rspamd
This commit is contained in:
parent
82eb4f11f3
commit
cdedfc1ab1
4 changed files with 61 additions and 3 deletions
47
Dockerfile
47
Dockerfile
|
@ -13,8 +13,49 @@ RUN sed -re "s/^(appendonly).*/\1 yes/" -i /etc/redis.conf
|
||||||
RUN echo "pidfile /run/redis/redis.pid" >> /etc/redis.conf
|
RUN echo "pidfile /run/redis/redis.pid" >> /etc/redis.conf
|
||||||
RUN echo "daemonize yes" >> /etc/redis.conf
|
RUN echo "daemonize yes" >> /etc/redis.conf
|
||||||
RUN echo "protected-mode no" >> /etc/redis.conf
|
RUN echo "protected-mode no" >> /etc/redis.conf
|
||||||
RUN echo "maxmemory-policy allkeys-lfu" >> /etc/redis.conf
|
|
||||||
RUN echo "maxmemory 50mb" >> /etc/redis.conf
|
RUN echo "maxmemory 50mb" >> /etc/redis.conf
|
||||||
|
RUN echo "maxmemory-policy volatile-ttl" >> /etc/redis.conf
|
||||||
|
RUN echo "bind 127.0.0.1 ::1" >> /etc/redis.conf
|
||||||
|
RUN sed -re "s/^(dir).*/\1 \/var\/lib\/rspamd-redis/" -i /etc/redis.conf
|
||||||
|
|
||||||
EXPOSE 6379
|
RUN apk add --no-cache rspamd rspamd-client rspamd-proxy rspamd-controller
|
||||||
VOLUME "/var/lib/redis"
|
RUN install -dm 755 /etc/rspamd/local.d
|
||||||
|
RUN install -dm 750 -o rspamd -g rspamd /var/lib/rspamd
|
||||||
|
RUN install -dm 750 -o redis -g redis /var/lib/rspamd-redis
|
||||||
|
|
||||||
|
# TODO: Deprecate OpenDKIM
|
||||||
|
RUN echo "enabled = false;" >> /etc/rspamd/local.d/dkim_signing.conf
|
||||||
|
|
||||||
|
# Redis
|
||||||
|
RUN echo "write_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf
|
||||||
|
RUN echo "read_servers = \"localhost\";" >> /etc/rspamd/local.d/redis.conf
|
||||||
|
|
||||||
|
# Workers
|
||||||
|
RUN echo "bind_socket = \"*:11332\";" >> /etc/rspamd/local.d/worker-proxy.inc
|
||||||
|
RUN echo "bind_socket = \"*:11333\";" >> /etc/rspamd/local.d/worker-normal.inc
|
||||||
|
RUN echo "bind_socket = \"*:11334\";" >> /etc/rspamd/local.d/worker-controller.inc
|
||||||
|
# We don't really care about the password...
|
||||||
|
RUN echo "password = \"`rspamadm pw -p '12345678'`\";" >> /etc/rspamd/local.d/worker-controller.inc
|
||||||
|
|
||||||
|
# Options
|
||||||
|
# Rspamd doesn't seem to write a pid file and upstream not really
|
||||||
|
# helpful about it: https://github.com/rspamd/rspamd/issues/3096
|
||||||
|
# RUN echo "pid_file = \"/tmp/rspamd.pid\";" >> /etc/rspamd/local.d/options.inc
|
||||||
|
RUN echo "local_addrs = \"/etc/rspamd/local.d/maps.d/local_addrs\";" >> /etc/rspamd/local.d/options.inc
|
||||||
|
|
||||||
|
# Logging
|
||||||
|
RUN echo "type = \"syslog\";" >> /etc/rspamd/local.d/logging.inc
|
||||||
|
RUN echo "facility = \"daemon\";" >> /etc/rspamd/local.d/logging.inc
|
||||||
|
|
||||||
|
# Learn spam
|
||||||
|
RUN echo "servers = \"localhost\";" >> /etc/rspamd/local.d/classifier-bayes.conf
|
||||||
|
RUN echo "autolearn = [-5,5];" >> /etc/rspamd/local.d/classifier-bayes.conf
|
||||||
|
|
||||||
|
COPY ./local_addrs.sh /usr/local/bin/local_addrs
|
||||||
|
COPY ./rspamd.conf /etc/monit.d/rspamd.conf
|
||||||
|
|
||||||
|
EXPOSE 11332
|
||||||
|
EXPOSE 11333
|
||||||
|
EXPOSE 11334
|
||||||
|
VOLUME "/var/lib/rspamd-redis"
|
||||||
|
VOLUME "/var/lib/rspamd"
|
||||||
|
|
1
local.conf
Normal file
1
local.conf
Normal file
|
@ -0,0 +1 @@
|
||||||
|
bind_socket = "*:11333";
|
8
local_addrs.sh
Executable file
8
local_addrs.sh
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
local_addrs="/etc/rspamd/local.d/maps.d/local_addrs"
|
||||||
|
|
||||||
|
test -f "${local_addrs}" && exit
|
||||||
|
|
||||||
|
ip -4 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"
|
||||||
|
ip -6 route | cut -d " " -f 1 | grep -v default >> "${local_addrs}"
|
8
rspamd.conf
Normal file
8
rspamd.conf
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
check process rspamd with matching "rspamd: main"
|
||||||
|
start program = "/usr/sbin/rspamd" as uid "rspamd" and gid "rspamd"
|
||||||
|
stop program = "/usr/bin/killall rspamd"
|
||||||
|
|
||||||
|
check program local_addrs
|
||||||
|
with path "/usr/local/bin/local_addrs"
|
||||||
|
every 1 cycle
|
||||||
|
if status = 0 then unmonitor
|
Loading…
Reference in a new issue