Schedule

Signed-off-by: Patrick Niebeling <patrick.niebeling@adacor.com>

.gitea/workflows/deploy copy.bak

@@ -0,0 +1,31 @@
+name: Deploy Container Image to Registry
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Build Image
+        run: |
+          echo "[***] Build hook running"
+          cd ${{ gitea.workspace }}/StableV2/
+          VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
+
+          docker build \
+          --build-arg VERSION=${VERSION} \
+          --build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" |  xargs git rev-parse --short) \
+          --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
+          --build-arg DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
+          -t ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }} -t ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }}:$VERSION .
+      - name: Push Image
+        run: |
+          echo '${{ vars.DOCKER_AUTH_CONFIG }}' > ~/.docker/config.json
+          cat ~/.docker/config.json
+          VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
+          docker push ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }}
+          docker push ${{ vars.DOCKER_REPO }}/gnilebein/${{ vars.IMAGE_NAME }}:${VERSION}

.gitea/workflows/deploy.yaml

@@ -1,13 +1,13 @@
 name: Deploy Container Image to Registry
 on:
   schedule:
-    - cron: 0 1 * * 1
+    - cron: 0,10,15 * * * *
   push:
     branches:
       - main
 
 jobs:
-  docker-build-stable:
+  docker:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -31,63 +31,19 @@ jobs:
         run: |
           echo VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1) | tee -a $GITHUB_OUTPUT
           echo IMAGE_CREATED=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | tee -a $GITHUB_OUTPUT
-          IMAGE_CREATED=${{ steps.meta.outputs.VERSION }}
-          IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
-
+      - run: pwd
+      - run: ls -lah
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
-          context: ./Stable
-          file: Stable/Dockerfile
-          platforms: linux/amd64
+          context: ./StableV2
+          file: StableV2/Dockerfile
           pull: false
           push: true
           no-cache: true
-          provenance: false
           build-args: |
             VERSION=${{ steps.meta.outputs.VERSION }}
             IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
           tags: |
             ${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}
-            ${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}:${{ steps.meta.outputs.VERSION }}
-
-  docker-build-experimental:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          registry: gitea.gnilebein.de
-          username: ${{ gitea.repository_owner }}
-          password: ${{ secrets.REG_GITEA_PASSWORD }}
-
-      - name: Get Meta
-        id: meta
-        run: |
-          echo VERSION=$(curl -s https://rspamd.com/apt/pool/main/r/rspamd/ | sed -n "s/^<a href=\"rspamd_\(.*\)\~git.*\~.*.dsc\".*/\1/p" | tail -1) | tee -a $GITHUB_OUTPUT
-          echo IMAGE_CREATED=$(date -u +"%Y-%m-%dT%H:%M:%SZ") | tee -a $GITHUB_OUTPUT
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          context: ./Experimental
-          file: Experimental/Dockerfile
-          platforms: linux/amd64
-          pull: false
-          push: true
-          no-cache: true
-          provenance: false
-          build-args: |
-            VERSION=${{ steps.meta.outputs.VERSION }}
-            IMAGE_CREATED=${{ steps.meta.outputs.IMAGE_CREATED }}
-          tags: |
-            ${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}:experimental
+            ${{ vars.DOCKER_REPO }}/${{ gitea.repository_owner }}/${{ vars.IMAGE_NAME }}:${{ steps.meta.outputs.VERSION }}

.gitignore

@@ -1,300 +0,0 @@
-# managed by devops-generator/ansible-role-generator
-### Ansible ###
-*.retry
-
-### Intellij+all ###
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# User-specific stuff
-.idea/**/workspace.xml
-.idea/**/tasks.xml
-.idea/**/usage.statistics.xml
-.idea/**/dictionaries
-.idea/**/shelf
-
-# Generated files
-.idea/**/contentModel.xml
-
-# Sensitive or high-churn files
-.idea/**/dataSources/
-.idea/**/dataSources.ids
-.idea/**/dataSources.local.xml
-.idea/**/sqlDataSources.xml
-.idea/**/dynamic.xml
-.idea/**/uiDesigner.xml
-.idea/**/dbnavigator.xml
-
-# Gradle
-.idea/**/gradle.xml
-.idea/**/libraries
-
-# Gradle and Maven with auto-import
-# When using Gradle or Maven with auto-import, you should exclude module files,
-# since they will be recreated, and may cause churn.  Uncomment if using
-# auto-import.
-# .idea/artifacts
-# .idea/compiler.xml
-# .idea/jarRepositories.xml
-# .idea/modules.xml
-# .idea/*.iml
-# .idea/modules
-# *.iml
-# *.ipr
-
-# CMake
-cmake-build-*/
-
-# Mongo Explorer plugin
-.idea/**/mongoSettings.xml
-
-# File-based project format
-*.iws
-
-# IntelliJ
-out/
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Cursive Clojure plugin
-.idea/replstate.xml
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-# Editor-based Rest Client
-.idea/httpRequests
-
-# Android studio 3.1+ serialized cache file
-.idea/caches/build_file_checksums.ser
-
-### Intellij+all Patch ###
-# Ignores the whole .idea folder and all .iml files
-# See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360
-
-.idea/
-
-# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
-
-*.iml
-modules.xml
-.idea/misc.xml
-*.ipr
-
-# Sonarlint plugin
-.idea/sonarlint
-
-### Linux ###
-*~
-
-# temporary files which can be created if a process still has a handle open of a deleted file
-.fuse_hidden*
-
-# KDE directory preferences
-.directory
-
-# Linux trash folder which might appear on any partition or disk
-.Trash-*
-
-# .nfs files are created when an open file is removed but is still being accessed
-.nfs*
-
-### Python ###
-# Byte-compiled / optimized / DLL files
-__pycache__/
-*.py[cod]
-*$py.class
-
-# C extensions
-*.so
-
-# Distribution / packaging
-.Python
-build/
-develop-eggs/
-dist/
-downloads/
-eggs/
-.eggs/
-lib/
-lib64/
-parts/
-sdist/
-var/
-wheels/
-pip-wheel-metadata/
-share/python-wheels/
-*.egg-info/
-.installed.cfg
-*.egg
-MANIFEST
-
-# PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
-*.manifest
-*.spec
-
-# Installer logs
-pip-log.txt
-pip-delete-this-directory.txt
-
-# Unit test / coverage reports
-htmlcov/
-.tox/
-.nox/
-.coverage
-.coverage.*
-.cache
-nosetests.xml
-coverage.xml
-*.cover
-*.py,cover
-.hypothesis/
-.pytest_cache/
-pytestdebug.log
-
-# Translations
-*.mo
-*.pot
-
-# Django stuff:
-*.log
-local_settings.py
-db.sqlite3
-db.sqlite3-journal
-
-# Flask stuff:
-instance/
-.webassets-cache
-
-# Scrapy stuff:
-.scrapy
-
-# Sphinx documentation
-docs/_build/
-doc/_build/
-
-# PyBuilder
-target/
-
-# Jupyter Notebook
-.ipynb_checkpoints
-
-# IPython
-profile_default/
-ipython_config.py
-
-# pyenv
-.python-version
-
-# pipenv
-#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
-#   However, in case of collaboration, if having platform-specific dependencies or dependencies
-#   having no cross-platform support, pipenv may install dependencies that don't work, or not
-#   install all needed dependencies.
-#Pipfile.lock
-
-# PEP 582; used by e.g. github.com/David-OConnor/pyflow
-__pypackages__/
-
-# Celery stuff
-celerybeat-schedule
-celerybeat.pid
-
-# SageMath parsed files
-*.sage.py
-
-# Environments
-.env
-.venv
-env/
-venv/
-ENV/
-env.bak/
-venv.bak/
-
-# Spyder project settings
-.spyderproject
-.spyproject
-
-# Rope project settings
-.ropeproject
-
-# mkdocs documentation
-/site
-
-# mypy
-.mypy_cache/
-.dmypy.json
-dmypy.json
-
-# Pyre type checker
-.pyre/
-
-# pytype static type analyzer
-.pytype/
-
-### Terraform ###
-# Local .terraform directories
-**/.terraform/*
-
-# .tfstate files
-*.tfstate
-*.tfstate.*
-state.json
-
-# terraform lock file
-.terraform.lock*
-
-# Crash log files
-crash.log
-
-# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
-# .tfvars files are managed as part of configuration and so should be included in
-# version control.
-#
-# example.tfvars
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-
-# Include override files you do wish to add to version control using negated pattern
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
-
-### Vim ###
-# Swap
-[._]*.s[a-v][a-z]
-!*.svg  # comment out if you don't need vector files
-[._]*.sw[a-p]
-[._]s[a-rt-v][a-z]
-[._]ss[a-gi-z]
-[._]sw[a-p]
-
-# Session
-Session.vim
-Sessionx.vim
-
-# Temporary
-.netrwhist
-# Auto-generated tag files
-tags
-# Persistent undo
-[._]*.un~
-
-# VS Code Settings
-.vscode

Experimental/Dockerfile

@@ -1,38 +1,13 @@
 FROM debian:stable-slim
-LABEL maintainer="gnilebein - <patrick@niebel.ing>"
-
-# Setup Labels
-ARG VERSION
-ARG IMAGE_CREATED
+LABEL maintainer="gnilebein - <docker@gnilebein.nl>"
 
 # Set apt non-interactive
-ENV DEBIAN_FRONTEND=noninteractive
-
-LABEL org.label-schema.name="Rspamd" \
-	org.label-schema.description="Rspamd Spam Filter - EXPERIMENTAL" \
-	org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/experimental" \
-	org.label-schema.url="https://rspamd.com" \
-	org.label-schema.vendor="gnilebein" \
-	org.label-schema.schema-version="1.0" \
-	org.label-schema.version=$VERSION \
-	org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
-	org.label-schema.build-date=$IMAGE_CREATED
+ENV DEBIAN_FRONTEND noninteractive
 
 # Install Rspamd
 RUN set -x \
 	&& apt update \
-	&& apt --no-install-recommends install -y \
-	apt-transport-https \
-	dnsutils \
-	netcat-traditional \
-	lsb-release \
-	wget \
-	gnupg \
-	openssl \
-	ca-certificates \
-	nano \
-	less \
-	ca-certificates \
+	&& apt --no-install-recommends install -y lsb-release wget gnupg openssl ca-certificates \
 	&& DEBIAN_CODE_NAME=`lsb_release -c -s` \
 	&& wget -O - https://rspamd.com/apt/gpg.key | apt-key add - \
 	&& echo "deb http://rspamd.com/apt/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
@@ -41,31 +16,42 @@ RUN set -x \
 	&& apt --no-install-recommends install -y rspamd \
 	&& apt autoremove --purge -y \
 	&& apt clean \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
+	&& rm -rf /var/lib/apt/lists/*
 
 # Override default settings
 COPY rspamd.conf.local.override /etc/rspamd/
 COPY worker-controller.inc /etc/rspamd/override.d/
 COPY worker-proxy.inc /etc/rspamd/override.d/
-COPY set_worker_password.sh /set_worker_password.sh
-COPY docker-entrypoint.sh /docker-entrypoint.sh
 
-# # Keep database and configuration persistent
+# Keep database and configuration persistent
 VOLUME /etc/rspamd/local.d
-VOLUME /etc/rspamd/override.d
-VOLUME /etc/rspamd/custom
 VOLUME /var/lib/rspamd
 
-EXPOSE 11332 11333 11334
+# Port 11334 is for web frontend
+# Port 11332 is for milter
+# Port 11333 is for worker
+EXPOSE 11332 11334
 
 # Healtcheck if Rspamd is returning stats
 HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
 	CMD /usr/bin/rspamadm control stat || exit 1
 
 # Run Rspamd
-ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/rspamd","-f","-u","_rspamd","-g","_rspamd"]
 
-STOPSIGNAL SIGTERM
+# Setup Labels
+ARG VERSION
+ARG COMMIT
+ARG BRANCH
+ARG DATE
 
-CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]
+LABEL org.label-schema.name="Rspamd" \
+	org.label-schema.description="Rspamd Spam Filter - EXPERIMENTAL" \
+	org.label-schema.usage="https://hub.docker.com/r/gnilebein/rspamd/" \
+	org.label-schema.url="https://rspamd.com" \
+	org.label-schema.vendor="gnilebein" \
+	org.label-schema.schema-version="1.0" \
+  org.label-schema.version=$VERSION \
+  org.label-schema.vcs-url="https://github.com/rspamd/rspamd/" \
+  org.label-schema.vcs-ref=$COMMIT \
+  org.label-schema.build-date=$DATE \

README.md

@@ -34,4 +34,4 @@ This allows configuration of the _Webinterface_, _DKIM_ and _Redis_. The tool wr
 
 ### Support ###
 This Docker image is for personal use but let me know if there are any improvements available.
-Please use [Github](https://gitea.gnilebein.de/gnilebein/Docker-rspamd) to send me a message
+Please use [Github](https://github.com/gnilebein/Docker-Rspamd) to send me a message

Stable/Dockerfile

@@ -1,38 +1,13 @@
 FROM debian:stable-slim
-LABEL maintainer="gnilebein - <patrick@niebel.ing>"
-
-# Setup Labels
-ARG VERSION
-ARG IMAGE_CREATED
+LABEL maintainer="gnilebein - <docker@gnilebein.nl>"
 
 # Set apt non-interactive
-ENV DEBIAN_FRONTEND=noninteractive
-
-LABEL org.label-schema.name="Rspamd" \
-	org.label-schema.description="Rspamd Spam Filter - STABLE" \
-	org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/latest" \
-	org.label-schema.url="https://rspamd.com" \
-	org.label-schema.vendor="gnilebein" \
-	org.label-schema.schema-version="1.0" \
-	org.label-schema.version=$VERSION \
-	org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
-	org.label-schema.build-date=$IMAGE_CREATED
+ENV DEBIAN_FRONTEND noninteractive
 
 # Install Rspamd
 RUN set -x \
 	&& apt update \
-	&& apt --no-install-recommends install -y \
-	apt-transport-https \
-	dnsutils \
-	netcat-traditional \
-	lsb-release \
-	wget \
-	gnupg \
-	openssl \
-	ca-certificates \
-	nano \
-	less \
-	ca-certificates \
+	&& apt --no-install-recommends install -y lsb-release wget gnupg openssl ca-certificates \
 	&& DEBIAN_CODE_NAME=`lsb_release -c -s` \
 	&& wget -O - https://rspamd.com/apt-stable/gpg.key | apt-key add - \
 	&& echo "deb http://rspamd.com/apt-stable/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
@@ -41,31 +16,42 @@ RUN set -x \
 	&& apt --no-install-recommends install -y rspamd \
 	&& apt autoremove --purge -y \
 	&& apt clean \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
+	&& rm -rf /var/lib/apt/lists/*
 
 # Override default settings
 COPY rspamd.conf.local.override /etc/rspamd/
 COPY worker-controller.inc /etc/rspamd/override.d/
 COPY worker-proxy.inc /etc/rspamd/override.d/
-COPY set_worker_password.sh /set_worker_password.sh
-COPY docker-entrypoint.sh /docker-entrypoint.sh
 
-# # Keep database and configuration persistent
+# Keep database and configuration persistent
 VOLUME /etc/rspamd/local.d
-VOLUME /etc/rspamd/override.d
-VOLUME /etc/rspamd/custom
 VOLUME /var/lib/rspamd
 
-EXPOSE 11332 11333 11334
+# Port 11334 is for web frontend
+# Port 11332 is for milter
+# Port 11333 is for worker
+EXPOSE 11332 11334
 
 # Healtcheck if Rspamd is returning stats
 HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
 	CMD /usr/bin/rspamadm control stat || exit 1
 
 # Run Rspamd
-ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/rspamd","-f","-u","_rspamd","-g","_rspamd"]
 
-STOPSIGNAL SIGTERM
+# Setup Labels
+ARG VERSION
+ARG COMMIT
+ARG BRANCH
+ARG DATE
 
-CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]
+LABEL org.label-schema.name="Rspamd" \
+	org.label-schema.description="Rspamd Spam Filter - STABLE" \
+	org.label-schema.usage="https://hub.docker.com/r/gnilebein/rspamd/" \
+	org.label-schema.url="https://rspamd.com" \
+	org.label-schema.vendor="gnilebein" \
+	org.label-schema.schema-version="1.0" \
+  org.label-schema.version=$VERSION \
+  org.label-schema.vcs-url="https://github.com/rspamd/rspamd/" \
+  org.label-schema.vcs-ref=$COMMIT \
+  org.label-schema.build-date=$DATE \

Stable/docker-entrypoint.sh

@@ -1,197 +0,0 @@
-#!/bin/bash
-
-chmod 755 /var/lib/rspamd
-
-[[ ! -f /etc/rspamd/override.d/worker-controller-password.inc ]] && echo '# Autogenerated' >/etc/rspamd/override.d/worker-controller-password.inc
-
-mkdir -p /etc/rspamd/custom
-
-# If DQS KEY is set in mailcow.conf add Spamhaus DQS RBLs
-if [[ ! -z ${SPAMHAUS_DQS_KEY} ]]; then
-    cat <<EOF >/etc/rspamd/custom/dqs-rbl.conf
-  # Autogenerated by mailcow. DO NOT TOUCH!
-    spamhaus {
-        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
-        from = false;
-    }
-    spamhaus_from {
-        from = true;
-        received = false;
-        rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
-        returncodes {
-          SPAMHAUS_ZEN = [ "127.0.0.2", "127.0.0.3", "127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7", "127.0.0.9", "127.0.0.10", "127.0.0.11" ];
-        }
-    }
-    spamhaus_authbl_received {
-        # Check if the sender client is listed in AuthBL (AuthBL is *not* part of ZEN)
-        rbl = "${SPAMHAUS_DQS_KEY}.authbl.dq.spamhaus.net";
-        from = false;
-        received = true;
-        ipv6 = true;
-        returncodes {
-          SH_AUTHBL_RECEIVED = "127.0.0.20"
-        }
-    }
-    spamhaus_dbl {
-        # Add checks on the HELO string
-        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
-        helo = true;
-        rdns = true;
-        dkim = true;
-        disable_monitoring = true;
-        returncodes {
-            RBL_DBL_SPAM = "127.0.1.2";
-            RBL_DBL_PHISH = "127.0.1.4";
-            RBL_DBL_MALWARE = "127.0.1.5";
-            RBL_DBL_BOTNET = "127.0.1.6";
-            RBL_DBL_ABUSED_SPAM = "127.0.1.102";
-            RBL_DBL_ABUSED_PHISH = "127.0.1.104";
-            RBL_DBL_ABUSED_MALWARE = "127.0.1.105";
-            RBL_DBL_ABUSED_BOTNET = "127.0.1.106";
-            RBL_DBL_DONT_QUERY_IPS = "127.0.1.255";
-        }
-    }
-    spamhaus_dbl_fullurls {
-        ignore_defaults = true;
-        no_ip = true;
-        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
-        selector = 'urls:get_host'
-        disable_monitoring = true;
-        returncodes {
-            DBLABUSED_SPAM_FULLURLS = "127.0.1.102";
-            DBLABUSED_PHISH_FULLURLS = "127.0.1.104";
-            DBLABUSED_MALWARE_FULLURLS = "127.0.1.105";
-            DBLABUSED_BOTNET_FULLURLS = "127.0.1.106";
-        }
-    }
-    spamhaus_zrd {
-        # Add checks on the HELO string also for DQS
-        rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
-        helo = true;
-        rdns = true;
-        dkim = true;
-        disable_monitoring = true;
-        returncodes {
-            RBL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
-            RBL_ZRD_FRESH_DOMAIN = [
-              "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
-            ];
-            RBL_ZRD_DONT_QUERY_IPS = "127.0.2.255";
-        }
-    }
-    "SPAMHAUS_ZEN_URIBL" {
-      enabled = true;
-      rbl = "${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net";
-      resolve_ip = true;
-      checks = ['urls'];
-      replyto = true;
-      emails = true;
-      ipv4 = true;
-      ipv6 = true;
-      emails_domainonly = true;
-      returncodes {
-        URIBL_SBL = "127.0.0.2";
-        URIBL_SBL_CSS = "127.0.0.3";
-        URIBL_XBL = ["127.0.0.4", "127.0.0.5", "127.0.0.6", "127.0.0.7"];
-        URIBL_PBL = ["127.0.0.10", "127.0.0.11"];
-        URIBL_DROP = "127.0.0.9";
-      }
-    }
-    SH_EMAIL_DBL {
-      ignore_defaults = true;
-      replyto = true;
-      emails_domainonly = true;
-      disable_monitoring = true;
-      rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
-      returncodes = {
-        SH_EMAIL_DBL = [
-          "127.0.1.2",
-          "127.0.1.4",
-          "127.0.1.5",
-          "127.0.1.6"
-        ];
-        SH_EMAIL_DBL_ABUSED = [
-          "127.0.1.102",
-          "127.0.1.104",
-          "127.0.1.105",
-          "127.0.1.106"
-        ];
-        SH_EMAIL_DBL_DONT_QUERY_IPS = [ "127.0.1.255" ];
-      }
-    }
-    SH_EMAIL_ZRD {
-      ignore_defaults = true;
-      replyto = true;
-      emails_domainonly = true;
-      disable_monitoring = true;
-      rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
-      returncodes = {
-        SH_EMAIL_ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
-        SH_EMAIL_ZRD_FRESH_DOMAIN = [
-          "127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"
-        ];
-        SH_EMAIL_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
-      }
-    }
-    "DBL" {
-        # override the defaults for DBL defined in modules.d/rbl.conf
-        rbl = "${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net";
-        disable_monitoring = true;
-    }
-    "ZRD" {
-        ignore_defaults = true;
-        rbl = "${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net";
-        no_ip = true;
-        dkim = true;
-        emails = true;
-        emails_domainonly = true;
-        urls = true;
-        returncodes = {
-            ZRD_VERY_FRESH_DOMAIN = ["127.0.2.2", "127.0.2.3", "127.0.2.4"];
-            ZRD_FRESH_DOMAIN = ["127.0.2.5", "127.0.2.6", "127.0.2.7", "127.0.2.8", "127.0.2.9", "127.0.2.10", "127.0.2.11", "127.0.2.12", "127.0.2.13", "127.0.2.14", "127.0.2.15", "127.0.2.16", "127.0.2.17", "127.0.2.18", "127.0.2.19", "127.0.2.20", "127.0.2.21", "127.0.2.22", "127.0.2.23", "127.0.2.24"];
-        }
-    }
-    spamhaus_sbl_url {
-        ignore_defaults = true
-        rbl = "${SPAMHAUS_DQS_KEY}.sbl.dq.spamhaus.net";
-        checks = ['urls'];
-        disable_monitoring = true;
-        returncodes {
-            SPAMHAUS_SBL_URL = "127.0.0.2";
-        }
-    }
-
-    SH_HBL_EMAIL {
-      ignore_defaults = true;
-      rbl = "_email.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net";
-      emails_domainonly = false;
-      selector = "from('smtp').lower;from('mime').lower";
-      ignore_whitelist = true;
-      checks = ['emails', 'replyto'];
-      hash = "sha1";
-      returncodes = {
-        SH_HBL_EMAIL = [
-          "127.0.3.2"
-        ];
-      }
-    }
-
-    spamhaus_dqs_hbl {
-      symbol = "HBL_FILE_UNKNOWN";
-      rbl = "_file.${SPAMHAUS_DQS_KEY}.hbl.dq.spamhaus.net.";
-      selector = "attachments('rbase32', 'sha256')";
-      ignore_whitelist = true;
-      ignore_defaults = true;
-      returncodes {
-        SH_HBL_FILE_MALICIOUS = "127.0.3.10";
-        SH_HBL_FILE_SUSPICIOUS = "127.0.3.15";
-      }
-    }
-EOF
-else
-    rm -rf /etc/rspamd/custom/dqs-rbl.conf
-fi
-
-chown -R _rspamd:_rspamd /var/lib/rspamd /etc/rspamd/
-
-exec "$@"

Stable/hooks/build

@@ -9,8 +9,9 @@ VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^
 
 IMAGE_NAME=docker-rspamd
 
+zip -r config
+
 docker build \
-  --no-cache \
   --build-arg VERSION=${VERSION} \
   --build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" |  xargs git rev-parse --short) \
   --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \

Stable/set_worker_password.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-password_file='/etc/rspamd/override.d/worker-controller-password.inc'
-password_hash=`/usr/bin/rspamadm pw -e -p $1`
-
-echo 'enable_password = "'$password_hash'";' > $password_file
-
-if grep -q "$password_hash" "$password_file"; then
-    echo "OK"
-else
-    echo "ERROR"
-fi

StableV2/Dockerfile

@@ -0,0 +1,75 @@
+FROM debian:stable-slim
+LABEL maintainer="gnilebein - <patrick@niebel.ing>"
+
+# Setup Labels
+ARG VERSION
+ARG COMMIT
+ARG BRANCH
+ARG DATE
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Set apt non-interactive
+ENV DEBIAN_FRONTEND=noninteractive
+
+LABEL org.label-schema.name="Rspamd" \
+	org.label-schema.description="Rspamd Spam Filter - STABLE" \
+	org.label-schema.usage="https://gitea.gnilebein.de/gnilebein/-/packages/container/docker-rspamd/latest" \
+	org.label-schema.url="https://rspamd.com" \
+	org.label-schema.vendor="gnilebein" \
+	org.label-schema.schema-version="1.0" \
+	org.label-schema.version=$VERSION \
+	org.label-schema.vcs-url="https://gitea.gnilebein.de/gnilebein/Docker-rspamd" \
+	org.label-schema.vcs-ref=$COMMIT \
+	org.label-schema.build-date=$DATE
+
+# Install Rspamd
+RUN set -x \
+	&& apt update \
+	&& apt --no-install-recommends install -y \
+	apt-transport-https \
+	dnsutils \
+	netcat-traditional \
+	lsb-release \
+	wget \
+	gnupg \
+	openssl \
+	ca-certificates \
+	nano \
+	less \
+	ca-certificates \
+	&& DEBIAN_CODE_NAME=`lsb_release -c -s` \
+	&& wget -O - https://rspamd.com/apt-stable/gpg.key | apt-key add - \
+	&& echo "deb http://rspamd.com/apt-stable/ $DEBIAN_CODE_NAME main" > /etc/apt/sources.list.d/rspamd.list \
+	&& apt purge -y lsb-release wget gnupg \
+	&& apt update \
+	&& apt --no-install-recommends install -y rspamd \
+	&& apt autoremove --purge -y \
+	&& apt clean \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& echo 'alias ll="ls -la --color"' >> ~/.bashrc
+
+# Override default settings
+COPY rspamd.conf.local.override /etc/rspamd/
+COPY worker-controller.inc /etc/rspamd/override.d/
+COPY worker-proxy.inc /etc/rspamd/override.d/
+COPY set_worker_password.sh /set_worker_password.sh
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+
+# # Keep database and configuration persistent
+VOLUME /etc/rspamd/local.d
+VOLUME /etc/rspamd/override.d
+VOLUME /etc/rspamd/custom
+VOLUME /var/lib/rspamd
+
+EXPOSE 11332 11333 11334
+
+# Healtcheck if Rspamd is returning stats
+HEALTHCHECK --interval=1m --timeout=5s --start-period=10s \
+	CMD /usr/bin/rspamadm control stat || exit 1
+
+# Run Rspamd
+ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
+
+STOPSIGNAL SIGTERM
+
+CMD ["/usr/bin/rspamd", "-f", "-u", "_rspamd", "-g", "_rspamd"]

StableV2/hooks/build

@@ -0,0 +1,18 @@
+#!/bin/bash
+# hooks/build
+# https://docs.docker.com/docker-cloud/builds/advanced/
+
+# $IMAGE_NAME var is injected into the build so the tag is correct.
+echo "[***] Build hook running"
+
+VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
+
+IMAGE_NAME=docker-rspamd
+
+docker build \
+  --no-cache \
+  --build-arg VERSION=${VERSION} \
+  --build-arg COMMIT=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^\([[:xdigit:]]\{40\}\)[[:blank:]]refs\/tags\/${VERSION}^{}$/\1/p" |  xargs git rev-parse --short) \
+  --build-arg BRANCH=$(git rev-parse --abbrev-ref HEAD) \
+  --build-arg DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \
+  -t ${IMAGE_NAME} .

StableV2/hooks/post_push

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+VERSION=$(git ls-remote --tags -q https://github.com/rspamd/rspamd | sed -n "s/^[[:xdigit:]]\{40\}[[:blank:]]refs\/tags\/\([0-9]\{1\}\.[0-9]\{1,2\}\($\|\.[0-9]\{1,2\}$\)\)/\1/p" | sort --version-sort | tail -1)
+
+docker tag \
+	"${IMAGE_NAME}" \
+	"${DOCKER_REPO}:stable-${VERSION}"
+docker push \
+	"${DOCKER_REPO}:stable-${VERSION}"

StableV2/rspamd.conf.local.override

@@ -0,0 +1,13 @@
+options {
+    pidfile = false;
+    .include "$CONFDIR/options.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/options.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/options.inc"
+}
+
+logging {
+	type = "console";
+	.include "$CONFDIR/logging.inc"
+	.include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/logging.inc"
+	.include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/logging.inc"
+}

StableV2/worker-controller.inc

@@ -0,0 +1 @@
+bind_socket = "*:11334";

StableV2/worker-proxy.inc

@@ -0,0 +1 @@
+bind_socket = *:11332;