testing/rmilter: new aport

Rspamd milter (mail filter for postfix, sendmail etc.)
https://rspamd.com

7 files changed, 449 insertions, 0 deletions

diff --git a/testing/rmilter/APKBUILD b/testing/rmilter/APKBUILD
new file mode 100644
index 00000000000..0ec9f34d083
--- /dev/null
+++ b/testing/rmilter/APKBUILD
@@ -0,0 +1,71 @@
+# Maintainer: Valery Kartel <valery.kartel@gmail.com>
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+pkgname=rmilter
+pkgver=1.7.1
+pkgrel=0
+pkgdesc="Rspamd mail filter"
+url="https://rspamd.com"
+arch="all"
+license="BSD"
+pkgusers="rmilter"
+pkggroups="rmilter"
+depends=""
+depends_dev=""
+makedepends="$depends_dev cmake bison flex bsd-compat-headers openssl-dev pcre-dev libmilter-dev opendkim-dev hiredis-dev"
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc"
+source="$pkgname-$pkgver.tar.gz::https://github.com/vstakhov/$pkgname/archive/$pkgver.tar.gz
+	$pkgname.conf
+	$pkgname.confd
+	$pkgname.initd
+	config_dir.patch
+	system_hiredis.patch
+"
+
+_builddir="$srcdir"/$pkgname-$pkgver
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
+build() {
+	cd "$_builddir"
+	cmake CMakeLists.txt \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DRMILTER_USER=$pkgusers \
+		-DRMILTER_GROUP=$pkggroups \
+	|| return 1
+	make || return 1
+}
+
+package() {
+	cd "$_builddir"
+	make DESTDIR="$pkgdir" install || return 1
+	install -d "$pkgdir"/etc/mail/dkim
+	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -Dm644 "$srcdir"/$pkgname.conf "$pkgdir"/etc/$pkgname/$pkgname.conf
+}
+
+md5sums="ae12e22bf01f29cdc4ff97d778b0896c  rmilter-1.7.1.tar.gz
+74b3a71b9e14d548f9bbade386cdacae  rmilter.conf
+e159e4461b765b487f72c05b3d504a9c  rmilter.confd
+a3fa9ba78d3392716d04f27e40e40ac8  rmilter.initd
+9fe7aea93e81b7e36020f186c5b9288d  config_dir.patch
+388470c71ad9d98088e2338a7b7066b7  system_hiredis.patch"
+sha256sums="4b239acba55e80620c3906ec11bc086eaa814122117b5afeeb16712279f3e13e  rmilter-1.7.1.tar.gz
+65f602b802766ff71807ca5537c2c17b400e0dfd915223ddeb306db074162019  rmilter.conf
+fad2d6baea215c3b31750e8128efe557a27024974eca2ff359b8fa921acb9076  rmilter.confd
+ce592d80851b0a52138bfa97f70c3e98a21555daa9e8a9f3966b7cafca1acc3c  rmilter.initd
+863d36c15386e8927775fd368fdba4b234bbab83bfbd6a156f328b356880a91b  config_dir.patch
+49d964572ba4660bf4a9893eca5ed90b20a64ed02258d99e43687aeed6222852  system_hiredis.patch"
+sha512sums="e8aa4b5fd8e8c474cec047b174d45eae1bb552845fd378a52c863b0f2f8c36009cde9ab6e002b4ffb0947d058e66c5c2e460776223f0d3eeb64cbbdaaa914d51  rmilter-1.7.1.tar.gz
+4b577dbe63277dd932be74fad78989366056e3d0b7945af17906da17f685b19d0c58078398277ece4cff6304af8e20f45e61d196c86f933c7c5857efdecbdd81  rmilter.conf
+d222bcf307e89f110efed524c2d708d3512d4400235091de0250d1f60358f65871667112bdad61bbcd948a9abdb8a46d8c3952cf78585cfb59fcf94f15849062  rmilter.confd
+2ec3eb3fece210867001cf3a799336c77dfec7dd770442852a14b337205893aaefe24999ca5c0d92706bf8e9f1c8a192282e5c48b7bde2e591b03f721560e6e3  rmilter.initd
+cd6cd168e0d0d14d62a74e59be7eebff4951f14f017e1b5e688aff78f5f119729c067074e9d12518fe8b4699aaa4c6a78de8c19226b91316844c636ab667fc8e  config_dir.patch
+536d35c2a8797f375f8dc77eb86c2012712ba7a4861f33513c795ef1d902f5db83383a0033e486bac02a5631e012aff96b600216119ab71ffce510a17880c554  system_hiredis.patch"
diff --git a/testing/rmilter/config_dir.patch b/testing/rmilter/config_dir.patch
new file mode 100644
index 00000000000..479cd327cec
--- /dev/null
+++ b/testing/rmilter/config_dir.patch
@@ -0,0 +1,26 @@
+--- old/include/cfg_file.h
++++ new/include/cfg_file.h
+@@ -43,6 +43,12 @@
+ #include <dkim.h>
+ #endif
+ 
++#ifndef RMILTER_CONFDIR
++#define RMILTER_CONFDIR "/etc/rmilter"
++#endif
++
++#define FIXED_CONFIG_FILE RMILTER_CONFDIR "/rmilter.conf"
++
+ #define COND_CONNECT_FLAG 0x1
+ #define COND_HELO_FLAG 0x2
+ #define COND_ENVFROM_FLAG 0x4
+--- old/src/main.c
++++ new/src/main.c
+@@ -208,7 +208,7 @@
+ 	init_defaults (cfg);
+ 
+ 	if (cfg_file == NULL) {
+-		cfg_file = strdup ("/usr/local/etc/rmilter.conf");
++		cfg_file = strdup (FIXED_CONFIG_FILE);
+ 	}
+ 
+ 	f = fopen (cfg_file, "r");
diff --git a/testing/rmilter/rmilter.conf b/testing/rmilter/rmilter.conf
new file mode 100644
index 00000000000..6250474ef38
--- /dev/null
+++ b/testing/rmilter/rmilter.conf
@@ -0,0 +1,265 @@
+# .include - directive to include other config file
+#.include ./rmilter-grey.conf
+
+# pidfile - path to pid file
+# Default: pidfile = /run/rmilter/rmilter.pid
+
+pidfile = /run/rmilter/rmilter.pid;
+
+# bind_socket - socket credits for local bind:
+# unix:/path/to/file - bind to local socket
+# inet:port@host - bind to inet socket
+# Default: bind_socket = unix:/var/rmilter/rmilter.sock;
+
+bind_socket = unix:/run/rmilter/rmilter.sock;
+
+# tempdir - path to directory that contains temporary files
+# Default: $TMPDIR
+
+tempdir = /tmp;
+
+# tempfiles_mode - set permission for temp files
+# Default: 00600
+
+tempfiles_mode = 00600;
+
+# max_size - maximum size of scanned mail with clamav and dcc
+# Default: 0 (no limit)
+
+max_size = 10M;
+
+# strict_auth - strict checks for mails from authenticated senders
+# Default: no
+
+strict_auth = no;
+
+# spf_domains - path to file that contains hash of spf domains
+# Default: empty
+
+#spf_domains = example.com;
+
+# use_dcc - whether use or not dcc system
+# Default: no
+
+use_dcc = no;
+
+use_redis = yes;
+
+# .include - directive to include other config file
+#.include ./rmilter-grey.conf
+
+clamav {
+	# servers - clamav socket definitions in format:
+	# /path/to/file
+	# host[:port]
+	# sockets are separated by ','
+	# Default: empty
+	#servers = /run/clamav/clamd.sock;
+	# connect_timeout - timeout in miliseconds for connecting to clamav
+	# Default: 1s
+	connect_timeout = 1s;
+
+	# port_timeout - timeout in miliseconds for waiting for clamav port response
+	# Default: 4s
+	port_timeout = 4s;
+
+	# results_timeout - timeout in miliseconds for waiting for clamav response
+	# Default: 20s
+	results_timeout = 20s;
+
+	# error_time - time in seconds during which we are counting errors
+	# Default: 10
+	error_time = 10;
+
+	# dead_time - time in seconds during which we are thinking that server is down
+	# Default: 300
+	dead_time = 300;
+
+	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
+	# this upstream is dead
+	# Default: 10
+	maxerrors = 10;
+};
+
+spamd {
+	# servers - spamd socket definitions in format:
+	# /path/to/file
+	# host[:port]
+	# sockets are separated by ','
+	# is server name is prefixed with r: it is rspamd server
+	# Default: empty
+	servers = r:localhost:11333;
+
+	# also_check - extra spamd servers to check
+	#also_check = r:spam.example.com;
+
+	# diff_dir - path where to write messages that have different results from main and extra checks
+	#diff_dir = /var/run/rmilter/diffmsg;
+
+	# connect_timeout - timeout in milliseconds for connecting to spamd
+	# Default: 1s
+	connect_timeout = 1s;
+
+	# results_timeout - timeout in milliseconds for waiting for spamd response
+	# Default: 20s
+	results_timeout = 20s;
+
+	# error_time - time in seconds during which we are counting errors
+	# Default: 10
+	error_time = 10;
+
+	# dead_time - time in seconds during which we are thinking that server is down
+	# Default: 300
+	dead_time = 300;
+
+	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
+	# this upstream is dead
+	# Default: 10
+	maxerrors = 10;
+
+	# reject_message - reject message for spam
+	# Default: "Spam message rejected; If this is not spam contact abuse"
+	reject_message = "Spam message rejected; If this is not spam contact abuse";
+
+	# whitelist - list of ips or nets that should be not checked with spamd
+	# Default: empty
+	whitelist = 127.0.0.1/32, 192.168.0.0/16, [::1]/128;
+
+	# rspamd_metric - metric for using with rspamd
+	# Default: "default"
+	rspamd_metric = "default";
+};
+
+redis {
+	# servers_grey - redis servers for greylisting in format:
+	# host[:port][, host[:port]]
+	servers_grey = localhost;
+
+	# servers_white - redis servers for whitelisting in format similar to that is used
+	# in servers_grey
+	# servers_white = redis.example.com:6379;
+
+	# servers_limits - redis servers used for limits storing, can not be mirrored
+	servers_limits = localhost;
+
+	# servers_id - redis servers used for message id storing, can not be mirrored
+	servers_id = localhost;
+
+	# id_prefix - prefix for extracting message ids from redis
+	# Default: empty (no prefix is prepended to key)
+	id_prefix = "message_id.";
+
+	# grey_prefix - prefix for extracting greylisted records from redis
+	# Default: empty (no prefix is prepended to key)
+	grey_prefix = "grey.";
+
+	# id_prefix - prefix for extracting whitelisted records from redis
+	# Default: empty (no prefix is prepended to key)
+	white_prefix = "white.";
+
+	# connect_timeout - timeout in miliseconds for waiting for redis
+	# Default: 1s
+	connect_timeout = 1s;
+
+	# error_time - time in seconds during which we are counting errors
+	# Default: 10
+	error_time = 10;
+
+	# dead_time - time in seconds during which we are thinking that server is down
+	# Default: 300
+	dead_time = 300;
+
+	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
+	# this upstream is dead
+	# Default: 10
+	maxerrors = 10;
+};
+
+# rule definition:
+# rule {
+#	accept|discard|reject|tempfail|quarantine "[message]"; <- action definition
+#	[not] connect <regexp> <regexp>; <- conditions
+#	helo <regexp>;
+#	envfrom <regexp>;
+#	envrcpt <regexp>;
+#	header <regexp> <regexp>;
+#	body <regexp>;
+# };
+
+# limits section
+limits {
+	# Whitelisted ip or networks
+	#limit_whitelist = 194.67.45.4/32;
+	# Whitelisted recipients
+	limit_whitelist_rcpt =  postmaster, mailer-daemon;
+	# Addrs for bounce checks
+	limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon;
+	# Limit for bounce mail
+	limit_bounce_to = 5:0.000277778;
+	# Limit for bounce mail per one source ip
+	limit_bounce_to_ip = 5:0.000277778;
+	# Limit for all mail per recipient
+	limit_to = 20:0.016666667;
+	# Limit for all mail per one source ip
+	limit_to_ip = 30:0.025;
+	# Limit for all mail per one source ip and from address
+	limit_to_ip_from = 100:0.033333333;
+};
+
+beanstalk {
+	# List of beanstalk servers, random selected
+	#servers = bot01.example.com:3132;
+
+	# Address of server to which rmilter should send all messages copies
+	#copy_server = somehost:13333;
+
+	# Address of server to which rmilter should send spam messages copies
+	#spam_server = otherhost:13333;
+	
+	# Time to live for task in seconds
+	lifetime = 172800;
+	# Regexp that define for which messages we should put the whole message to beanstalk
+	# now only In-Reply-To headers are checked
+	id_regexp = "/^SomeID.*$/";
+	# Flags for sending beanstalk copies
+	send_beanstalk_headers = yes;
+	send_beanstalk_copy = yes;
+	send_beanstalk_spam = yes;
+};
+
+greylisting {
+	timeout = 300s;
+	expire = 3d;
+	whitelist = 127.0.0.1, 192.168.1.1, 192.168.2.0/24;
+	awl_enable = yes;
+	awl_pool = 10M;
+	awl_hits = 10;
+	awl_ttl = 3600s;
+};
+
+dkim {
+	# Sample for dkim specific keys
+	# domain {
+	#   key = /etc/mail/dkim/dkim_example.key;
+	#   domain = "example.com";
+	#	selector = "dkim";
+	# };
+	# domain {
+	#   key = /etc/mail/dkim/dkim_test.key;
+	#   domain = "test.com";
+	#	selector = "dkim";
+	# };
+	# Universal selector, keys will be checked for pattern /etc/mail/dkim/<domain>.<selector>.key
+    domain {
+		key = /etc/mail/dkim;
+		domain = "*";
+		selector = "dkim";
+	};
+    header_canon = relaxed;
+    body_canon = relaxed;
+    sign_alg = sha256;
+};
+
+# Order of checks at EOM:
+#
+# SPF -> DCC -> CLAMAV
diff --git a/testing/rmilter/rmilter.confd b/testing/rmilter/rmilter.confd
new file mode 100644
index 00000000000..d18a6fed820
--- /dev/null
+++ b/testing/rmilter/rmilter.confd
@@ -0,0 +1,8 @@
+# User to run rmilter
+#user=rmilter
+
+# Group to run rmilter
+#group=rmilter
+
+# Main rmilter config file
+#cfgfile=/etc/rmilter/rmilter.conf
diff --git a/testing/rmilter/rmilter.initd b/testing/rmilter/rmilter.initd
new file mode 100644
index 00000000000..10ea136d36f
--- /dev/null
+++ b/testing/rmilter/rmilter.initd
@@ -0,0 +1,45 @@
+#!/sbin/openrc-run
+
+description="Rapid spam defence mail filter"
+user=${user:-rmilter}
+group=${group:-rmilter}
+cfgfile=${cfgfile:-/etc/rmilter/rmilter.conf}
+pidfile=$(grep pidfile $cfgfile | cut -d = -f 2 | sed 's/[ ;]//g')
+pidfile=${pidfile:-/run/rmilter/rmilter.pid}
+sockfile=$(grep bind_socket $cfgfile | grep unix: | cut -d : -f 2 | sed 's/[ ;]//g')
+command=/usr/sbin/rmilter
+command_args="-c $cfgfile"
+required_files="$cfgfile"
+extra_started_commands="reload"
+description_reload="Reload configuration"
+
+depend() {
+	need net dns localmount
+	use logger antivirus antispam
+}
+
+start_pre() {
+	ebegin
+	checkpath --directory --mode 750 --owner $user:$group ${pidfile%/*}
+	if [ "$sockfile" ]; then
+		checkpath --directory --mode 750 --owner $user:$group ${sockfile%/*}
+		rm -f $sockfile
+	fi
+	eend $?
+}
+
+start() {
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start \
+		--user $user \
+		--group $group \
+		--pidfile $pidfile \
+		--exec $command -- $command_args
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal USR1 --pidfile $pidfile
+	eend $?
+}
diff --git a/testing/rmilter/rmilter.pre-install b/testing/rmilter/rmilter.pre-install
new file mode 100644
index 00000000000..b7dc736d996
--- /dev/null
+++ b/testing/rmilter/rmilter.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S rmilter 2>dev/null
+adduser -h /run/rmilter -g "rmilter" -s /bin/false -SDHG rmilter rmilter 2>/dev/null
+
+exit 0
diff --git a/testing/rmilter/system_hiredis.patch b/testing/rmilter/system_hiredis.patch
new file mode 100644
index 00000000000..3dfdf54519a
--- /dev/null
+++ b/testing/rmilter/system_hiredis.patch
@@ -0,0 +1,28 @@
+--- old/CMakeLists.txt
++++ new/CMakeLists.txt
+@@ -245,6 +245,8 @@
+ 	ROOT ${PCRE_ROOT_DIR} MODULES pcre libpcre pcre3 libpcre3)
+ ProcessPackage(LIBMILTER LIBRARY milter INCLUDE mfapi.h INCLUDE_SUFFIXES include/libmilter
+ 	LIB_SUFFIXES lib/libmilter ROOT ${LIBMILTER_ROOT_DIR} MODULES libmilter)
++ProcessPackage(LIBHIREDIS LIBRARY hiredis INCLUDE hiredis.h INCLUDE_SUFFIXES include/hiredis
++	LIB_SUFFIXES lib/libhiredis ROOT ${LIBHIREDIS_ROOT_DIR} MODULES libhiredis)
+ 
+ IF(ENABLE_DKIM MATCHES "ON")
+     SET(WITH_DKIM 1)
+@@ -363,8 +365,6 @@
+ CHECK_SYMBOL_EXISTS(MAP_NOCORE sys/mman.h HAVE_MMAP_NOCORE)
+ 
+ ################################ SOURCES SECTION ###########################
+-ADD_SUBDIRECTORY(hiredis)
+-INCLUDE_DIRECTORIES("${CMAKE_SOURCE_DIR}/hiredis")
+ 
+ SET(RMILTERSRC
+                 compat/blake2b-ref.c
+@@ -394,7 +394,6 @@
+ ADD_EXECUTABLE(rmilter ${RMILTERSRC})
+ SET_TARGET_PROPERTIES(rmilter PROPERTIES LINKER_LANGUAGE C)
+ TARGET_LINK_LIBRARIES(rmilter ${RMILTER_REQUIRED_LIBRARIES})
+-TARGET_LINK_LIBRARIES(rmilter rmilter-hiredis)
+ 
+ ##################### INSTALLATION ##########################################
+