From 6bca7f71ff492975514aefec563735c308e158dd Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 22 Mar 2018 16:25:06 +0100
Subject: [PATCH] mail/rspamd: merge version 1.2 from master

---
 mail/rspamd/Makefile                                |  2 +-
 .../controllers/OPNsense/Rspamd/forms/settings.xml  |  9 +++++++++
 .../mvc/app/models/OPNsense/Rspamd/RSpamd.xml       |  7 +++++++
 .../mvc/app/views/OPNsense/Rspamd/index.volt        |  9 ++-------
 mail/rspamd/src/opnsense/scripts/rspamd/setup.sh    |  5 +++++
 .../service/templates/OPNsense/Rspamd/+TARGETS      |  2 ++
 .../OPNsense/Rspamd/bad_file_extensions-map         |  5 +++++
 .../service/templates/OPNsense/Rspamd/multimap.conf | 13 +++++++++++++
 8 files changed, 44 insertions(+), 8 deletions(-)
 create mode 100644 mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/bad_file_extensions-map
 create mode 100644 mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf

diff --git a/mail/rspamd/Makefile b/mail/rspamd/Makefile
index 3f3bc708c..2a4ace08d 100644
--- a/mail/rspamd/Makefile
+++ b/mail/rspamd/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		rspamd
-PLUGIN_VERSION=		1.1
+PLUGIN_VERSION=		1.2
 PLUGIN_COMMENT=		Protect your network from spam
 PLUGIN_DEPENDS=		rspamd
 PLUGIN_MAINTAINER=	franz.fabian.94@gmail.com
diff --git a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
index b4c122a6b..eb692e877 100644
--- a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
@@ -14,6 +14,15 @@
                 <help>If you check this box, the local Redis server will be available to the modules (some do not work without it).</help>
             </field>
         </subtab>
+        <subtab id="rspamd-general-multimap" description="Multimap Settings">
+            <field>
+                <id>rspamd.multimap.badfileextension</id>
+                <label>Blocked File Extensions</label>
+                <type>select_multiple</type>
+                <style>tokenize</style>
+                <help>If an attached file has a suffix in this list, the mail will be rejected via a hard reject, which means that the server will be immeadiately informed about the policy violation.</help>
+            </field>
+        </subtab>
     </tab>
     <tab id="rspamd-anti-spam" description="Spam Protection">
         <subtab id="rspamd-anti-spam-graylist" description="Graylisting">
diff --git a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
index 8fc25cacf..88ef6d225 100644
--- a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
@@ -333,5 +333,12 @@
         <Required>N</Required>
       </exceptions>
     </surbl>
+
+    <multimap>
+      <badfileextension type="CSVListField">
+        <Required>N</Required>
+        <default>exe,dll,scr,com,cmd,js,bat,vbs,ps1,bat,cpl,lnk,msi,msp,reg</default>
+      </badfileextension>
+    </multimap>
   </items>
 </model>
diff --git a/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt b/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt
index cdb616c25..9c84e628b 100644
--- a/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt
+++ b/mail/rspamd/src/opnsense/mvc/app/views/OPNsense/Rspamd/index.volt
@@ -35,10 +35,7 @@
         mapDataToFormUI(data_get_map).done(function(){
             formatTokenizersUI();
             $('.selectpicker').selectpicker('refresh');
-            // request service status on load and update status box
-            ajaxCall(url="/api/rspamd/service/status", sendData={}, callback=function(data,status) {
-                updateServiceStatusUI(data['status']);
-            });
+            updateServiceControlUI('rspamd');
         });
 
         // update history on tab state and implement navigation
@@ -80,9 +77,7 @@
                                 draggable: true
                             });
                         } else {
-                            ajaxCall(url="/api/rspamd/service/status", sendData={}, callback=function(data,status) {
-                                updateServiceStatusUI(data['status']);
-                            });
+                            updateServiceControlUI('rspamd');
                         }
                     });
                 });
diff --git a/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh b/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh
index 97f90dbfd..fef896945 100755
--- a/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh
+++ b/mail/rspamd/src/opnsense/scripts/rspamd/setup.sh
@@ -3,6 +3,11 @@ mkdir -p /var/db/rspamd
 mkdir -p /var/log/rspamd
 mkdir -p /var/run/rspamd
 
+# fix permissions of files generated by configd
+chmod +r /usr/local/etc/rspamd/local.d/*
+chmod o+rx /usr/local/etc/rspamd/local.d
+chown -R nobody /var/log/rspamd
+
 chown nobody:nobody /var/db/rspamd
 chown nobody:nobody /var/log/rspamd
 chown nobody:nobody /var/run/rspamd
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
index 3a8397bae..a4038e206 100644
--- a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
@@ -1,6 +1,7 @@
 rspamd:/etc/rc.conf.d/rspamd
 antivirus.wl:/usr/local/etc/rspamd/local.d/antivirus.wl
 antivirus.conf:/usr/local/etc/rspamd/local.d/antivirus.conf
+bad_file_extensions-map:/usr/local/etc/rspamd/local.d/bad_file_extensions.map
 dkim_signing.conf:/usr/local/etc/rspamd/local.d/dkim_signing.conf
 dkim.conf:/usr/local/etc/rspamd/local.d/dkim.conf
 spf.conf:/usr/local/etc/rspamd/local.d/spf.conf
@@ -9,6 +10,7 @@ surbl-whitelist.inc.local:/var/db/rspamd/surbl-whitelist.inc.local
 2tld.inc.local:/var/db/rspamd/2tld.inc.local
 greylist.conf:/usr/local/etc/rspamd/local.d/greylist.conf
 phishing.conf:/usr/local/etc/rspamd/local.d/phishing.conf
+multimap.conf:/usr/local/etc/rspamd/local.d/multimap.conf
 mx_check.conf:/usr/local/etc/rspamd/local.d/mx_check.conf
 ratelimit.conf:/usr/local/etc/rspamd/local.d/ratelimit.conf
 redis.conf:/usr/local/etc/rspamd/local.d/redis.conf
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/bad_file_extensions-map b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/bad_file_extensions-map
new file mode 100644
index 000000000..1b27e3ec5
--- /dev/null
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/bad_file_extensions-map
@@ -0,0 +1,5 @@
+{% if helpers.exists('OPNsense.Rspamd.general.enabled') and OPNsense.Rspamd.general.enabled == '1' and helpers.exists('OPNsense.Rspamd.multimap.badfileextension') and OPNsense.Rspamd.multimap.badfileextension != '' %}
+{% for extension in OPNsense.Rspamd.multimap.badfileextension.split(',') %}
+{{ extension }}
+{% endfor %}
+{% endif %}
diff --git a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf
new file mode 100644
index 000000000..9407cc4d5
--- /dev/null
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/multimap.conf
@@ -0,0 +1,13 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+
+{% if helpers.exists('OPNsense.Rspamd.general.enabled') and OPNsense.Rspamd.general.enabled == '1' and helpers.exists('OPNsense.Rspamd.multimap') %}
+extension_blacklist {
+  type = "filename";
+  filter = "extension";
+  map = "/${LOCAL_CONFDIR}/local.d/bad_file_extensions.map";
+  symbol = "FILENAME_BLACKLISTED";
+  action = "reject";
+}
+{% endif %}