From 7166e63b02723dd6b6d73b8fcd52b24f448692b4 Mon Sep 17 00:00:00 2001
From: fliu <10025-fliu@users.noreply.salsa.debian.org>
Date: Thu, 1 Jul 2021 09:34:15 +0000
Subject: [PATCH] email: Install rspamd; proxy its web interface

---
 plinth/modules/email_server/__init__.py       | 10 ++++++-
 plinth/modules/email_server/audit/__init__.py |  3 ++-
 plinth/modules/email_server/audit/spam.py     | 26 +++++++++++++++++++
 .../email-server-freedombox.conf              | 23 ++++++++++++++++
 4 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 plinth/modules/email_server/audit/spam.py
 create mode 100644 plinth/modules/email_server/data/etc/apache2/conf-available/email-server-freedombox.conf

diff --git a/plinth/modules/email_server/__init__.py b/plinth/modules/email_server/__init__.py
index 7785bfc7e..450b034ca 100644
--- a/plinth/modules/email_server/__init__.py
+++ b/plinth/modules/email_server/__init__.py
@@ -9,6 +9,7 @@ import plinth.daemon
 import plinth.frontpage
 import plinth.menu
 from plinth import actions
+from plinth.modules.apache.components import Webserver
 from plinth.modules.firewall.components import Firewall
 
 from . import audit
@@ -16,7 +17,8 @@ from . import manifest
 
 version = 1
 managed_packages = ['postfix', 'dovecot-pop3d', 'dovecot-imapd',
-                    'dovecot-lmtpd', 'dovecot-ldap', 'dovecot-managesieved']
+                    'dovecot-lmtpd', 'dovecot-ldap', 'dovecot-managesieved',
+                    'rspamd']
 managed_services = ['postfix', 'dovecot']
 app = None
 
@@ -50,6 +52,11 @@ class EmailServerApp(plinth.app.App):
         )
         self.add(menu_item)
 
+        # /rspamd location
+        webserver = Webserver('webserver-email', 'email-server-freedombox',
+                              urls=['https://{host}/rspamd'])
+        self.add(webserver)
+
         shortcut = plinth.frontpage.Shortcut(
             'shortcut_' + self.app_id,
             name=info.name,
@@ -96,6 +103,7 @@ def setup(helper, old_version=None):
     """Installs and configures module"""
     helper.install(managed_packages)
     helper.call('post', audit.ldap.repair)
+    helper.call('post', audit.spam.repair)
     helper.call('post', app.enable)
     for service_name in managed_services:
         actions.superuser_run('service', ['reload', service_name])
diff --git a/plinth/modules/email_server/audit/__init__.py b/plinth/modules/email_server/audit/__init__.py
index 80c90ceb5..41f1b99c6 100644
--- a/plinth/modules/email_server/audit/__init__.py
+++ b/plinth/modules/email_server/audit/__init__.py
@@ -5,5 +5,6 @@ Provides diagnosis and repair of email server configuration issues
 
 from . import ldap
 from . import domain
+from . import spam
 
-__all__ = ['ldap', 'domain']
+__all__ = ['ldap', 'domain', 'spam']
diff --git a/plinth/modules/email_server/audit/spam.py b/plinth/modules/email_server/audit/spam.py
new file mode 100644
index 000000000..a7ec22318
--- /dev/null
+++ b/plinth/modules/email_server/audit/spam.py
@@ -0,0 +1,26 @@
+"""Configures spam filters and the virus scanner"""
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+import logging
+
+from plinth import actions
+
+import plinth.modules.email_server.postconf as postconf
+
+milter_config = {
+    'milter_mail_macros': 'i {auth_type} {auth_authen} {auth_author} '\
+    '{client_addr} {client_name} {mail_addr} {mail_host} {mail_mailer}',
+    'smtpd_milters': 'inet:127.0.0.1:11332',
+    'non_smtpd_milters': 'inet:127.0.0.1:11332'
+}
+
+logger = logging.getLogger(__name__)
+
+
+def repair():
+    logger.debug('Updating postconf: %r', milter_config)
+    actions.superuser_run('email_server', ['ipc', 'spam', 'set_filter'])
+
+
+def action_set_filter():
+    postconf.set_many(milter_config)
diff --git a/plinth/modules/email_server/data/etc/apache2/conf-available/email-server-freedombox.conf b/plinth/modules/email_server/data/etc/apache2/conf-available/email-server-freedombox.conf
new file mode 100644
index 000000000..f674fc07c
--- /dev/null
+++ b/plinth/modules/email_server/data/etc/apache2/conf-available/email-server-freedombox.conf
@@ -0,0 +1,23 @@
+<Location ~ "/rspamd$">
+    Redirect "/rspamd/"
+</Location>
+
+<Location ~ "/rspamd/">
+    ProxyPass http://127.0.0.1:11334/
+    ProxyPassReverse http://127.0.0.1:11334/
+    # Modify proxy headers
+    ProxyAddHeaders off
+    RequestHeader unset Forwarded
+    RequestHeader unset Via
+    RequestHeader unset X-Forwarded-For
+    RequestHeader unset X-Forwarded-Host
+    RequestHeader unset X-Forwarded-Proto
+    RequestHeader unset X-Forwarded-Server
+    RequestHeader unset X-Real-IP
+    RequestHeader set X-Forwarded-For "127.0.0.1"
+    # Require SSO
+    Include includes/freedombox-single-sign-on.conf
+    <IfModule mod_auth_pubtkt.c>
+        TKTAuthToken "admin"
+    </IfModule>
+</Location>