The default hook will use rspamc (the command-line client of rspamd) if
it is installed. rspamc will emit one suggested action, and then the
hook will interpret it and return accordingly.
Because the possible actions returned by rspamc are user-configured,
this patch adds a comment to make it clear that the hook will need
adjustment if the configuration uses non-default actions.
In particular, the greylisting module (which usually handles the
"greylist" action) is not run when using rspamc. This can cause
unnecessary rejections and is quite misleading.
This patch removes the "greylist" action handling; now the default hook
will only reject mail once it reaches rspamd's configured threshold for
direct rejection.
In the future, a more custom integration with rspamd might be added to
allow for rspamd-based greylisting, but until then this is a more
reasonable default.
Thanks to Jonas Seydel (thor77) and Max Mazurov (fox.cpp@disroot.org)
for noticing this issue, helping investigate, and discussing the course
of action.
When checking if the dkimsign command exists, the default hook doesn't
redirect the output to /dev/null, so if the command is present it will
emit unwanted output (interpreted as message headers, as expected).
This patch adds the missing redirection.
Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
Extended commit message.
The example post-data hook was missing a quote around a sub-shell
execution.
This is harmless because the content itself is admin-provided and not
related to user input, but this commit fixes the quote for defense in
depth and consistency.
Rspamd (https://rspamd.com/) is a popular open-source spam filtering
system.
This patch adds integration with it in the example hook, which uses the
rspamc client to get a veredict, similar to what it does for
Spamassassin.
This patch adds DKIM signing using https://github.com/driusan/dkim tools
to the example hook.
It also adds an optional integration test to exercise signing and
verification, and corresponding documentation.
