diff --git a/plinth/modules/email/__init__.py b/plinth/modules/email/__init__.py index f7763c3e5..a1dba4139 100644 --- a/plinth/modules/email/__init__.py +++ b/plinth/modules/email/__init__.py @@ -52,7 +52,7 @@ class EmailApp(plinth.app.App): app_id = 'email' - _version = 5 + _version = 6 def __init__(self) -> None: """Initialize the email app.""" @@ -104,6 +104,7 @@ class EmailApp(plinth.app.App): '/etc/dovecot/conf.d/05-freedombox-userdb.conf', '/etc/dovecot/conf.d/15-freedombox-auth.conf', '/etc/dovecot/conf.d/15-freedombox-mail.conf', + '/etc/dovecot/conf.d/90-freedombox-imap.conf', '/etc/dovecot/conf.d/90-freedombox-lmtp.conf', '/etc/dovecot/conf.d/90-freedombox-mailboxes.conf', '/etc/dovecot/conf.d/90-freedombox-master.conf', @@ -118,9 +119,11 @@ class EmailApp(plinth.app.App): '/etc/rspamd/local.d/freedombox-dkim-signing.conf' ]) self.add(dropin_configs) - dropin_configs_sieve = DropinConfigs( - 'dropin-configs-email-sieve', - ['/etc/dovecot/freedombox-sieve-after/sort-spam.sieve']) + dropin_configs_sieve = DropinConfigs('dropin-configs-email-sieve', [ + '/etc/dovecot/freedombox-sieve/learn-ham.sieve', + '/etc/dovecot/freedombox-sieve/learn-spam.sieve', + '/etc/dovecot/freedombox-sieve-after/sort-spam.sieve', + ]) self.add(dropin_configs_sieve) listen_ports = [(25, 'tcp4'), (25, 'tcp6'), (465, 'tcp4'), diff --git a/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/conf.d/90-freedombox-imap.conf b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/conf.d/90-freedombox-imap.conf new file mode 100644 index 000000000..b49b5df9c --- /dev/null +++ b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/conf.d/90-freedombox-imap.conf @@ -0,0 +1,8 @@ +# Do not edit this file. Manage your settings on FreedomBox. + +# Make rspamd learn spam/ham when the user marks mails as junk or not junk. +# https://doc.dovecot.org/2.3/configuration_manual/howto/antispam_with_sieve/ + +protocol imap { + mail_plugins = $mail_plugins imap_sieve +} diff --git a/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/conf.d/95-freedombox-sieve.conf b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/conf.d/95-freedombox-sieve.conf index 2b4ec8ccb..f6cfb9e62 100644 --- a/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/conf.d/95-freedombox-sieve.conf +++ b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/conf.d/95-freedombox-sieve.conf @@ -6,4 +6,21 @@ plugin { sieve_after = /etc/dovecot/freedombox-sieve-after + + # Make rspamd learn spam/ham when the user marks mails as junk or not junk. + # https://doc.dovecot.org/2.3/configuration_manual/howto/antispam_with_sieve/ + sieve_plugins = sieve_imapsieve sieve_extprograms + sieve_pipe_bin_dir = /usr/bin + sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment + + # From elsewhere to Junk folder + imapsieve_mailbox1_name = Junk + imapsieve_mailbox1_causes = COPY + imapsieve_mailbox1_before = file:/etc/dovecot/freedombox-sieve/learn-spam.sieve + + # From Junk folder to elsewhere + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Junk + imapsieve_mailbox2_causes = COPY + imapsieve_mailbox2_before = file:/etc/dovecot/freedombox-sieve/learn-ham.sieve } diff --git a/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/freedombox-sieve/learn-ham.sieve b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/freedombox-sieve/learn-ham.sieve new file mode 100644 index 000000000..e651129da --- /dev/null +++ b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/freedombox-sieve/learn-ham.sieve @@ -0,0 +1,6 @@ +require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment"]; +if environment "imap.mailbox" "Trash" { + # Putting spam in Trash mailbox is not significant + stop; +} +pipe :copy "rspamc" ["learn_ham"]; diff --git a/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/freedombox-sieve/learn-spam.sieve b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/freedombox-sieve/learn-spam.sieve new file mode 100644 index 000000000..ef4634ac5 --- /dev/null +++ b/plinth/modules/email/data/usr/share/freedombox/etc/dovecot/freedombox-sieve/learn-spam.sieve @@ -0,0 +1,2 @@ +require ["vnd.dovecot.pipe", "copy", "imapsieve"]; +pipe :copy "rspamc" ["learn_spam"]; diff --git a/plinth/modules/email/privileged/spam.py b/plinth/modules/email/privileged/spam.py index 43451f9e3..c42331393 100644 --- a/plinth/modules/email/privileged/spam.py +++ b/plinth/modules/email/privileged/spam.py @@ -31,8 +31,10 @@ def setup_spam(): def _compile_sieve(): """Compile all .sieve script to binary format for performance.""" - sieve_dir = '/etc/dovecot/freedombox-sieve-after/' - subprocess.run(['sievec', sieve_dir], check=True) + sieve_dirs = ['/etc/dovecot/freedombox-sieve-after/', + '/etc/dovecot/freedombox-sieve'] + for sieve_dir in sieve_dirs: + subprocess.run(['sievec', sieve_dir], check=True) def _setup_rspamd(): diff --git a/plinth/modules/firewall/__init__.py b/plinth/modules/firewall/__init__.py index d76f59968..cc16c659e 100644 --- a/plinth/modules/firewall/__init__.py +++ b/plinth/modules/firewall/__init__.py @@ -49,7 +49,7 @@ class FirewallApp(app_module.App): app_id = 'firewall' - _version = 4 + _version = 5 can_be_disabled = False diff --git a/plinth/modules/firewall/privileged.py b/plinth/modules/firewall/privileged.py index 8682d4d27..605c7e948 100644 --- a/plinth/modules/firewall/privileged.py +++ b/plinth/modules/firewall/privileged.py @@ -111,7 +111,7 @@ def _setup_local_service_protection(): for permanent in [[], ['--permanent']]: for ip_type in ['ipv4', 'ipv6']: for owner_type in ['--uid-owner', '--gid-owner']: - for user_group in ['root', 'www-data']: + for user_group in ['root', 'www-data', 'mail']: _add_rule(permanent, ip_type, '-A', 'OUTPUT', '-m', 'owner', owner_type, user_group, '-j', 'MARK', '--or-mark', '0x800000')