From 0f337971ff12b89805bb58b14b858c74e8fdb7dd Mon Sep 17 00:00:00 2001 From: DerLinkman Date: Mon, 31 Jul 2023 12:03:07 +0200 Subject: [PATCH] Reimplemented option for custom dnsbls --- data/Dockerfiles/postfix/postfix.sh | 137 +++++----------------------- docker-compose.yml | 2 +- 2 files changed, 22 insertions(+), 117 deletions(-) diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh index 9696fa9f22..8450bbe61d 100755 --- a/data/Dockerfiles/postfix/postfix.sh +++ b/data/Dockerfiles/postfix/postfix.sh @@ -397,136 +397,40 @@ echo -e "\e[33mChecking if ASN for your IP is listed for Spamhaus Bad ASN List.. if [ -n "$SPAMHAUS_DQS_KEY" ]; then echo -e "\e[32mDetected SPAMHAUS_DQS_KEY variable from mailcow.conf...\e[0m" echo -e "\e[33mUsing DQS Blocklists from Spamhaus!\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.[10;11]*8 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.3*4 - ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.2*3 - ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4 - ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using Spamhaus DQS lists + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.net=127.0.0.[4..7]*6 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.[10;11]*8 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.3*4 + ${SPAMHAUS_DQS_KEY}.zen.dq.spamhaus.org=127.0.0.2*3 + ${SPAMHAUS_DQS_KEY}.dbl.dq.spamhaus.net=127.0.0.3*4 + ${SPAMHAUS_DQS_KEY}.zrd.dq.spamhaus.net=127.0.0.2*3 EOF else - response=$(curl --connect-timeout 15 --retry 5 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") - if [ "$response" -eq 403 ]; then + response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email") + if [ "$response" -eq 503 ]; then echo -e "\e[31mThe AS of your IP is listed as a banned AS from Spamhaus!\e[0m" echo -e "\e[33mNo SPAMHAUS_DQS_KEY found... Skipping Spamhaus blocklists entirely!\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using no Spamhaus DNSBL EOF elif [ "$response" -eq 200 ]; then echo -e "\e[32mThe AS of your IP is NOT listed as a banned AS from Spamhaus!\e[0m" echo -e "\e[33mUsing the open Spamhaus blocklists.\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 - zen.spamhaus.org=127.0.0.[10;11]*8 - zen.spamhaus.org=127.0.0.[4..7]*6 - zen.spamhaus.org=127.0.0.3*4 - zen.spamhaus.org=127.0.0.2*3 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using public spamhaus lists + zen.spamhaus.org=127.0.0.[10;11]*8 + zen.spamhaus.org=127.0.0.[4..7]*6 + zen.spamhaus.org=127.0.0.3*4 + zen.spamhaus.org=127.0.0.2*3 EOF else echo -e "\e[31mWe couldn't determine your AS... (maybe DNS/Network issue?) Response Code: $response\e[0m" echo -e "\e[33mDeactivating Spamhaus DNS Blocklists to be on the safe site!\e[0m" - cat < /opt/postfix/conf/dns_blocklists.cf - # Autogenerated by mailcow - postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2 - hostkarma.junkemailfilter.com=127.0.0.1*-2 - list.dnswl.org=127.0.[0..255].0*-2 - list.dnswl.org=127.0.[0..255].1*-4 - list.dnswl.org=127.0.[0..255].2*-6 - list.dnswl.org=127.0.[0..255].3*-8 - ix.dnsbl.manitu.net*2 - bl.spamcop.net*2 - bl.suomispam.net*2 - hostkarma.junkemailfilter.com=127.0.0.2*3 - hostkarma.junkemailfilter.com=127.0.0.4*2 - hostkarma.junkemailfilter.com=127.0.1.2*1 - backscatter.spameatingmonkey.net*2 - bl.ipv6.spameatingmonkey.net*2 - bl.spameatingmonkey.net*2 - b.barracudacentral.org=127.0.0.2*7 - bl.mailspike.net=127.0.0.2*5 - bl.mailspike.net=127.0.0.[10;11;12]*4 - dnsbl.sorbs.net=127.0.0.10*8 - dnsbl.sorbs.net=127.0.0.5*6 - dnsbl.sorbs.net=127.0.0.7*3 - dnsbl.sorbs.net=127.0.0.8*2 - dnsbl.sorbs.net=127.0.0.6*2 - dnsbl.sorbs.net=127.0.0.9*2 + cat < /tmp/spamhaus.cf +# Autogenerated by mailcow, using no Spamhaus DNSBL EOF fi fi @@ -541,6 +445,7 @@ cat /opt/postfix/conf/extra.cf >> /opt/postfix/conf/main.cf # Append postscreen dnsbl sites to main.cf cat /opt/postfix/conf/dns_blocklists.cf >> /opt/postfix/conf/main.cf +cat /tmp/spamhaus.cf >> /opt/postfix/conf/main.cf if [ ! -f /opt/postfix/conf/custom_transport.pcre ]; then echo "Creating dummy custom_transport.pcre" diff --git a/docker-compose.yml b/docker-compose.yml index 865dacb2f5..bd7c4acbb5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -297,7 +297,7 @@ services: - dovecot postfix-mailcow: - image: mailcow/postfix:1.69 + image: mailcow/postfix:1.70 depends_on: - mysql-mailcow volumes: