gnilebein/Docker-rspamd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Activity

Compare commits

base: gnilebein:541236043b9b4d1d14b3e45dc6a57429511e2e2b
Branches Tags
gnilebein:main
...
compare: gnilebein:main
Branches Tags
gnilebein:main

27 Commits
541236043b ... main

Author SHA1 Message Date
Patrick Niebeling
61b83b85d4 Merge pull request 'provenance: false' (#19) from Update-Pipeline into main
Some checks failed
Deploy Container Image to Registry / docker-build-experimental (push) Failing after 9m49s
Details
Deploy Container Image to Registry / docker-build-stable (push) Successful in 10m46s
Details 
Reviewed-on: #19
 2024-11-22 13:45:26 +00:00
Patrick Niebeling
72d26206fa provenance: false 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-22 14:44:56 +01:00
Patrick Niebeling
5e690d52e2 Merge pull request 'provenance: false' (#18) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker-build-stable (push) Successful in 1m38s
Details
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m36s
Details 
Reviewed-on: #18
 2024-11-22 13:41:07 +00:00
Patrick Niebeling
c57dcd24bf provenance: false 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-22 14:40:14 +01:00
Patrick Niebeling
be9aea31d9 Merge pull request 'Change Interval to Weekly' (#17) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m28s
Details
Deploy Container Image to Registry / docker-build-stable (push) Successful in 1m31s
Details 
Reviewed-on: #17
 2024-11-21 12:38:07 +00:00
Patrick Niebeling
d6123836cf Change Interval to Weekly 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-21 13:37:27 +01:00
Patrick Niebeling
246dc298e6 Merge pull request 'Update Date' (#16) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker-build-stable (push) Successful in 1m36s
Details
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m32s
Details 
Reviewed-on: #16
 2024-11-20 15:03:54 +00:00
Patrick Niebeling
509e7f472d Update Date 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 16:03:39 +01:00
Patrick Niebeling
fd868b525b Merge pull request 'Update assignment' (#15) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker-build-stable (push) Successful in 1m13s
Details
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m13s
Details 
Reviewed-on: #15
 2024-11-20 15:00:39 +00:00
Patrick Niebeling
8cb84e605c Update assignment 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 16:00:14 +01:00
Patrick Niebeling
9e2d45f346 Merge pull request 'Update Version Variable' (#14) from Update-Pipeline into main
Some checks failed
Deploy Container Image to Registry / docker-build-stable (push) Failing after 27s
Details
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m12s
Details 
Reviewed-on: #14
 2024-11-20 14:59:11 +00:00
Patrick Niebeling
865ba3034e Update Version Variable 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 15:58:54 +01:00
Patrick Niebeling
84b3f2e897 Merge pull request 'Fix Date' (#13) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m19s
Details
Deploy Container Image to Registry / docker-build-stable (push) Successful in 1m21s
Details 
Reviewed-on: #13
 2024-11-20 14:55:31 +00:00
Patrick Niebeling
6c58da3eee Fix Date 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 15:55:02 +01:00
Patrick Niebeling
9c411cd147 Merge pull request 'Update-Pipeline' (#12) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m20s
Details
Deploy Container Image to Registry / docker-build-stable (push) Successful in 1m22s
Details 
Reviewed-on: #12
 2024-11-20 14:38:44 +00:00
Patrick Niebeling
054af6572f PLattform 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 15:38:17 +01:00
Patrick Niebeling
1201c74f0d Update Version und Build Date 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 15:37:25 +01:00
Patrick Niebeling
180d04a0e4 Merge pull request 'Build Experimental' (#11) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker-build-stable (push) Successful in 1m30s
Details
Deploy Container Image to Registry / docker-build-experimental (push) Successful in 1m28s
Details 
Reviewed-on: #11
 2024-11-20 14:24:31 +00:00
Patrick Niebeling
718eac95ae Build Experimental 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 15:22:30 +01:00
Patrick Niebeling
b1457ffbfc Merge pull request 'Add .gitignore' (#10) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker (push) Successful in 1m7s
Details 
Reviewed-on: #10
 2024-11-20 13:50:02 +00:00
Patrick Niebeling
620e79cef0 Add .gitignore 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 14:49:38 +01:00
Patrick Niebeling
b38bafa63d Merge pull request 'Update Cron' (#9) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker (push) Successful in 1m6s
Details 
Reviewed-on: #9
 2024-11-20 13:34:55 +00:00
Patrick Niebeling
30e06d762f Update Cron 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 14:34:19 +01:00
Patrick Niebeling
6f0189e8c0 Merge pull request 'Updates Cron' (#8) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker (push) Successful in 1m4s
Details 
Reviewed-on: #8
 2024-11-20 13:20:24 +00:00
Patrick Niebeling
9d73103d1f Updates Cron 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 14:20:10 +01:00
Patrick Niebeling
54728e3d88 Merge pull request 'Upldate' (#7) from Update-Pipeline into main
All checks were successful
Deploy Container Image to Registry / docker (push) Successful in 1m6s
Details 
Reviewed-on: #7
 2024-11-20 13:15:58 +00:00
Patrick Niebeling
5356730c01 Upldate 
Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
 2024-11-20 14:15:32 +01:00
16 changed files with 670 additions and 189 deletions
Expand all files Collapse all files

100
.gitea/workflows/deploy.yaml
View File

@ -1,31 +1,93 @@
name: Deploy Container Image to Registry name: Deploy Container Image to Registry
on: on:
schedule:
- cron: 0 1 * * 1
push: push:
branches: branches:
- main - main
jobs: jobs:
build-image: docker-build-stable:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out repository code - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Build Image
run: |
echo "[***] Build hook running"
cd ${{ gitea.workspace }}/StableV2/
VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
docker build \ - name: Set up QEMU
--build-arg VERSION=${VERSION} \ uses: docker/setup-qemu-action@v3
--build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" | xargs git rev-parse --short) \
--build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \ - name: Set up Docker Buildx
--build-arg DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \ uses: docker/setup-buildx-action@v3
-t ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }} -t ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }}:$VERSION .
- name: Push Image - name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: gitea.gnilebein.de
username: ${{ gitea.repository_owner }}
password: ${{ secrets.REG_GITEA_PASSWORD }}
- name: Get Meta
id: meta
run: | run: |
echo '${{ vars.DOCKER_AUTH_CONFIG }}' > ~/.docker/config.json echo VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1) | tee -a $GITHUB_OUTPUT
cat ~/.docker/config.json echo IMAGE_CREATED=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | tee -a $GITHUB_OUTPUT
VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1) IMAGE_CREATED=${{ steps.meta.outputs.VERSION }}
docker push ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }} IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
docker push ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }}:${VERSION}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ./Stable
file: Stable/Dockerfile
platforms: linux/amd64
pull: false
push: true
no-cache: true
provenance: false
build-args: |
VERSION=${{ steps.meta.outputs.VERSION }}
IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
tags: |
${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}
${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}:${{ steps.meta.outputs.VERSION }}
docker-build-experimental:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: gitea.gnilebein.de
username: ${{ gitea.repository_owner }}
password: ${{ secrets.REG_GITEA_PASSWORD }}
- name: Get Meta
id: meta
run: |
echo VERSION=$(curl -s https://rspamd.com/apt/pool/main/r/rspamd/ | sed -n "s/^<a href=\"rspamd_\(.*\)\~git.*\~.*.dsc\".*/\1/p" | tail -1) | tee -a $GITHUB_OUTPUT
echo IMAGE_CREATED=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | tee -a $GITHUB_OUTPUT
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ./Experimental
file: Experimental/Dockerfile
platforms: linux/amd64
pull: false
push: true
no-cache: true
provenance: false
build-args: |
VERSION=${{ steps.meta.outputs.VERSION }}
IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
tags: |
${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}:experimental

300
.gitignore vendored Normal file
View File

@ -0,0 +1,300 @@
# managed by devops-generator/ansible-role-generator
### Ansible ###
*.retry
### Intellij+all ###
# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
### Intellij+all Patch ###
# Ignores the whole .idea folder and all .iml files
# See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360
.idea/
# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
*.iml
modules.xml
.idea/misc.xml
*.ipr
# Sonarlint plugin
.idea/sonarlint
### Linux ###
*~
# temporary files which can be created if a process still has a handle open of a deleted file
.fuse_hidden*
# KDE directory preferences
.directory
# Linux trash folder which might appear on any partition or disk
.Trash-*
# .nfs files are created when an open file is removed but is still being accessed
.nfs*
### Python ###
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
pip-wheel-metadata/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
pytestdebug.log
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
doc/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
.python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# PEP 582; used by e.g. github.com/David-OConnor/pyflow
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
state.json
# terraform lock file
.terraform.lock*
# Crash log files
crash.log
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
### Vim ###
# Swap
[._]*.s[a-v][a-z]
!*.svg # comment out if you don't need vector files
[._]*.sw[a-p]
[._]s[a-rt-v][a-z]
[._]ss[a-gi-z]
[._]sw[a-p]
# Session
Session.vim
Sessionx.vim
# Temporary
.netrwhist
# Auto-generated tag files
tags
# Persistent undo
[._]*.un~
# VS Code Settings
.vscode

64
Experimental/Dockerfile
View File

@ -1,13 +1,38 @@
FROM debian:stable-slim FROM debian:stable-slim
LABEL maintainer="gnilebein - <docker@gnilebein.nl>" LABEL maintainer="gnilebein - <patrick@niebel.ing>"
# Setup Labels
ARG VERSION
ARG IMAGE_CREATED
# Set apt non-interactive # Set apt non-interactive
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND=noninteractive
LABEL org.label-schema.name="Rspamd" \
org.label-schema.description="Rspamd Spam Filter - EXPERIMENTAL" \
org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/experimental" \
org.label-schema.url="https://rspamd.com" \
org.label-schema.vendor="gnilebein" \
org.label-schema.schema-version="1.0" \
org.label-schema.version=$VERSION \
org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
org.label-schema.build-date=$IMAGE_CREATED
# Install Rspamd # Install Rspamd
RUN set -x \ RUN set -x \
&& apt update \ && apt update \
&& apt --no-install-recommends install -y lsb-release wget gnupg openssl ca-certificates \ && apt --no-install-recommends install -y \
apt-transport-https \
dnsutils \
netcat-traditional \
lsb-release \
wget \
gnupg \
openssl \
ca-certificates \
nano \
less \
ca-certificates \
&& DEBIAN_CODE_NAME=`lsb_release -c -s` \ && DEBIAN_CODE_NAME=`lsb_release -c -s` \
&& wget -O - https://rspamd.com/apt/gpg.key | apt-key add - \ && wget -O - https://rspamd.com/apt/gpg.key | apt-key add - \
&& echo "deb http://rspamd.com/apt/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \ && echo "deb http://rspamd.com/apt/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
@ -16,42 +41,31 @@ RUN set -x \
&& apt --no-install-recommends install -y rspamd \ && apt --no-install-recommends install -y rspamd \
&& apt autoremove --purge -y \ && apt autoremove --purge -y \
&& apt clean \ && apt clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/* \
&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
# Override default settings # Override default settings
COPY rspamd.conf.local.override /etc/rspamd/ COPY rspamd.conf.local.override /etc/rspamd/
COPY worker-controller.inc /etc/rspamd/override.d/ COPY worker-controller.inc /etc/rspamd/override.d/
COPY worker-proxy.inc /etc/rspamd/override.d/ COPY worker-proxy.inc /etc/rspamd/override.d/
COPY set_worker_password.sh /set_worker_password.sh
COPY docker-entrypoint.sh /docker-entrypoint.sh
# Keep database and configuration persistent # # Keep database and configuration persistent
VOLUME /etc/rspamd/local.d VOLUME /etc/rspamd/local.d
VOLUME /etc/rspamd/override.d
VOLUME /etc/rspamd/custom
VOLUME /var/lib/rspamd VOLUME /var/lib/rspamd
# Port 11334 is for web frontend EXPOSE 11332 11333 11334
# Port 11332 is for milter
# Port 11333 is for worker
EXPOSE 11332 11334
# Healtcheck if Rspamd is returning stats # Healtcheck if Rspamd is returning stats
HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \ HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
CMD /usr/bin/rspamadm control stat || exit 1 CMD /usr/bin/rspamadm control stat || exit 1
# Run Rspamd # Run Rspamd
ENTRYPOINT ["/usr/bin/rspamd","-f","-u","_rspamd","-g","_rspamd"] ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
# Setup Labels STOPSIGNAL SIGTERM
ARG VERSION
ARG COMMIT
ARG BRANCH
ARG DATE
LABEL org.label-schema.name="Rspamd" \ CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]
org.label-schema.description="Rspamd Spam Filter - EXPERIMENTAL" \
org.label-schema.usage="https://hub.docker.com/r/gnilebein/rspamd/" \
org.label-schema.url="https://rspamd.com" \
org.label-schema.vendor="gnilebein" \
org.label-schema.schema-version="1.0" \
org.label-schema.version=$VERSION \
org.label-schema.vcs-url="https://github.com/rspamd/rspamd/" \
org.label-schema.vcs-ref=$COMMIT \
org.label-schema.build-date=$DATE \

0
StableV2/docker-entrypoint.sh → Experimental/docker-entrypoint.sh
View File

0
StableV2/set_worker_password.sh → Experimental/set_worker_password.sh
View File

2
README.md
View File

@ -34,4 +34,4 @@ This allows configuration of the _Webinterface_, _DKIM_ and _Redis_. The tool wr
### Support ### ### Support ###
This Docker image is for personal use but let me know if there are any improvements available. This Docker image is for personal use but let me know if there are any improvements available.
Please use [Github](https://github.com/gnilebein/Docker-Rspamd) to send me a message Please use [Github](https://gitea.gnilebein.de/gnilebein/Docker-rspamd) to send me a message

64
Stable/Dockerfile
View File

@ -1,13 +1,38 @@
FROM debian:stable-slim FROM debian:stable-slim
LABEL maintainer="gnilebein - <docker@gnilebein.nl>" LABEL maintainer="gnilebein - <patrick@niebel.ing>"
# Setup Labels
ARG VERSION
ARG IMAGE_CREATED
# Set apt non-interactive # Set apt non-interactive
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND=noninteractive
LABEL org.label-schema.name="Rspamd" \
org.label-schema.description="Rspamd Spam Filter - STABLE" \
org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/latest" \
org.label-schema.url="https://rspamd.com" \
org.label-schema.vendor="gnilebein" \
org.label-schema.schema-version="1.0" \
org.label-schema.version=$VERSION \
org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
org.label-schema.build-date=$IMAGE_CREATED
# Install Rspamd # Install Rspamd
RUN set -x \ RUN set -x \
&& apt update \ && apt update \
&& apt --no-install-recommends install -y lsb-release wget gnupg openssl ca-certificates \ && apt --no-install-recommends install -y \
apt-transport-https \
dnsutils \
netcat-traditional \
lsb-release \
wget \
gnupg \
openssl \
ca-certificates \
nano \
less \
ca-certificates \
&& DEBIAN_CODE_NAME=`lsb_release -c -s` \ && DEBIAN_CODE_NAME=`lsb_release -c -s` \
&& wget -O - https://rspamd.com/apt-stable/gpg.key | apt-key add - \ && wget -O - https://rspamd.com/apt-stable/gpg.key | apt-key add - \
&& echo "deb http://rspamd.com/apt-stable/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \ && echo "deb http://rspamd.com/apt-stable/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
@ -16,42 +41,31 @@ RUN set -x \
&& apt --no-install-recommends install -y rspamd \ && apt --no-install-recommends install -y rspamd \
&& apt autoremove --purge -y \ && apt autoremove --purge -y \
&& apt clean \ && apt clean \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/* \
&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
# Override default settings # Override default settings
COPY rspamd.conf.local.override /etc/rspamd/ COPY rspamd.conf.local.override /etc/rspamd/
COPY worker-controller.inc /etc/rspamd/override.d/ COPY worker-controller.inc /etc/rspamd/override.d/
COPY worker-proxy.inc /etc/rspamd/override.d/ COPY worker-proxy.inc /etc/rspamd/override.d/
COPY set_worker_password.sh /set_worker_password.sh
COPY docker-entrypoint.sh /docker-entrypoint.sh
# Keep database and configuration persistent # # Keep database and configuration persistent
VOLUME /etc/rspamd/local.d VOLUME /etc/rspamd/local.d
VOLUME /etc/rspamd/override.d
VOLUME /etc/rspamd/custom
VOLUME /var/lib/rspamd VOLUME /var/lib/rspamd
# Port 11334 is for web frontend EXPOSE 11332 11333 11334
# Port 11332 is for milter
# Port 11333 is for worker
EXPOSE 11332 11334
# Healtcheck if Rspamd is returning stats # Healtcheck if Rspamd is returning stats
HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \ HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
CMD /usr/bin/rspamadm control stat || exit 1 CMD /usr/bin/rspamadm control stat || exit 1
# Run Rspamd # Run Rspamd
ENTRYPOINT ["/usr/bin/rspamd","-f","-u","_rspamd","-g","_rspamd"] ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
# Setup Labels STOPSIGNAL SIGTERM
ARG VERSION
ARG COMMIT
ARG BRANCH
ARG DATE
LABEL org.label-schema.name="Rspamd" \ CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]
org.label-schema.description="Rspamd Spam Filter - STABLE" \
org.label-schema.usage="https://hub.docker.com/r/gnilebein/rspamd/" \
org.label-schema.url="https://rspamd.com" \
org.label-schema.vendor="gnilebein" \
org.label-schema.schema-version="1.0" \
org.label-schema.version=$VERSION \
org.label-schema.vcs-url="https://github.com/rspamd/rspamd/" \
org.label-schema.vcs-ref=$COMMIT \
org.label-schema.build-date=$DATE \

197
Stable/docker-entrypoint.sh Normal file
View File

@ -0,0 +1,197 @@
#!/bin/bash
chmod 755 /var/lib/rspamd
[[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Autogenerated' >/etc/rspamd/override.d/worker-controller-password.inc
mkdir -p /etc/rspamd/custom
# If DQS KEY is set in mailcow.conf add Spamhaus DQS RBLs
if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
cat <<EOF >/etc/rspamd/custom/dqs-rbl.conf
# Autogenerated by mailcow. DO NOT TOUCH!
spamhaus {
rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
from = false;
}
spamhaus_from {
from = true;
received = false;
rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
returncodes {
SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10", "127.0.0.11" ];
}
}
spamhaus_authbl_received {
# Check if the sender client is listed in AuthBL (AuthBL is *not* part of ZEN)
rbl = "${SPAMHAUS_DQS_KEY}.authbl.dq.spamhaus.net";
from = false;
received = true;
ipv6 = true;
returncodes {
SH_AUTHBL_RECEIVED = "127.0.0.20"
}
}
spamhaus_dbl {
# Add checks on the HELO string
rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
helo = true;
rdns = true;
dkim = true;
disable_monitoring = true;
returncodes {
RBL_DBL_SPAM = "127.0.1.2";
RBL_DBL_PHISH = "127.0.1.4";
RBL_DBL_MALWARE = "127.0.1.5";
RBL_DBL_BOTNET = "127.0.1.6";
RBL_DBL_ABUSED_SPAM = "127.0.1.102";
RBL_DBL_ABUSED_PHISH = "127.0.1.104";
RBL_DBL_ABUSED_MALWARE = "127.0.1.105";
RBL_DBL_ABUSED_BOTNET = "127.0.1.106";
RBL_DBL_DONT_QUERY_IPS = "127.0.1.255";
}
}
spamhaus_dbl_fullurls {
ignore_defaults = true;
no_ip = true;
rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
selector = 'urls:get_host'
disable_monitoring = true;
returncodes {
DBLABUSED_SPAM_FULLURLS = "127.0.1.102";
DBLABUSED_PHISH_FULLURLS = "127.0.1.104";
DBLABUSED_MALWARE_FULLURLS = "127.0.1.105";
DBLABUSED_BOTNET_FULLURLS = "127.0.1.106";
}
}
spamhaus_zrd {
# Add checks on the HELO string also for DQS
rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
helo = true;
rdns = true;
dkim = true;
disable_monitoring = true;
returncodes {
RBL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
RBL_ZRD_FRESH_DOMAIN = [
"127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
];
RBL_ZRD_DONT_QUERY_IPS = "127.0.2.255";
}
}
"SPAMHAUS_ZEN_URIBL" {
enabled = true;
rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
resolve_ip = true;
checks = ['urls'];
replyto = true;
emails = true;
ipv4 = true;
ipv6 = true;
emails_domainonly = true;
returncodes {
URIBL_SBL = "127.0.0.2";
URIBL_SBL_CSS = "127.0.0.3";
URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
URIBL_DROP = "127.0.0.9";
}
}
SH_EMAIL_DBL {
ignore_defaults = true;
replyto = true;
emails_domainonly = true;
disable_monitoring = true;
rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
returncodes = {
SH_EMAIL_DBL = [
"127.0.1.2",
"127.0.1.4",
"127.0.1.5",
"127.0.1.6"
];
SH_EMAIL_DBL_ABUSED = [
"127.0.1.102",
"127.0.1.104",
"127.0.1.105",
"127.0.1.106"
];
SH_EMAIL_DBL_DONT_QUERY_IPS = [ "127.0.1.255" ];
}
}
SH_EMAIL_ZRD {
ignore_defaults = true;
replyto = true;
emails_domainonly = true;
disable_monitoring = true;
rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
returncodes = {
SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
SH_EMAIL_ZRD_FRESH_DOMAIN = [
"127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
];
SH_EMAIL_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
}
}
"DBL" {
# override the defaults for DBL defined in modules.d/rbl.conf
rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
disable_monitoring = true;
}
"ZRD" {
ignore_defaults = true;
rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
no_ip = true;
dkim = true;
emails = true;
emails_domainonly = true;
urls = true;
returncodes = {
ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
}
}
spamhaus_sbl_url {
ignore_defaults = true
rbl = "${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net";
checks = ['urls'];
disable_monitoring = true;
returncodes {
SPAMHAUS_SBL_URL = "127.0.0.2";
}
}
SH_HBL_EMAIL {
ignore_defaults = true;
rbl = "_email.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net";
emails_domainonly = false;
selector = "from('smtp').lower;from('mime').lower";
ignore_whitelist = true;
checks = ['emails', 'replyto'];
hash = "sha1";
returncodes = {
SH_HBL_EMAIL = [
"127.0.3.2"
];
}
}
spamhaus_dqs_hbl {
symbol = "HBL_FILE_UNKNOWN";
rbl = "_file.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net.";
selector = "attachments('rbase32', 'sha256')";
ignore_whitelist = true;
ignore_defaults = true;
returncodes {
SH_HBL_FILE_MALICIOUS = "127.0.3.10";
SH_HBL_FILE_SUSPICIOUS = "127.0.3.15";
}
}
EOF
else
rm -rf /etc/rspamd/custom/dqs-rbl.conf
fi
chown -R _rspamd:_rspamd /var/lib/rspamd /etc/rspamd/
exec "$@"

3
Stable/hooks/build
View File

@ -9,9 +9,8 @@ VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^
IMAGE_NAME=docker-rspamd IMAGE_NAME=docker-rspamd
zip -r config
docker build \ docker build \
--no-cache \
--build-arg VERSION=${VERSION} \ --build-arg VERSION=${VERSION} \
--build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" | xargs git rev-parse --short) \ --build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" | xargs git rev-parse --short) \
--build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \ --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \

12
Stable/set_worker_password.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
password_file='/etc/rspamd/override.d/worker-controller-password.inc'
password_hash=`/usr/bin/rspamadm pw -e -p $1`
echo 'enable_password = "'$password_hash'";' > $password_file
if grep -q "$password_hash" "$password_file"; then
echo "OK"
else
echo "ERROR"
fi

75
StableV2/Dockerfile
View File

@ -1,75 +0,0 @@
FROM debian:stable-slim
LABEL maintainer="gnilebein - <patrick@niebel.ing>"
# Setup Labels
ARG VERSION
ARG COMMIT
ARG BRANCH
ARG DATE
ARG DEBIAN_FRONTEND=noninteractive
# Set apt non-interactive
ENV DEBIAN_FRONTEND=noninteractive
LABEL org.label-schema.name="Rspamd" \
org.label-schema.description="Rspamd Spam Filter - STABLE" \
org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/latest" \
org.label-schema.url="https://rspamd.com" \
org.label-schema.vendor="gnilebein" \
org.label-schema.schema-version="1.0" \
org.label-schema.version=$VERSION \
org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
org.label-schema.vcs-ref=$COMMIT \
org.label-schema.build-date=$DATE
# Install Rspamd
RUN set -x \
&& apt update \
&& apt --no-install-recommends install -y \
apt-transport-https \
dnsutils \
netcat-traditional \
lsb-release \
wget \
gnupg \
openssl \
ca-certificates \
nano \
less \
ca-certificates \
&& DEBIAN_CODE_NAME=`lsb_release -c -s` \
&& wget -O - https://rspamd.com/apt-stable/gpg.key | apt-key add - \
&& echo "deb http://rspamd.com/apt-stable/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
&& apt purge -y lsb-release wget gnupg \
&& apt update \
&& apt --no-install-recommends install -y rspamd \
&& apt autoremove --purge -y \
&& apt clean \
&& rm -rf /var/lib/apt/lists/* \
&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
# Override default settings
COPY rspamd.conf.local.override /etc/rspamd/
COPY worker-controller.inc /etc/rspamd/override.d/
COPY worker-proxy.inc /etc/rspamd/override.d/
COPY set_worker_password.sh /set_worker_password.sh
COPY docker-entrypoint.sh /docker-entrypoint.sh
# # Keep database and configuration persistent
VOLUME /etc/rspamd/local.d
VOLUME /etc/rspamd/override.d
VOLUME /etc/rspamd/custom
VOLUME /var/lib/rspamd
EXPOSE 11332 11333 11334
# Healtcheck if Rspamd is returning stats
HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
CMD /usr/bin/rspamadm control stat || exit 1
# Run Rspamd
ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
STOPSIGNAL SIGTERM
CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]

18
StableV2/hooks/build
View File

@ -1,18 +0,0 @@
#!/bin/bash
# hooks/build
# https://docs.docker.com/docker-cloud/builds/advanced/
# $IMAGE_NAME var is injected into the build so the tag is correct.
echo "[***] Build hook running"
VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
IMAGE_NAME=docker-rspamd
docker build \
--no-cache \
--build-arg VERSION=${VERSION} \
--build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" | xargs git rev-parse --short) \
--build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
--build-arg DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-t ${IMAGE_NAME} .

9
StableV2/hooks/post_push
View File

@ -1,9 +0,0 @@
#!/bin/bash
VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
docker tag \
"${IMAGE_NAME}" \
"${DOCKER_REPO}:stable-${VERSION}"
docker push \
"${DOCKER_REPO}:stable-${VERSION}"

13
StableV2/rspamd.conf.local.override
View File

@ -1,13 +0,0 @@
options {
pidfile = false;
.include "$CONFDIR/options.inc"
.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc"
}
logging {
type = "console";
.include "$CONFDIR/logging.inc"
.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc"
.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
}

1
StableV2/worker-controller.inc
View File

@ -1 +0,0 @@
bind_socket = "*:11334";

1
StableV2/worker-proxy.inc
View File

@ -1 +0,0 @@
bind_socket = *:11332;