Fixed hardcoded antispam and antivirus host addresses

Fixes #978 (cherry picked from commit 6f973a2e4b) # Conflicts: # CHANGELOG.md # core/dovecot/conf/bin/ham # core/dovecot/conf/bin/spam # docs/configuration.rst # docs/kubernetes/mailu/configmap.yaml # services/rspamd/conf/antivirus.conf # services/rspamd/start.py
2025-11-03 03:28:10 +00:00 · 2019-05-07 11:42:08 +02:00
parent 6b5bb5fcd1
commit 86f73983e8
7 changed files with 233 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -565,6 +565,16 @@ deprecated before 1.8.0, you can switch to an external database server by then.
 - Enhancement: Create an Authentication Token with IPv6 address restriction ([#829](https://github.com/Mailu/Mailu/issues/829))
 - Enhancement: Automatically create admin user on container startup if given appropriate environment variables
 - Enhancement: Missing wildcard option in alias flask command ([#869](https://github.com/Mailu/Mailu/issues/869))
+<<<<<<< HEAD
+=======
+- Enhancement: Fixed hardcoded antispam and antivirus host addresses ([#978](https://github.com/Mailu/Mailu/issues/978))
+- Bug: Fix creating new fetched accounts
+- Bug: Fix poor performance if ANTIVIRUS is configured to none.
+- Bug: Implement mailustart to resolve webmail in admin ([#716](https://github.com/Mailu/Mailu/issues/716))
+- Bug: Rename cli commands and their options (replace "\_" with "-") ([#877](https://github.com/Mailu/Mailu/issues/877))
+- Bug: Fix typo in migration script ([#905](https://github.com/Mailu/Mailu/issues/905))
+- Bug: Fix redis hostname in admin
+>>>>>>> 6f973a2e (Fixed hardcoded antispam and antivirus host addresses)

 v1.6.0 - 2019-01-18
 -------------------
--- a/core/dovecot/conf/bin/ham
+++ b/core/dovecot/conf/bin/ham
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+tee >(rspamc -h ${HOST_ANTISPAM:-antispam:11334} -P mailu learn_ham /dev/stdin) \
+    | rspamc -h ${HOST_ANTISPAM:-antispam:11334} -P mailu -f 13 fuzzy_add /dev/stdin
--- a/core/dovecot/conf/bin/spam
+++ b/core/dovecot/conf/bin/spam
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+tee >(rspamc -h ${HOST_ANTISPAM:-antispam:11334} -P mailu learn_spam /dev/stdin) \
+    >(rspamc -h ${HOST_ANTISPAM:-antispam:11334} -P mailu -f 11 fuzzy_add /dev/stdin)
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -310,6 +310,7 @@ Various environment variables ``*_ADDRESS`` can be used to run Mailu containers
 separately from a supported orchestrator. It is used by the various components
 to find the location of the other containers it depends on. Those variables are:

+<<<<<<< HEAD
 - ``ADMIN_ADDRESS``
 - ``ANTISPAM_ADDRESS``
 - ``ANTIVIRUS_ADDRESS``
@@ -319,6 +320,20 @@ to find the location of the other containers it depends on. Those variables are:
 - ``SMTP_ADDRESS``
 - ``WEBDAV_ADDRESS``
 - ``WEBMAIL_ADDRESS``
+=======
+- ``HOST_IMAP``: the container that is running the IMAP server (default: ``imap``, port 143)
+- ``HOST_LMTP``: the container that is running the LMTP server (default: ``imap:2525``)
+- ``HOST_HOSTIMAP``: the container that is running the IMAP server for the webmail (default: ``imap``, port 10143)
+- ``HOST_POP3``: the container that is running the POP3 server (default: ``imap``, port 110)
+- ``HOST_SMTP``: the container that is running the SMTP server (default: ``smtp``, port 25)
+- ``HOST_AUTHSMTP``: the container that is running the authenticated SMTP server for the webnmail (default: ``smtp``, port 10025)
+- ``HOST_ADMIN``: the container that is running the admin interface (default: ``admin``)
+- ``HOST_ANTISPAM``: the container that is running the antispam service (default: ``antispam:11334``)
+- ``HOST_ANTIVIRUS``: the container that is running the antivirus service (default: ``antivirus:3310``)
+- ``HOST_WEBMAIL``: the container that is running the webmail (default: ``webmail``)
+- ``HOST_WEBDAV``: the container that is running the webdav server (default: ``webdav:5232``)
+- ``HOST_REDIS``: the container that is running the redis daemon (default: ``redis``)
+>>>>>>> 6f973a2e (Fixed hardcoded antispam and antivirus host addresses)

 These are used for DNS based service discovery with possibly changing services IP addresses.
 ``*_ADDRESS`` values must be fully qualified domain names without port numbers.
--- a/docs/kubernetes/mailu/configmap.yaml
+++ b/docs/kubernetes/mailu/configmap.yaml
@@ -0,0 +1,169 @@
+   apiVersion: v1
+   kind: ConfigMap
+   metadata:
+     name: mailu-config
+     namespace: mailu-mailserver
+   data:
+    # Mailu main configuration file
+    #
+    # Most configuration variables can be modified through the Web interface,
+    # these few settings must however be configured before starting the mail
+    # server and require a restart upon change.
+
+    ###################################
+    # Common configuration variables
+    ###################################
+
+    # Set this to the path where Mailu data and configuration is stored
+    ROOT: "/mailu"
+
+    # Mailu version to run (1.0, 1.1, etc. or master)
+    VERSION: "master"
+
+    # Set to a randomly generated 16 bytes string
+    SECRET_KEY: "MySup3rS3cr3tPas"
+
+    # Address where listening ports should bind
+    BIND_ADDRESS4: "127.0.0.1"
+    #BIND_ADDRESS6: "::1"
+
+    # Main mail domain
+    DOMAIN: "example.com"
+
+    # Hostnames for this server, separated with comas
+    HOSTNAMES: "mail.example.com"
+
+    # Postmaster local part (will append the main mail domain)
+    POSTMASTER: "admin"
+
+    # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
+    TLS_FLAVOR: "cert"
+
+    # Authentication rate limit (per source IP address)
+    AUTH_RATELIMIT: "10/minute;1000/hour"
+
+    # Opt-out of statistics, replace with "True" to opt out
+    DISABLE_STATISTICS: "False"
+
+    ###################################
+    # Kubernetes configuration
+    ###################################
+
+    # Use Kubernetes Ingress Controller to handle all actions on port 80 and 443
+    # This way we can make use of the advantages of the cert-manager deployment
+    KUBERNETES_INGRESS: "true"
+
+    # POD_ADDRESS_RANGE is normally provided by default with Kubernetes
+    # Only use this value when you are using Flannel, Calico or a special kind of CNI
+    # Provide the IPs of your network interface or bridge which is used for VXLAN network traffic
+    # POD_ADDRESS_RANGE: 10.2.0.0/16,10.1.6.0/24
+
+    ###################################
+    # Optional features
+    ###################################
+
+    # Expose the admin interface (value: true, false)
+    ADMIN: "true"
+    # Run the admin interface in debug mode
+    #DEBUG: "True"
+
+    # Choose which webmail to run if any (values: roundcube, rainloop, none)
+    WEBMAIL: "roundcube"
+
+    # Dav server implementation (value: radicale, none)
+    WEBDAV: "radicale"
+
+    # Antivirus solution (value: clamav, none)
+    ANTIVIRUS: "clamav"
+
+    ###################################
+    # Mail settings
+    ###################################
+
+    # Message size limit in bytes
+    # Default: accept messages up to 50MB
+    MESSAGE_SIZE_LIMIT: "50000000"
+
+    # Will relay all outgoing mails if configured
+    #RELAYHOST=
+
+    # This part is needed for the XCLIENT login for postfix. This should be the POD ADDRESS range
+    FRONT_ADDRESS: "front.mailu-mailserver.svc.cluster.local"
+
+    # This value  is needed by the webmail to find the correct imap backend
+    IMAP_ADDRESS: "imap.mailu-mailserver.svc.cluster.local"
+
+    # This value is used by Dovecot to find the Redis server in the cluster
+    REDIS_ADDRESS: "redis.mailu-mailserver.svc.cluster.local"
+
+    # Fetchmail delay
+    FETCHMAIL_DELAY: "600"
+
+    # Recipient delimiter, character used to delimiter localpart from custom address part
+    # e.g. localpart+custom@domain;tld
+    RECIPIENT_DELIMITER: "+"
+
+    # DMARC rua and ruf email
+    DMARC_RUA: "root"
+    DMARC_RUF: "root"
+
+    # Welcome email, enable and set a topic and body if you wish to send welcome
+    # emails to all users.
+    WELCOME: "false"
+    WELCOME_SUBJECT: "Welcome to your new email account"
+    WELCOME_BODY: "Welcome to your new email account, if you can read this, then it is configured properly!"
+
+    ###################################
+    # Web settings
+    ###################################
+
+    # Path to the admin interface if enabled
+    # Kubernetes addition: You need to change ALL the ingresses, when you want this URL to be different!!!
+    WEB_ADMIN: "/admin"
+
+    # Path to the webmail if enabled
+    # Currently, this is not used, because we intended to use a different subdomain: webmail.example.com
+    # This option can be added in a feature release
+    WEB_WEBMAIL: "/webmail"
+
+    # Website name
+    SITENAME: "Mailu"
+
+    # Linked Website URL
+    WEBSITE: "https://example.com"
+
+    # Registration reCaptcha settings (warning, this has some privacy impact)
+    # RECAPTCHA_PUBLIC_KEY=
+    # RECAPTCHA_PRIVATE_KEY=
+
+    # Domain registration, uncomment to enable
+    # DOMAIN_REGISTRATION=true
+
+    ###################################
+    # Advanced settings
+    ###################################
+
+    # Docker-compose project name, this will prepended to containers names.
+    COMPOSE_PROJECT_NAME: "mailu"
+
+    # Default password scheme used for newly created accounts and changed passwords
+    # (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
+    PASSWORD_SCHEME: "SHA512-CRYPT"
+
+    # Header to take the real ip from
+    #REAL_IP_HEADER:
+
+    # IPs for nginx set_real_ip_from (CIDR list separated by commas)
+    #REAL_IP_FROM:
+
+    # Host settings
+    HOST_IMAP: "imap.mailu-mailserver.svc.cluster.local"
+    HOST_POP3: "imap.mailu-mailserver.svc.cluster.local"
+    HOST_SMTP: "smtp.mailu-mailserver.svc.cluster.local"
+    HOST_AUTHSMTP: "smtp.mailu-mailserver.svc.cluster.local"
+    HOST_WEBMAIL: "webmail.mailu-mailserver.svc.cluster.local"
+    HOST_ADMIN: "admin.mailu-mailserver.svc.cluster.local"
+    HOST_WEBDAV: "webdav.mailu-mailserver.svc.cluster.local:5232"
+    HOST_ANTISPAM: "antispam.mailu-mailserver.svc.cluster.local:11332"
+    HOST_ANTIVIRUS: "antivirus.mailu-mailserver.svc.cluster.local:3310"
+    HOST_REDIS: "redis.mailu-mailserver.svc.cluster.local"
--- a/services/rspamd/conf/antivirus.conf
+++ b/services/rspamd/conf/antivirus.conf
@@ -0,0 +1,8 @@
+{% if ANTIVIRUS == 'clamav' %}
+clamav {
+  attachments_only = true;
+  symbol = "CLAM_VIRUS";
+  type = "clamav";
+  servers = "{{ HOST_ANTIVIRUS }}";
+}
+{% endif %}
--- a/services/rspamd/start.py
+++ b/services/rspamd/start.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python3
+
+import os
+import glob
+import logging as log
+import sys
+from socrate import system, conf
+
+log.basicConfig(stream=sys.stderr, level=os.environ.get("LOG_LEVEL", "WARNING"))
+
+# Actual startup script
+
+os.environ["FRONT_ADDRESS"] = system.resolve_address(os.environ.get("HOST_FRONT", "front"))
+
+if "HOST_REDIS" not in os.environ:
+    os.environ["REDIS_ADDRESS"] = system.resolve_address(os.environ.get("HOST_REDIS", "redis"))
+os.environ["HOST_ANTIVIRUS"] = system.resolve_address(os.environ.get("HOST_ANTIVIRUS", "antivirus:3310"))
+
+for rspamd_file in glob.glob("/conf/*"):
+    conf.jinja(rspamd_file, os.environ, os.path.join("/etc/rspamd/local.d", os.path.basename(rspamd_file)))
+
+# Run rspamd
+os.execv("/usr/sbin/rspamd", ["rspamd", "-i", "-f"])