bundles/rspamd: send dmarc reports

This commit is contained in:
Franzi 2021-09-06 09:11:36 +02:00
parent 530462e9d2
commit 4ca0926546
Signed by: kunsi
GPG key ID: 12E3D2136B818350
5 changed files with 58 additions and 0 deletions

View file

@ -0,0 +1,10 @@
reporting {
# Required attributes
enabled = true; # Enable reports in general
email = 'dmarc@${node.metadata.get('hostname')}'; # Source of DMARC reports
domain = '${node.metadata.get('hostname')}'; # Domain to serve
org_name = 'kunbox.net'; # Organisation
smtp = '127.0.0.1'; # SMTP server IP
smtp_port = 25; # SMTP server port
from_name = 'rspamd @ ${node.metadata.get('hostname')}'; # SMTP FROM
}

View file

@ -0,0 +1,7 @@
dmarc {
reporting = true;
actions = {
quarantine = "add_header";
reject = "reject";
}
}

View file

@ -0,0 +1,9 @@
[Unit]
Description=Send rspamd dmarc reports
After=network.target
Requires=rspamd.service
[Service]
User=_rspamd
Group=_rspamd
ExecStart=/usr/bin/rspamadm dmarc_report

View file

@ -0,0 +1,9 @@
[Unit]
Description=Trigger sending dmarc reports
[Timer]
OnCalendar=*-*-* ${hour}:${minute}:00
Persistent=true
[Install]
WantedBy=timers.target

View file

@ -49,6 +49,12 @@ svc_systemd = {
'pkg_apt:clamav-freshclam', 'pkg_apt:clamav-freshclam',
}, },
}, },
'rspamd-dmarc-report.timer': {
'needs': {
'file:/etc/systemd/system/rspamd-dmarc-report.service',
'file:/etc/systemd/system/rspamd-dmarc-report.timer',
},
},
} }
files = { files = {
@ -58,6 +64,22 @@ files = {
'/usr/local/bin/telegraf-rspamd-plugin': { '/usr/local/bin/telegraf-rspamd-plugin': {
'mode': '0755', 'mode': '0755',
}, },
'/etc/systemd/system/rspamd-dmarc-report.timer': {
'content_type': 'mako',
'context': {
'hour': node.magic_number%24,
'minute': node.magic_number%60,
},
'triggers': {
'action:systemd-reload',
'svc_systemd:rspamd-dmarc-report.timer:restart',
},
},
'/etc/systemd/system/rspamd-dmarc-report.service': {
'triggers': {
'action:systemd-reload',
},
},
} }
@ -107,6 +129,7 @@ local_config_path = join(repo.path, 'bundles', 'rspamd', 'files', 'local.d')
for f in listdir(local_config_path): for f in listdir(local_config_path):
files[f'/etc/rspamd/local.d/{f}'] = { files[f'/etc/rspamd/local.d/{f}'] = {
'source': f'local.d/{f}', 'source': f'local.d/{f}',
'content_type': 'mako',
'triggers': { 'triggers': {
'svc_systemd:rspamd:restart', 'svc_systemd:rspamd:restart',
}, },