From a23a9438f62d3b427a376ee6025afb8d19a8e3b7 Mon Sep 17 00:00:00 2001
From: andreas <baloand@gmail.com>
Date: Wed, 25 Oct 2023 14:25:07 +0000
Subject: [PATCH] enable spampd

---
 .gitignore                |  2 +-
 docker-compose.yml        |  6 ++++++
 postfix/Dockerfile.alpine | 10 ----------
 spampd/Dockerfile         | 32 ++++++++++++++++++++++++++++++++
 spampd/entrypoint.sh      |  5 +++++
 spampd/scratchpad.sh      | 12 ++++++++++++
 ssl/create-postfix-certs  |  3 ++-
 todo                      |  2 +-
 8 files changed, 59 insertions(+), 13 deletions(-)
 delete mode 100644 postfix/Dockerfile.alpine
 create mode 100644 spampd/Dockerfile
 create mode 100644 spampd/entrypoint.sh
 create mode 100644 spampd/scratchpad.sh

diff --git a/.gitignore b/.gitignore
index ac2657c..5e33ce0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,4 @@ ssl/certs
 ssl/tmp
 ssl/db
 */ssl
-*/postfix/relay_clientcerts
+relay_clientcerts
diff --git a/docker-compose.yml b/docker-compose.yml
index 663d771..0d118bf 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -88,6 +88,11 @@ services:
       - 8025:25
     volumes:
       - spool:/var/spool/postfix
+  spampd:
+    build: ./spampd
+    image: baloan/spampd
+    volumes:
+      - spamassassin:/var/lib/spamassassin
 networks:
   traefik:
     external: true
@@ -97,3 +102,4 @@ volumes:
   search:
   z-push:
   spool:
+  spamassassin:
diff --git a/postfix/Dockerfile.alpine b/postfix/Dockerfile.alpine
deleted file mode 100644
index 3fd2e21..0000000
--- a/postfix/Dockerfile.alpine
+++ /dev/null
@@ -1,10 +0,0 @@
-# syntax=docker.io/docker/dockerfile:1.5.2
-FROM alpine:latest
-# install apt packages
-ENV TZ Europe/Berlin 
-RUN apk add --no-cache postfix spamassassin rsyslog logrotate xz
-COPY --chmod=0775 entrypoint.sh /entrypoint.sh
-EXPOSE 25
-VOLUME /var/spool/postfix
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["postfix", "start-fg"]
\ No newline at end of file
diff --git a/spampd/Dockerfile b/spampd/Dockerfile
new file mode 100644
index 0000000..97b779d
--- /dev/null
+++ b/spampd/Dockerfile
@@ -0,0 +1,32 @@
+# syntax=docker.io/docker/dockerfile:1.5.2
+FROM ubuntu:20.04
+# install apt packages
+ENV TZ Europe/Berlin 
+RUN <<EOF
+apt-get update
+apt-get install -y spampd rsyslog iputils-ping
+# cleanup
+apt-get autoclean
+# rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache ~/.npm
+EOF
+RUN <<EOF
+sed -e's/LISTENHOST=127.0.0.1/LISTENHOST=0.0.0.0/' \
+  -e's/DESTHOST=127.0.0.1/DESTHOST=postfix/' \
+  -e's/CHILDREN=3/CHILDREN=2/' \
+  -e's|ADDOPTS=""|ADDOPTS="--homedir=/var/lib/spamassassin/.spamassassin"|' \
+  -i /etc/default/spampd
+sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
+ln -sf /dev/stdout /var/log/syslog
+usermod debian-spamd -l spamd -s /bin/bash
+groupmod debian-spamd -n spamd
+mkdir /var/run/spampd
+chown spamd:spamd /var/run/spampd
+EOF
+COPY --chmod=0775 entrypoint.sh /entrypoint.sh
+EXPOSE 10025
+VOLUME /var/lib/spamassassin
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["/usr/sbin/spampd", "--nodetach", "--user=spamd", "--group=spamd", \
+  "--tagall", "--local-only", "--children=2", "--pid=/var/run/spampd/spampd.pid", \
+  "--port=10025", "--host=0.0.0.0", "--relayport=10026",  "--relayhost=postfix",  \
+  "--homedir=/var/lib/spamassassin/.spamassassin" ]
\ No newline at end of file
diff --git a/spampd/entrypoint.sh b/spampd/entrypoint.sh
new file mode 100644
index 0000000..bdd437e
--- /dev/null
+++ b/spampd/entrypoint.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+set -e
+/usr/sbin/rsyslogd
+su spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys"
+exec "$@"
diff --git a/spampd/scratchpad.sh b/spampd/scratchpad.sh
new file mode 100644
index 0000000..91451e1
--- /dev/null
+++ b/spampd/scratchpad.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+# export DOCKER_BUILDKIT=1
+# docker run -d --name apache -p80:80 -v/root/kopano/dist:/var/www httpd
+docker rm spampd
+docker build -t spampd .
+docker run -it --rm --name spampd spampd
+docker logs -f spampd
+docker exec -it spampd sh
+
+docker container prune -f 
+docker kill spampd
+docker rm spampd
diff --git a/ssl/create-postfix-certs b/ssl/create-postfix-certs
index faecb46..3b32847 100644
--- a/ssl/create-postfix-certs
+++ b/ssl/create-postfix-certs
@@ -7,6 +7,7 @@ pushd certs
 # https://www.postfix.org/postconf.5.html#relay_clientcerts
 openssl x509 -in $CN.crt -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -md5 -c | ( read D FP; echo $FP $CN ) >>relay_clientcerts
 cp $CN.key ~/kopano-docker/etc-$CN/ssl/private
-cp kopano-ca.crt ~/kopano-docker/etc-$CN/ssl/certs
+# https://ubuntu.com/server/docs/security-trust-store
+cp kopano-ca.crt ~/kopano-docker/etc-$CN/ssl/usr-local-share-ca-certificates
 cat kopano-ca.crt $CN.crt >~/kopano-docker/etc-$CN/ssl/$CN-full-chain.pem
 popd
diff --git a/todo b/todo
index 4d70ba5..ce027b3 100644
--- a/todo
+++ b/todo
@@ -1,8 +1,8 @@
 ok - complete internal SSL key generation and injection
 ok - complete relay SSL key generation and injection (manual for distribution to relay)
+poc - enable spampd
 enable zntrl.de
 remove passwords from gitlab & docker
-add spamd
 check logging for all containers
 bareos mysql backup (mysqldump, or database shutdown during backup)
 recipe: how to add a domain (dns, postfix virtual domains, webapp, z-push)