add file for milter headers (#644)

2026-06-09 00:42:34 -04:00 · 2018-04-09 09:53:13 +02:00 · 2018-04-09 09:53:13 +02:00 · 9ef7b5225f
commit 9ef7b5225f
parent 50e9c408e0
4 changed files with 107 additions and 0 deletions
--- a/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/controllers/OPNsense/Rspamd/forms/settings.xml
@ -20,9 +20,56 @@
                <label>Blocked File Extensions</label>
                <type>select_multiple</type>
                <style>tokenize</style>
+                <allownew>true</allownew>
                <help>If an attached file has a suffix in this list, the mail will be rejected via a hard reject, which means that the server will be immeadiately informed about the policy violation.</help>
            </field>
        </subtab>
+        <subtab id="rspamd-general-milter-headers" description="Milter Headers">
+            <field>
+                <id>rspamd.milter_headers.enabled</id>
+                <label>Enable</label>
+                <type>checkbox</type>
+                <help>When this checkbox is enabled, you can add additional headers to your mails, which contain information about the scan results.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.enable_authentication_results</id>
+                <label>Enable Authentication Result Headers</label>
+                <type>checkbox</type>
+                <help>If this checkbox is enabled, a header about the authentication state will be added.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.enable_extended_spam_headers</id>
+                <label>Enable Extended Spam Headers</label>
+                <type>checkbox</type>
+                <help>If this checkbox is enabled, a header containing the findings of the scan is added.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.enable_spamd_bar</id>
+                <label>Enable Spamd Bar</label>
+                <type>checkbox</type>
+                <help>Add a header containing a visible indicator of the spam level.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.skip_local</id>
+                <label>Skip Local</label>
+                <type>checkbox</type>
+                <help>This will skip adding headers for local IPs. If this is unchecked, headers will also be added anyway but if it is checked, the headers will not be added for local IPs.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.skip_authenticated</id>
+                <label>Skip Authenticated</label>
+                <type>checkbox</type>
+                <help>If the user is authenticated, the headers will not be added if this is enabled. If this is checked, your outgoing mails will very likely not leak information about the the scanner.</help>
+            </field>
+            <field>
+                <id>rspamd.milter_headers.extended_headers_rcpt</id>
+                <label>Extended Headers Recipients</label>
+                <type>select_multiple</type>
+                <style>tokenize</style>
+                <allownew>true</allownew>
+                <help>Enter a (partial) mail address, which should also receive extended headers. For example: user@example.com or @example.net.</help>
+            </field>
+        </subtab>
    </tab>
    <tab id="rspamd-anti-spam" description="Spam Protection">
        <subtab id="rspamd-anti-spam-graylist" description="Graylisting">
--- a/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
+++ b/mail/rspamd/src/opnsense/mvc/app/models/OPNsense/Rspamd/RSpamd.xml
@ -13,6 +13,37 @@
      </enable_redis_plugin>
    </general>

+    <milter_headers>
+      <enabled type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enabled>
+      <enable_extended_spam_headers type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enable_extended_spam_headers>
+      <enable_authentication_results type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enable_authentication_results>
+      <enable_spamd_bar type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </enable_spamd_bar>
+      <skip_local type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </skip_local>
+      <skip_authenticated type="BooleanField">
+        <default>0</default>
+        <Required>Y</Required>
+      </skip_authenticated>
+      <extended_headers_rcpt type="CSVListField">
+        <mask>/[a-z0-9\.\-_@,]+/i</mask>
+        <Required>N</Required>
+      </extended_headers_rcpt>
+    </milter_headers>
+
    <graylist>
      <expire type="IntegerField">
        <Required>N</Required>
--- a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/+TARGETS
@ -10,6 +10,7 @@ surbl-whitelist.inc.local:/var/db/rspamd/surbl-whitelist.inc.local
 2tld.inc.local:/var/db/rspamd/2tld.inc.local
 greylist.conf:/usr/local/etc/rspamd/local.d/greylist.conf
 phishing.conf:/usr/local/etc/rspamd/local.d/phishing.conf
+milter_headers.conf:/usr/local/etc/rspamd/local.d/milter_headers.conf
 multimap.conf:/usr/local/etc/rspamd/local.d/multimap.conf
 mx_check.conf:/usr/local/etc/rspamd/local.d/mx_check.conf
 ratelimit.conf:/usr/local/etc/rspamd/local.d/ratelimit.conf
--- a/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/milter_headers.conf
+++ b/mail/rspamd/src/opnsense/service/templates/OPNsense/Rspamd/milter_headers.conf
@ -0,0 +1,28 @@
+{% if helpers.exists('OPNsense.Rspamd.milter_headers.enabled') and OPNsense.Rspamd.milter_headers.enabled == '1' %}
+{% set usemodules = [] %}
+
+extended_spam_headers = {% if helpers.exists('OPNsense.Rspamd.milter_headers.enable_extended_spam_headers') and OPNsense.Rspamd.milter_headers.enable_extended_spam_headers == '1' %}true{% else %}false{% endif %};
+{%   if helpers.exists('OPNsense.Rspamd.milter_headers.enable_authentication_results') and OPNsense.Rspamd.milter_headers.enable_authentication_results == '1' %}
+{%     do usemodules.append('authentication-results') %}
+authenticated_headers = ["authentication-results"];
+{%   endif %}
+
+{%   if helpers.exists('OPNsense.Rspamd.milter_headers.enable_spamd_bar') and OPNsense.Rspamd.milter_headers.enable_spamd_bar == '1' %}
+{%     do usemodules.append('x-spamd-bar') %}
+local_headers = ["x-spamd-bar"];
+{%   endif %}
+
+
+skip_local = {% if helpers.exists('OPNsense.Rspamd.milter_headers.skip_local') and OPNsense.Rspamd.milter_headers.skip_local == '1' %}true{% else %}false{% endif %};
+
+skip_authenticated = {% if helpers.exists('OPNsense.Rspamd.milter_headers.skip_authenticated') and OPNsense.Rspamd.milter_headers.skip_authenticated == '1' %}true{% else %}false{% endif %};
+
+{%   if helpers.exists('OPNsense.Rspamd.milter_headers.extended_headers_rcpt') and OPNsense.Rspamd.milter_headers.extended_headers_rcpt != '' %}
+extended_headers_rcpt = [{{ '"' + ( '", "'.join(OPNsense.Rspamd.milter_headers.extended_headers_rcpt.split(',') ) ) + '"' }}];
+{%   endif %}
+
+{%   if usemodules|length > 0 %}
+use = [{{ '"' + ( '", "'.join(usemodules) ) + '"' }}];
+{%   endif %}
+{% endif %}
+