Fix

Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>
Upload
2024-11-19 16:23:59 +01:00 · 2024-11-19 16:23:46 +01:00 · 2024-11-19 16:07:45 +01:00 · 2024-11-19 15:57:35 +01:00
16 changed files with 191 additions and 674 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@ -1,93 +1,29 @@
 name: Deploy Container Image to Registry
-on:
+run-name: Deploy to RaspberryPi
-  schedule:
+on: [push]
    - cron: 0 1 * * 1
  push:
    branches:
      - main
 jobs:
-  docker-build-stable:
+  build-image:
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
+      - name: Check out repository code
        uses: actions/checkout@v4
-
+      - name: Build Image
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: gitea.gnilebein.de
          username: ${{ gitea.repository_owner }}
          password: ${{ secrets.REG_GITEA_PASSWORD }}
      - name: Get Meta
        id: meta
        run: |
-          echo VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1) | tee -a $GITHUB_OUTPUT
+          echo "[***] Build hook running"
-          echo IMAGE_CREATED=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | tee -a $GITHUB_OUTPUT
+          cd ${{ gitea.workspace }}/StableV2/
-          IMAGE_CREATED=${{ steps.meta.outputs.VERSION }}
+          VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
-          IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
+          IMAGE_NAME=docker-rspamd
-
+          docker build \
-      - name: Build and push
+          --build-arg VERSION=${VERSION} \
-        uses: docker/build-push-action@v6
+          --build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" |  xargs git rev-parse --short) \
-        with:
+          --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
-          context: ./Stable
+          --build-arg DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
-          file: Stable/Dockerfile
+          -t ${{ vars.DOCKER_REPO }}/gnilebein/${IMAGE_NAME} .
-          platforms: linux/amd64
+      - name: Push Image
          pull: false
          push: true
          no-cache: true
          provenance: false
          build-args: |
            VERSION=${{ steps.meta.outputs.VERSION }}
            IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
          tags: |
            ${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}
            ${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}:${{ steps.meta.outputs.VERSION }}
  docker-build-experimental:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          registry: gitea.gnilebein.de
          username: ${{ gitea.repository_owner }}
          password: ${{ secrets.REG_GITEA_PASSWORD }}
      - name: Get Meta
        id: meta
        run: |
-          echo VERSION=$(curl -s https://rspamd.com/apt/pool/main/r/rspamd/ | sed -n "s/^<a href=\"rspamd_\(.*\)\~git.*\~.*.dsc\".*/\1/p" | tail -1) | tee -a $GITHUB_OUTPUT
+          VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
-          echo IMAGE_CREATED=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | tee -a $GITHUB_OUTPUT
+          docker tag \
-
+            "${IMAGE_NAME}" \
-      - name: Build and push
+            "${DOCKER_REPO}:stable-${VERSION}"
-        uses: docker/build-push-action@v6
+          docker push ${{ vars.DOCKER_REPO }}/gnilebein/docker-rspamd:latest
        with:
          context: ./Experimental
          file: Experimental/Dockerfile
          platforms: linux/amd64
          pull: false
          push: true
          no-cache: true
          provenance: false
          build-args: |
            VERSION=${{ steps.meta.outputs.VERSION }}
            IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
          tags: |
            ${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}:experimental
--- a/.gitignore
+++ b/.gitignore
@ -1,300 +0,0 @@
 # managed by devops-generator/ansible-role-generator
 ### Ansible ###
 *.retry
 ### Intellij+all ###
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 # User-specific stuff
 .idea/**/workspace.xml
 .idea/**/tasks.xml
 .idea/**/usage.statistics.xml
 .idea/**/dictionaries
 .idea/**/shelf
 # Generated files
 .idea/**/contentModel.xml
 # Sensitive or high-churn files
 .idea/**/dataSources/
 .idea/**/dataSources.ids
 .idea/**/dataSources.local.xml
 .idea/**/sqlDataSources.xml
 .idea/**/dynamic.xml
 .idea/**/uiDesigner.xml
 .idea/**/dbnavigator.xml
 # Gradle
 .idea/**/gradle.xml
 .idea/**/libraries
 # Gradle and Maven with auto-import
 # When using Gradle or Maven with auto-import, you should exclude module files,
 # since they will be recreated, and may cause churn.  Uncomment if using
 # auto-import.
 # .idea/artifacts
 # .idea/compiler.xml
 # .idea/jarRepositories.xml
 # .idea/modules.xml
 # .idea/*.iml
 # .idea/modules
 # *.iml
 # *.ipr
 # CMake
 cmake-build-*/
 # Mongo Explorer plugin
 .idea/**/mongoSettings.xml
 # File-based project format
 *.iws
 # IntelliJ
 out/
 # mpeltonen/sbt-idea plugin
 .idea_modules/
 # JIRA plugin
 atlassian-ide-plugin.xml
 # Cursive Clojure plugin
 .idea/replstate.xml
 # Crashlytics plugin (for Android Studio and IntelliJ)
 com_crashlytics_export_strings.xml
 crashlytics.properties
 crashlytics-build.properties
 fabric.properties
 # Editor-based Rest Client
 .idea/httpRequests
 # Android studio 3.1+ serialized cache file
 .idea/caches/build_file_checksums.ser
 ### Intellij+all Patch ###
 # Ignores the whole .idea folder and all .iml files
 # See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360
 .idea/
 # Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
 *.iml
 modules.xml
 .idea/misc.xml
 *.ipr
 # Sonarlint plugin
 .idea/sonarlint
 ### Linux ###
 *~
 # temporary files which can be created if a process still has a handle open of a deleted file
 .fuse_hidden*
 # KDE directory preferences
 .directory
 # Linux trash folder which might appear on any partition or disk
 .Trash-*
 # .nfs files are created when an open file is removed but is still being accessed
 .nfs*
 ### Python ###
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
 *$py.class
 # C extensions
 *.so
 # Distribution / packaging
 .Python
 build/
 develop-eggs/
 dist/
 downloads/
 eggs/
 .eggs/
 lib/
 lib64/
 parts/
 sdist/
 var/
 wheels/
 pip-wheel-metadata/
 share/python-wheels/
 *.egg-info/
 .installed.cfg
 *.egg
 MANIFEST
 # PyInstaller
 #  Usually these files are written by a python script from a template
 #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 *.manifest
 *.spec
 # Installer logs
 pip-log.txt
 pip-delete-this-directory.txt
 # Unit test / coverage reports
 htmlcov/
 .tox/
 .nox/
 .coverage
 .coverage.*
 .cache
 nosetests.xml
 coverage.xml
 *.cover
 *.py,cover
 .hypothesis/
 .pytest_cache/
 pytestdebug.log
 # Translations
 *.mo
 *.pot
 # Django stuff:
 *.log
 local_settings.py
 db.sqlite3
 db.sqlite3-journal
 # Flask stuff:
 instance/
 .webassets-cache
 # Scrapy stuff:
 .scrapy
 # Sphinx documentation
 docs/_build/
 doc/_build/
 # PyBuilder
 target/
 # Jupyter Notebook
 .ipynb_checkpoints
 # IPython
 profile_default/
 ipython_config.py
 # pyenv
 .python-version
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 #   install all needed dependencies.
 #Pipfile.lock
 # PEP 582; used by e.g. github.com/David-OConnor/pyflow
 __pypackages__/
 # Celery stuff
 celerybeat-schedule
 celerybeat.pid
 # SageMath parsed files
 *.sage.py
 # Environments
 .env
 .venv
 env/
 venv/
 ENV/
 env.bak/
 venv.bak/
 # Spyder project settings
 .spyderproject
 .spyproject
 # Rope project settings
 .ropeproject
 # mkdocs documentation
 /site
 # mypy
 .mypy_cache/
 .dmypy.json
 dmypy.json
 # Pyre type checker
 .pyre/
 # pytype static type analyzer
 .pytype/
 ### Terraform ###
 # Local .terraform directories
 **/.terraform/*
 # .tfstate files
 *.tfstate
 *.tfstate.*
 state.json
 # terraform lock file
 .terraform.lock*
 # Crash log files
 crash.log
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
 #
 # example.tfvars
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 ### Vim ###
 # Swap
 [._]*.s[a-v][a-z]
 !*.svg  # comment out if you don't need vector files
 [._]*.sw[a-p]
 [._]s[a-rt-v][a-z]
 [._]ss[a-gi-z]
 [._]sw[a-p]
 # Session
 Session.vim
 Sessionx.vim
 # Temporary
 .netrwhist
 # Auto-generated tag files
 tags
 # Persistent undo
 [._]*.un~
 # VS Code Settings
 .vscode
--- a/Experimental/Dockerfile
+++ b/Experimental/Dockerfile
@ -1,38 +1,13 @@
 FROM debian:stable-slim
-LABEL maintainer="gnilebein - <patrick@niebel.ing>"
+LABEL maintainer="gnilebein - <docker@gnilebein.nl>"
 # Setup Labels
 ARG VERSION
 ARG IMAGE_CREATED
 # Set apt non-interactive
-ENV DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND noninteractive
 LABEL org.label-schema.name="Rspamd" \
 	org.label-schema.description="Rspamd Spam Filter - EXPERIMENTAL" \
 	org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/experimental" \
 	org.label-schema.url="https://rspamd.com" \
 	org.label-schema.vendor="gnilebein" \
 	org.label-schema.schema-version="1.0" \
 	org.label-schema.version=$VERSION \
 	org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
 	org.label-schema.build-date=$IMAGE_CREATED
 # Install Rspamd
 RUN set -x \
 	&& apt update \
-	&& apt --no-install-recommends install -y \
+	&& apt --no-install-recommends install -y lsb-release wget gnupg openssl ca-certificates \
 	apt-transport-https \
 	dnsutils \
 	netcat-traditional \
 	lsb-release \
 	wget \
 	gnupg \
 	openssl \
 	ca-certificates \
 	nano \
 	less \
 	ca-certificates \
 	&& DEBIAN_CODE_NAME=`lsb_release -c -s` \
 	&& wget -O - https://rspamd.com/apt/gpg.key | apt-key add - \
 	&& echo "deb http://rspamd.com/apt/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
@ -41,31 +16,42 @@ RUN set -x \
 	&& apt --no-install-recommends install -y rspamd \
 	&& apt autoremove --purge -y \
 	&& apt clean \
-	&& rm -rf /var/lib/apt/lists/* \
+	&& rm -rf /var/lib/apt/lists/*
 	&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
 # Override default settings
 COPY rspamd.conf.local.override /etc/rspamd/
 COPY worker-controller.inc /etc/rspamd/override.d/
 COPY worker-proxy.inc /etc/rspamd/override.d/
 COPY set_worker_password.sh /set_worker_password.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
-# # Keep database and configuration persistent
+# Keep database and configuration persistent
 VOLUME /etc/rspamd/local.d
 VOLUME /etc/rspamd/override.d
 VOLUME /etc/rspamd/custom
 VOLUME /var/lib/rspamd
-EXPOSE 11332 11333 11334
+# Port 11334 is for web frontend
 # Port 11332 is for milter
 # Port 11333 is for worker
 EXPOSE 11332 11334
 # Healtcheck if Rspamd is returning stats
 HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
 	CMD /usr/bin/rspamadm control stat || exit 1
 # Run Rspamd
-ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/rspamd","-f","-u","_rspamd","-g","_rspamd"]
-STOPSIGNAL SIGTERM
+# Setup Labels
 ARG VERSION
 ARG COMMIT
 ARG BRANCH
 ARG DATE
-CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]
+LABEL org.label-schema.name="Rspamd" \
 	org.label-schema.description="Rspamd Spam Filter - EXPERIMENTAL" \
 	org.label-schema.usage="https://hub.docker.com/r/gnilebein/rspamd/" \
 	org.label-schema.url="https://rspamd.com" \
 	org.label-schema.vendor="gnilebein" \
 	org.label-schema.schema-version="1.0" \
  org.label-schema.version=$VERSION \
  org.label-schema.vcs-url="https://github.com/rspamd/rspamd/" \
  org.label-schema.vcs-ref=$COMMIT \
  org.label-schema.build-date=$DATE \
--- a/README.md
+++ b/README.md
@ -34,4 +34,4 @@ This allows configuration of the _Webinterface_, _DKIM_ and _Redis_. The tool wr
 ### Support ###
 This Docker image is for personal use but let me know if there are any improvements available.
-Please use [Github](https://gitea.gnilebein.de/gnilebein/Docker-rspamd) to send me a message
+Please use [Github](https://github.com/gnilebein/Docker-Rspamd) to send me a message
--- a/Stable/Dockerfile
+++ b/Stable/Dockerfile
@ -1,38 +1,13 @@
 FROM debian:stable-slim
-LABEL maintainer="gnilebein - <patrick@niebel.ing>"
+LABEL maintainer="gnilebein - <docker@gnilebein.nl>"
 # Setup Labels
 ARG VERSION
 ARG IMAGE_CREATED
 # Set apt non-interactive
-ENV DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND noninteractive
 LABEL org.label-schema.name="Rspamd" \
 	org.label-schema.description="Rspamd Spam Filter - STABLE" \
 	org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/latest" \
 	org.label-schema.url="https://rspamd.com" \
 	org.label-schema.vendor="gnilebein" \
 	org.label-schema.schema-version="1.0" \
 	org.label-schema.version=$VERSION \
 	org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
 	org.label-schema.build-date=$IMAGE_CREATED
 # Install Rspamd
 RUN set -x \
 	&& apt update \
-	&& apt --no-install-recommends install -y \
+	&& apt --no-install-recommends install -y lsb-release wget gnupg openssl ca-certificates \
 	apt-transport-https \
 	dnsutils \
 	netcat-traditional \
 	lsb-release \
 	wget \
 	gnupg \
 	openssl \
 	ca-certificates \
 	nano \
 	less \
 	ca-certificates \
 	&& DEBIAN_CODE_NAME=`lsb_release -c -s` \
 	&& wget -O - https://rspamd.com/apt-stable/gpg.key | apt-key add - \
 	&& echo "deb http://rspamd.com/apt-stable/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
@ -41,31 +16,42 @@ RUN set -x \
 	&& apt --no-install-recommends install -y rspamd \
 	&& apt autoremove --purge -y \
 	&& apt clean \
-	&& rm -rf /var/lib/apt/lists/* \
+	&& rm -rf /var/lib/apt/lists/*
 	&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
 # Override default settings
 COPY rspamd.conf.local.override /etc/rspamd/
 COPY worker-controller.inc /etc/rspamd/override.d/
 COPY worker-proxy.inc /etc/rspamd/override.d/
 COPY set_worker_password.sh /set_worker_password.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
-# # Keep database and configuration persistent
+# Keep database and configuration persistent
 VOLUME /etc/rspamd/local.d
 VOLUME /etc/rspamd/override.d
 VOLUME /etc/rspamd/custom
 VOLUME /var/lib/rspamd
-EXPOSE 11332 11333 11334
+# Port 11334 is for web frontend
 # Port 11332 is for milter
 # Port 11333 is for worker
 EXPOSE 11332 11334
 # Healtcheck if Rspamd is returning stats
 HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
 	CMD /usr/bin/rspamadm control stat || exit 1
 # Run Rspamd
-ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/rspamd","-f","-u","_rspamd","-g","_rspamd"]
-STOPSIGNAL SIGTERM
+# Setup Labels
 ARG VERSION
 ARG COMMIT
 ARG BRANCH
 ARG DATE
-CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]
+LABEL org.label-schema.name="Rspamd" \
 	org.label-schema.description="Rspamd Spam Filter - STABLE" \
 	org.label-schema.usage="https://hub.docker.com/r/gnilebein/rspamd/" \
 	org.label-schema.url="https://rspamd.com" \
 	org.label-schema.vendor="gnilebein" \
 	org.label-schema.schema-version="1.0" \
  org.label-schema.version=$VERSION \
  org.label-schema.vcs-url="https://github.com/rspamd/rspamd/" \
  org.label-schema.vcs-ref=$COMMIT \
  org.label-schema.build-date=$DATE \
--- a/Stable/docker-entrypoint.sh
+++ b/Stable/docker-entrypoint.sh
@ -1,197 +0,0 @@
 #!/bin/bash
 chmod 755 /var/lib/rspamd
 [[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Autogenerated' >/etc/rspamd/override.d/worker-controller-password.inc
 mkdir -p /etc/rspamd/custom
 # If DQS KEY is set in mailcow.conf add Spamhaus DQS RBLs
 if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
    cat <<EOF >/etc/rspamd/custom/dqs-rbl.conf
  # Autogenerated by mailcow. DO NOT TOUCH!
    spamhaus {
        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
        from = false;
    }
    spamhaus_from {
        from = true;
        received = false;
        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
        returncodes {
          SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10", "127.0.0.11" ];
        }
    }
    spamhaus_authbl_received {
        # Check if the sender client is listed in AuthBL (AuthBL is *not* part of ZEN)
        rbl = "${SPAMHAUS_DQS_KEY}.authbl.dq.spamhaus.net";
        from = false;
        received = true;
        ipv6 = true;
        returncodes {
          SH_AUTHBL_RECEIVED = "127.0.0.20"
        }
    }
    spamhaus_dbl {
        # Add checks on the HELO string
        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
        helo = true;
        rdns = true;
        dkim = true;
        disable_monitoring = true;
        returncodes {
            RBL_DBL_SPAM = "127.0.1.2";
            RBL_DBL_PHISH = "127.0.1.4";
            RBL_DBL_MALWARE = "127.0.1.5";
            RBL_DBL_BOTNET = "127.0.1.6";
            RBL_DBL_ABUSED_SPAM = "127.0.1.102";
            RBL_DBL_ABUSED_PHISH = "127.0.1.104";
            RBL_DBL_ABUSED_MALWARE = "127.0.1.105";
            RBL_DBL_ABUSED_BOTNET = "127.0.1.106";
            RBL_DBL_DONT_QUERY_IPS = "127.0.1.255";
        }
    }
    spamhaus_dbl_fullurls {
        ignore_defaults = true;
        no_ip = true;
        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
        selector = 'urls:get_host'
        disable_monitoring = true;
        returncodes {
            DBLABUSED_SPAM_FULLURLS = "127.0.1.102";
            DBLABUSED_PHISH_FULLURLS = "127.0.1.104";
            DBLABUSED_MALWARE_FULLURLS = "127.0.1.105";
            DBLABUSED_BOTNET_FULLURLS = "127.0.1.106";
        }
    }
    spamhaus_zrd {
        # Add checks on the HELO string also for DQS
        rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
        helo = true;
        rdns = true;
        dkim = true;
        disable_monitoring = true;
        returncodes {
            RBL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
            RBL_ZRD_FRESH_DOMAIN = [
              "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
            ];
            RBL_ZRD_DONT_QUERY_IPS = "127.0.2.255";
        }
    }
    "SPAMHAUS_ZEN_URIBL" {
      enabled = true;
      rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
      resolve_ip = true;
      checks = ['urls'];
      replyto = true;
      emails = true;
      ipv4 = true;
      ipv6 = true;
      emails_domainonly = true;
      returncodes {
        URIBL_SBL = "127.0.0.2";
        URIBL_SBL_CSS = "127.0.0.3";
        URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
        URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
        URIBL_DROP = "127.0.0.9";
      }
    }
    SH_EMAIL_DBL {
      ignore_defaults = true;
      replyto = true;
      emails_domainonly = true;
      disable_monitoring = true;
      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
      returncodes = {
        SH_EMAIL_DBL = [
          "127.0.1.2",
          "127.0.1.4",
          "127.0.1.5",
          "127.0.1.6"
        ];
        SH_EMAIL_DBL_ABUSED = [
          "127.0.1.102",
          "127.0.1.104",
          "127.0.1.105",
          "127.0.1.106"
        ];
        SH_EMAIL_DBL_DONT_QUERY_IPS = [ "127.0.1.255" ];
      }
    }
    SH_EMAIL_ZRD {
      ignore_defaults = true;
      replyto = true;
      emails_domainonly = true;
      disable_monitoring = true;
      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
      returncodes = {
        SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
        SH_EMAIL_ZRD_FRESH_DOMAIN = [
          "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
        ];
        SH_EMAIL_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
      }
    }
    "DBL" {
        # override the defaults for DBL defined in modules.d/rbl.conf
        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
        disable_monitoring = true;
    }
    "ZRD" {
        ignore_defaults = true;
        rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
        no_ip = true;
        dkim = true;
        emails = true;
        emails_domainonly = true;
        urls = true;
        returncodes = {
            ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
            ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
        }
    }
    spamhaus_sbl_url {
        ignore_defaults = true
        rbl = "${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net";
        checks = ['urls'];
        disable_monitoring = true;
        returncodes {
            SPAMHAUS_SBL_URL = "127.0.0.2";
        }
    }
    SH_HBL_EMAIL {
      ignore_defaults = true;
      rbl = "_email.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net";
      emails_domainonly = false;
      selector = "from('smtp').lower;from('mime').lower";
      ignore_whitelist = true;
      checks = ['emails', 'replyto'];
      hash = "sha1";
      returncodes = {
        SH_HBL_EMAIL = [
          "127.0.3.2"
        ];
      }
    }
    spamhaus_dqs_hbl {
      symbol = "HBL_FILE_UNKNOWN";
      rbl = "_file.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net.";
      selector = "attachments('rbase32', 'sha256')";
      ignore_whitelist = true;
      ignore_defaults = true;
      returncodes {
        SH_HBL_FILE_MALICIOUS = "127.0.3.10";
        SH_HBL_FILE_SUSPICIOUS = "127.0.3.15";
      }
    }
 EOF
 else
    rm -rf /etc/rspamd/custom/dqs-rbl.conf
 fi
 chown -R _rspamd:_rspamd /var/lib/rspamd /etc/rspamd/
 exec "$@"
--- a/Stable/hooks/build
+++ b/Stable/hooks/build
@ -9,8 +9,9 @@ VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^
 IMAGE_NAME=docker-rspamd
 zip -r config
 docker build \
  --no-cache \
  --build-arg VERSION=${VERSION} \
  --build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" |  xargs git rev-parse --short) \
  --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
--- a/Stable/set_worker_password.sh
+++ b/Stable/set_worker_password.sh
@ -1,12 +0,0 @@
 #!/bin/bash
 password_file='/etc/rspamd/override.d/worker-controller-password.inc'
 password_hash=`/usr/bin/rspamadm pw -e -p $1`
 echo 'enable_password = "'$password_hash'";' > $password_file
 if grep -q "$password_hash" "$password_file"; then
    echo "OK"
 else
    echo "ERROR"
 fi
--- a/StableV2/Dockerfile
+++ b/StableV2/Dockerfile
@ -0,0 +1,75 @@
 FROM debian:stable-slim
 LABEL maintainer="gnilebein - <patrick@niebel.ing>"
 # Setup Labels
 ARG VERSION
 ARG COMMIT
 ARG BRANCH
 ARG DATE
 ARG DEBIAN_FRONTEND=noninteractive
 # Set apt non-interactive
 ENV DEBIAN_FRONTEND=noninteractive
 LABEL org.label-schema.name="Rspamd" \
 	org.label-schema.description="Rspamd Spam Filter - STABLE" \
 	org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/latest" \
 	org.label-schema.url="https://rspamd.com" \
 	org.label-schema.vendor="gnilebein" \
 	org.label-schema.schema-version="1.0" \
 	org.label-schema.version=$VERSION \
 	org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
 	org.label-schema.vcs-ref=$COMMIT \
 	org.label-schema.build-date=$DATE
 # Install Rspamd
 RUN set -x \
 	&& apt update \
 	&& apt --no-install-recommends install -y \
 	apt-transport-https \
 	dnsutils \
 	netcat-traditional \
 	lsb-release \
 	wget \
 	gnupg \
 	openssl \
 	ca-certificates \
 	nano \
 	less \
 	ca-certificates \
 	&& DEBIAN_CODE_NAME=`lsb_release -c -s` \
 	&& wget -O - https://rspamd.com/apt-stable/gpg.key | apt-key add - \
 	&& echo "deb http://rspamd.com/apt-stable/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
 	&& apt purge -y lsb-release wget gnupg \
 	&& apt update \
 	&& apt --no-install-recommends install -y rspamd \
 	&& apt autoremove --purge -y \
 	&& apt clean \
 	&& rm -rf /var/lib/apt/lists/* \
 	&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
 # Override default settings
 COPY rspamd.conf.local.override /etc/rspamd/
 COPY worker-controller.inc /etc/rspamd/override.d/
 COPY worker-proxy.inc /etc/rspamd/override.d/
 COPY set_worker_password.sh /set_worker_password.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 # # Keep database and configuration persistent
 VOLUME /etc/rspamd/local.d
 VOLUME /etc/rspamd/override.d
 VOLUME /etc/rspamd/custom
 VOLUME /var/lib/rspamd
 EXPOSE 11332 11333 11334
 # Healtcheck if Rspamd is returning stats
 HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
 	CMD /usr/bin/rspamadm control stat || exit 1
 # Run Rspamd
 ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
 STOPSIGNAL SIGTERM
 CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]
--- a/Experimental/docker-entrypoint.sh
+++ b/Experimental/docker-entrypoint.sh
--- a/StableV2/hooks/build
+++ b/StableV2/hooks/build
@ -0,0 +1,18 @@
 #!/bin/bash
 # hooks/build
 # https://docs.docker.com/docker-cloud/builds/advanced/
 # $IMAGE_NAME var is injected into the build so the tag is correct.
 echo "[***] Build hook running"
 VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
 IMAGE_NAME=docker-rspamd
 docker build \
  --no-cache \
  --build-arg VERSION=${VERSION} \
  --build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" |  xargs git rev-parse --short) \
  --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
  --build-arg DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
  -t ${IMAGE_NAME} .
--- a/StableV2/hooks/post_push
+++ b/StableV2/hooks/post_push
@ -0,0 +1,9 @@
 #!/bin/bash
 VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
 docker tag \
 	"${IMAGE_NAME}" \
 	"${DOCKER_REPO}:stable-${VERSION}"
 docker push \
 	"${DOCKER_REPO}:stable-${VERSION}"
--- a/StableV2/rspamd.conf.local.override
+++ b/StableV2/rspamd.conf.local.override
@ -0,0 +1,13 @@
 options {
    pidfile = false;
    .include "$CONFDIR/options.inc"
    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc"
    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc"
 }
 logging {
 	type = "console";
 	.include "$CONFDIR/logging.inc"
 	.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc"
 	.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
 }
--- a/Experimental/set_worker_password.sh
+++ b/Experimental/set_worker_password.sh
--- a/StableV2/worker-controller.inc
+++ b/StableV2/worker-controller.inc
@ -0,0 +1 @@
 bind_socket = "*:11334";
--- a/StableV2/worker-proxy.inc
+++ b/StableV2/worker-proxy.inc
@ -0,0 +1 @@
 bind_socket = *:11332;
Author	SHA1	Message	Date
Patrick Niebeling	74042dacd5	Fix Some checks failed Deploy Container Image to Registry / build-image (push) Failing after 35s Details Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>	2024-11-19 16:23:59 +01:00
Patrick Niebeling	5a323847e3	Upload Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>	2024-11-19 16:23:46 +01:00
Patrick Niebeling	27993d0a4b	Build All checks were successful Deploy Container Image to Registry / build-image (push) Successful in 35s Details Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>	2024-11-19 16:07:45 +01:00
Patrick Niebeling	6de14d2dc6	First Shos All checks were successful Deploy Container Image to Registry / build-image (push) Successful in 1m57s Details Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>	2024-11-19 15:57:35 +01:00