diff --git a/mail/rspamd/Makefile b/mail/rspamd/Makefile
index 3f3bc708c..2a4ace08d 100644
--- a/mail/rspamd/Makefile
+++ b/mail/rspamd/Makefile
@@ -1,5 +1,5 @@
PLUGIN_NAME= rspamd
-PLUGIN_VERSION= 1.1
+PLUGIN_VERSION= 1.2
PLUGIN_COMMENT= Protect your network from spam
PLUGIN_DEPENDS= rspamd
PLUGIN_MAINTAINER= franz.fabian.94@gmail.com
diff --git a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
index b4c122a6b..eb692e877 100644
--- a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
@@ -14,6 +14,15 @@
If you check this box, the local Redis server will be available to the modules (some do not work without it).
+
+
+ rspamd.multimap.badfileextension
+
+ select_multiple
+
+ If an attached file has a suffix in this list, the mail will be rejected via a hard reject, which means that the server will be immeadiately informed about the policy violation.
+
+
diff --git a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
index 8fc25cacf..88ef6d225 100644
--- a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
@@ -333,5 +333,12 @@
N
+
+
+
+ N
+ exe,dll,scr,com,cmd,js,bat,vbs,ps1,bat,cpl,lnk,msi,msp,reg
+
+
diff --git a/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt b/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt
index cdb616c25..9c84e628b 100644
--- a/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt
+++ b/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt
@@ -35,10 +35,7 @@
mapDataToFormUI(data_get_map).done(function(){
formatTokenizersUI();
$('.selectpicker').selectpicker('refresh');
- // request service status on load and update status box
- ajaxCall(url="/api/rspamd/service/status", sendData={}, callback=function(data,status) {
- updateServiceStatusUI(data['status']);
- });
+ updateServiceControlUI('rspamd');
});
// update history on tab state and implement navigation
@@ -80,9 +77,7 @@
draggable: true
});
} else {
- ajaxCall(url="/api/rspamd/service/status", sendData={}, callback=function(data,status) {
- updateServiceStatusUI(data['status']);
- });
+ updateServiceControlUI('rspamd');
}
});
});
diff --git a/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh b/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh
index 97f90dbfd..fef896945 100755
--- a/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh
+++ b/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh
@@ -3,6 +3,11 @@ mkdir -p /var/db/rspamd
mkdir -p /var/log/rspamd
mkdir -p /var/run/rspamd
+# fix permissions of files generated by configd
+chmod +r /usr/local/etc/rspamd/local.d/*
+chmod o+rx /usr/local/etc/rspamd/local.d
+chown -R nobody /var/log/rspamd
+
chown nobody:nobody /var/db/rspamd
chown nobody:nobody /var/log/rspamd
chown nobody:nobody /var/run/rspamd
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
index 3a8397bae..a4038e206 100644
--- a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
@@ -1,6 +1,7 @@
rspamd:/etc/rc.conf.d/rspamd
antivirus.wl:/usr/local/etc/rspamd/local.d/antivirus.wl
antivirus.conf:/usr/local/etc/rspamd/local.d/antivirus.conf
+bad_file_extensions-map:/usr/local/etc/rspamd/local.d/bad_file_extensions.map
dkim_signing.conf:/usr/local/etc/rspamd/local.d/dkim_signing.conf
dkim.conf:/usr/local/etc/rspamd/local.d/dkim.conf
spf.conf:/usr/local/etc/rspamd/local.d/spf.conf
@@ -9,6 +10,7 @@ surbl-whitelist.inc.local:/var/db/rspamd/surbl-whitelist.inc.local
2tld.inc.local:/var/db/rspamd/2tld.inc.local
greylist.conf:/usr/local/etc/rspamd/local.d/greylist.conf
phishing.conf:/usr/local/etc/rspamd/local.d/phishing.conf
+multimap.conf:/usr/local/etc/rspamd/local.d/multimap.conf
mx_check.conf:/usr/local/etc/rspamd/local.d/mx_check.conf
ratelimit.conf:/usr/local/etc/rspamd/local.d/ratelimit.conf
redis.conf:/usr/local/etc/rspamd/local.d/redis.conf
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/bad_file_extensions-map b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/bad_file_extensions-map
new file mode 100644
index 000000000..1b27e3ec5
--- /dev/null
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/bad_file_extensions-map
@@ -0,0 +1,5 @@
+{% if helpers.exists('OPNsense.Rspamd.general.enabled') and OPNsense.Rspamd.general.enabled == '1' and helpers.exists('OPNsense.Rspamd.multimap.badfileextension') and OPNsense.Rspamd.multimap.badfileextension != '' %}
+{% for extension in OPNsense.Rspamd.multimap.badfileextension.split(',') %}
+{{ extension }}
+{% endfor %}
+{% endif %}
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf
new file mode 100644
index 000000000..9407cc4d5
--- /dev/null
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf
@@ -0,0 +1,13 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+
+{% if helpers.exists('OPNsense.Rspamd.general.enabled') and OPNsense.Rspamd.general.enabled == '1' and helpers.exists('OPNsense.Rspamd.multimap') %}
+extension_blacklist {
+ type = "filename";
+ filter = "extension";
+ map = "/${LOCAL_CONFDIR}/local.d/bad_file_extensions.map";
+ symbol = "FILENAME_BLACKLISTED";
+ action = "reject";
+}
+{% endif %}