From e2d10a72b5bf5978338429b10078ff3fce812054 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Thu, 18 Nov 2021 14:44:30 +0100
Subject: [PATCH] use rspamd as milter

---
 Dockerfile                               | 4 ----
 README.md                                | 7 ++++++-
 rootfs/etc/confd/templates/main.cf.tmpl  | 8 ++++----
 rootfs/etc/services.d/spamass-milter/run | 3 ---
 4 files changed, 10 insertions(+), 12 deletions(-)
 delete mode 100644 rootfs/etc/services.d/spamass-milter/run

diff --git a/Dockerfile b/Dockerfile
index 0c93b7a..581ca98 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,16 +20,12 @@ RUN apk add --no-cache \
     postfix \
     postfix-pgsql \
     openssl \
-    spamassassin-client \
     libstdc++ \
     libmilter
 
 RUN addgroup -g 2222 access
 RUN addgroup postfix access
 
-RUN mkdir /var/run/spamass-milter
-RUN chown postfix:postfix /var/run/spamass-milter
-
 RUN chown root /var/spool/postfix/
 RUN chown root /var/spool/postfix/pid
 
diff --git a/README.md b/README.md
index f2bda7b..0965d99 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[Postfix](http://www.postfix.org/) with dovecot authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in postgres.
+[Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres.
 
 # Volumes
 - `/etc/ssl/mail:ro`: certificates have to be here.
@@ -91,6 +91,11 @@ The minimum TLS cipher grade that the Postfix SMTP server will use with opportun
 
 Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.
 
+## RSPAMD_ADDRESS
+- default: inet:127.0.0.1:11332
+
+Where to connect to rspamd.
+
 # Ports
 - 25
 - 587
diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl
index bf8f5a6..f9b5672 100644
--- a/rootfs/etc/confd/templates/main.cf.tmpl
+++ b/rootfs/etc/confd/templates/main.cf.tmpl
@@ -59,10 +59,10 @@ smtpd_sasl_tls_security_options = noanonymous
 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient
 
-#smtpd_milters =
-#    unix:/var/run/spamass-milter/spamass.sock
-#    inet:{{getenv "DKIM_HOST"}}:{{getenv "DKIM_PORT"}}
-#non_smtpd_milters = $smtpd_milters
+smtpd_milters={{ getenv "RSPAMD_ADDRESS" "inet:127.0.0.1:11332" }}
+non_smtpd_milters=$smtpd_milters
+milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_authen}"
+
 milter_default_action = accept
 milter_macro_daemon_name = ORIGINATING
 milter_connect_macros = "i j {daemon_name} v {if_name} _"
diff --git a/rootfs/etc/services.d/spamass-milter/run b/rootfs/etc/services.d/spamass-milter/run
deleted file mode 100644
index 22576b7..0000000
--- a/rootfs/etc/services.d/spamass-milter/run
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-#exec s6-setuidgid postfix spamass-milter -u postmaster -p /var/run/spamass-milter/spamass.sock -- -d $SPAMASSASSIN_HOST