diff --git a/Dockerfile b/Dockerfile index 04a4789..f4fc455 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,38 +16,19 @@ RUN install -dm 755 /etc/rspamd/local.d RUN install -dm 750 -o rspamd -g rspamd /var/lib/rspamd RUN install -dm 750 -o redis -g redis /var/lib/redis -# TODO: Deprecate OpenDKIM, but it allow us to keep signing even if -# Rspamd is down. -RUN echo "enabled = false;" >> /etc/rspamd/local.d/dkim_signing.conf - -# Redis -RUN echo "write_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf -RUN echo "read_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf - -# Workers -RUN echo "bind_socket = \"*:11332\";" >> /etc/rspamd/local.d/worker-proxy.inc -RUN echo "bind_socket = \"*:11333\";" >> /etc/rspamd/local.d/worker-normal.inc -RUN echo "bind_socket = \"*:11334\";" >> /etc/rspamd/local.d/worker-controller.inc +COPY ./dkim_signing.conf /etc/rspamd/local.d/dkim_signing.conf +COPY ./redis.conf /etc/rspamd/local.d/redis.conf +COPY ./worker-proxy.inc /etc/rspamd/local.d/worker-proxy.inc +COPY ./worker-normal.inc /etc/rspamd/local.d/worker-normal.inc +COPY ./worker-controller.inc /etc/rspamd/local.d/worker-controller.inc +COPY ./options.inc /etc/rspamd/local.d/options.inc +COPY ./logging.inc /etc/rspamd/local.d/logging.inc +COPY ./classifier-bayes.conf /etc/rspamd/local.d/classifier-bayes.conf +COPY ./local_addrs /etc/rspamd/local.d/maps.d/local_addrs +COPY ./monit.conf /etc/monit.d/rspamd.conf # We don't really care about the password... RUN echo "password = \"`rspamadm pw -p '12345678'`\";" >> /etc/rspamd/local.d/worker-controller.inc -# Options -# Rspamd doesn't seem to write a pid file and upstream not really -# helpful about it: https://github.com/rspamd/rspamd/issues/3096 -# RUN echo "pid_file = \"/tmp/rspamd.pid\";" >> /etc/rspamd/local.d/options.inc -RUN echo "local_addrs = \"/etc/rspamd/local.d/maps.d/local_addrs\";" >> /etc/rspamd/local.d/options.inc - -# Logging -RUN echo "type = \"syslog\";" >> /etc/rspamd/local.d/logging.inc -RUN echo "facility = \"daemon\";" >> /etc/rspamd/local.d/logging.inc - -# Learn spam -RUN echo "servers = \"localhost\";" >> /etc/rspamd/local.d/classifier-bayes.conf -RUN echo "autolearn = [-5,5];" >> /etc/rspamd/local.d/classifier-bayes.conf - -COPY ./local_addrs /etc/rspamd/local.d/maps.d/local_addrs -COPY ./monit.conf /etc/monit.d/rspamd.conf - EXPOSE 11332 EXPOSE 11333 EXPOSE 11334 diff --git a/classifier-bayes.conf b/classifier-bayes.conf new file mode 100644 index 0000000..190471f --- /dev/null +++ b/classifier-bayes.conf @@ -0,0 +1,2 @@ +servers = "localhost"; +autolearn = [-5,5]; diff --git a/dkim_signing.conf b/dkim_signing.conf new file mode 100644 index 0000000..a6ee831 --- /dev/null +++ b/dkim_signing.conf @@ -0,0 +1 @@ +enabled = false; diff --git a/local_addrs b/local_addrs index d8c696b..39cf46c 100644 --- a/local_addrs +++ b/local_addrs @@ -1,2 +1,2 @@ -172.19.0.0/24 +10.13.12.0/24 fd00:acab::/32 diff --git a/logging.inc b/logging.inc new file mode 100644 index 0000000..a74994a --- /dev/null +++ b/logging.inc @@ -0,0 +1,2 @@ +type = "syslog"; +facility = "daemon"; diff --git a/options.inc b/options.inc new file mode 100644 index 0000000..adce546 --- /dev/null +++ b/options.inc @@ -0,0 +1,4 @@ +# Rspamd doesn't seem to write a pid file and upstream not really +# helpful about it: https://github.com/rspamd/rspamd/issues/3096 +# "pid_file = "/tmp/rspamd.pid"; +local_addrs = "/etc/rspamd/local.d/maps.d/local_addrs"; diff --git a/redis.conf b/redis.conf new file mode 100644 index 0000000..6b6c00d --- /dev/null +++ b/redis.conf @@ -0,0 +1,2 @@ +write_servers = "localhost"; +read_servers = "localhost"; diff --git a/worker-controller.inc b/worker-controller.inc new file mode 100644 index 0000000..2b6378a --- /dev/null +++ b/worker-controller.inc @@ -0,0 +1 @@ +bind_socket = "*:11334"; diff --git a/worker-normal.inc b/worker-normal.inc new file mode 100644 index 0000000..aac8fc1 --- /dev/null +++ b/worker-normal.inc @@ -0,0 +1 @@ +bind_socket = "*:11333"; diff --git a/worker-proxy.inc b/worker-proxy.inc new file mode 100644 index 0000000..86b2c4e --- /dev/null +++ b/worker-proxy.inc @@ -0,0 +1 @@ +bind_socket = "*:11332";