc/rspamd/local.d/mx_check.conf]
enabled = true; enabled = true;
timeout = 5.0; timeout = 5.0;
# A map of specific domains that should be excluded from MX check # A map of specific domains that should be excluded from MX check
exclude_domains = [ exclude_domains = [
"https://maps.rspamd.com/freemail/disposable.txt.zst", "https://maps.rspamd.com/freemail/disposable.txt.zst",
@@ -127,11 +133,11 @@ step_50() {
## Don't check mails send from local network ## Don't check mails send from local network
[/etc/rspamd/local.c/multimap.conf] [/etc/rspamd/local.d/multimap.conf]
IP_WHITELIST { IP_WHITELIST {
type = "ip"; type = "ip";
prefilter = true; prefilter = true;
map = "/${LOCAL_CONFDIR}/local.d/ip_whitelist.map"; map = "/\${LOCAL_CONFDIR}/local.d/ip_whitelist.map";
action = "accept"; action = "accept";
description = "Accept mails from local network" description = "Accept mails from local network"
} }
@@ -143,7 +149,7 @@ step_50() {
# score = -6.0 # score = -6.0
#} #}
[/etc/rspamd/local.c/ip_whitelist.map] [/etc/rspamd/local.d/ip_whitelist.map]
fd00::/8 fd00::/8
192.168.0.0/16 192.168.0.0/16
10.0.0.0/8 10.0.0.0/8