We're receiving via Mythic mailservers, and they've already done RBL.

We're receiving via Mythic mailservers, so no point greylisting.
Mythic are already using rspamd, so keep their result if present.
2023-09-06 14:27:00 +01:00 · 2023-09-06 14:26:29 +01:00 · 2023-09-06 14:25:24 +01:00 · 2023-09-06 14:24:35 +01:00 · 2023-09-06 14:22:51 +01:00
5 changed files with 22 additions and 2 deletions
--- a/states/certificates/dehydrated/hooks/deploy.sh
+++ b/states/certificates/dehydrated/hooks/deploy.sh
@ -1,7 +1,8 @@
 #!/usr/bin/env bash
 #
 # Copy dehydrated generated certs into /var/local/certificates and
-# set required ownership. Also restart local services as appropriate.
+# set required ownership and permissions. Also restart local services
+# as appropriate.

 action=$1
 shift
@ -9,6 +10,8 @@ shift
 deploy_cert() {
    cp -a /var/lib/dehydrated/certs/* /var/local/certificates/
    chown -R root:ssl-cert /var/local/certificates/
+    find /var/local/certificates/ -type d -print0 | xargs -0 chmod g+rx
+    find /var/local/certificates/ -type f -print0 | xargs -0 chmod g+r

    DOMAIN="$1"
    case $DOMAIN in
--- a/states/email/exim4/local_check_data
+++ b/states/email/exim4/local_check_data
@ -19,8 +19,10 @@
  #deny  message    = Message discarded as high-probability spam
  #      condition  = ${if eq{$spam_action}{reject}}

+  # This is an additional check to Mythic's rspamd, so don't
+  # remove any spam judgement that has made.
  # Remove foreign headers
-  warn remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status
+  #warn remove_header = x-spam-bar : x-spam-score : x-spam-report : x-spam-status

  # add spam-score and spam-report header when "add header" action is recommended by rspamd
  warn
--- a/states/email/rspamd.sls
+++ b/states/email/rspamd.sls
@ -12,6 +12,10 @@ rspamd:
    - name: rspamd
    - fromrepo: bullseye

+redis_server:
+  pkg.installed:
+    - name: redis-server
+
 rspamd_conf:
  file.recurse:
    - name: /etc/rspamd/local.d
@ -26,3 +30,10 @@ rspamd_service:
    - watch:
      - pkg: rspamd
      - file: /etc/rspamd/local.d
+
+redis_service:
+  service.running:
+    - name: redis-server
+    - enable: true
+    - watch:
+      - pkg: redis-server
--- a/states/email/rspamd/local.d/greylist.conf
+++ b/states/email/rspamd/local.d/greylist.conf
@ -0,0 +1,2 @@
+# We're receiving from Mythic's mailservers, so no point greylisting.
+enabled = false
--- a/states/email/rspamd/local.d/rbl.conf
+++ b/states/email/rspamd/local.d/rbl.conf
@ -0,0 +1,2 @@
+# We're receiving from Mythic's mailservers, who have already done RBL.
+enabled = false
Author	SHA1	Message	Date
Jim Hague	45816eb74a	We're receiving via Mythic mailservers, and they've already done RBL.	2023-09-06 14:27:00 +01:00
Jim Hague	32ce2b1a08	We're receiving via Mythic mailservers, so no point greylisting.	2023-09-06 14:26:29 +01:00
Jim Hague	6466609192	Mythic are already using rspamd, so keep their result if present.	2023-09-06 14:25:24 +01:00
Jim Hague	496226815d	rspamd requires Redis server.	2023-09-06 14:24:35 +01:00
Jim Hague	46549c6863	Ensure new certificates are readably by ssl-cert group members.	2023-09-06 14:22:51 +01:00