From a365f5e866f880d8a38f970f3d641dc31c334ef4 Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Tue, 28 May 2024 19:51:41 +0000
Subject: [PATCH] wip: add spamassasin scripts & local.cf

---
 roles/mail/files/scripts/spam_check.sh |  2 +
 roles/mail/files/scripts/spam_learn.sh | 12 ++++
 roles/mail/files/spamassasin/local.cf  | 76 ++++++++++++++++++++++++++
 3 files changed, 90 insertions(+)
 create mode 100644 roles/mail/files/scripts/spam_check.sh
 create mode 100644 roles/mail/files/scripts/spam_learn.sh
 create mode 100644 roles/mail/files/spamassasin/local.cf

diff --git a/roles/mail/files/scripts/spam_check.sh b/roles/mail/files/scripts/spam_check.sh
new file mode 100644
index 0000000..575b706
--- /dev/null
+++ b/roles/mail/files/scripts/spam_check.sh
@@ -0,0 +1,2 @@
+cat "${1}" | sudo -H -u debian-spamd spamassassin --test-mode --local --cf="bayes_auto_learn 0" \
+ --cf='add_header all Spam-Tokens-Spammy _SPAMMYTOKENS(20,compact)_'  --cf='add header all Spam-Tokens-Hammy _HAMMYTOKENS(20,compact)_' | less
diff --git a/roles/mail/files/scripts/spam_learn.sh b/roles/mail/files/scripts/spam_learn.sh
new file mode 100644
index 0000000..cd326d8
--- /dev/null
+++ b/roles/mail/files/scripts/spam_learn.sh
@@ -0,0 +1,12 @@
+set e
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --spam /var/dovecot/spamsink/Maildir/cur/
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --ham /var/dovecot/yannik.schmidt/Maildir/.Archives.2024
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --ham /var/dovecot/yannik.schmidt/Maildir/.Archives.freelancermap
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --ham /var/dovecot/yannik.schmidt/Maildir/.Trash
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --ham /var/dovecot/sheppy/Maildir/.Archives.2024
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --ham /var/dovecot/sheppy/Maildir/.Trash
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --ham /var/dovecot/yannik.schmidt/Maildir/.INBOX.Job2024.Ferchau\ -\ G\&APw-nther\ Anlagen/
+sa-learn --progress -p /etc/spamassassin/local.cf --no-sync --ham /var/dovecot/yannik.schmidt/Maildir/.INBOX.Job2024.SINC-AfA/
+ sudo -u spamd sa-compile
+ systemctl restart spamassassin.service
+ mv /var/dovecot/spamsink/Maildir/cur/* /var/dovecot/spamsink/Maildir/.Learned/
diff --git a/roles/mail/files/spamassasin/local.cf b/roles/mail/files/spamassasin/local.cf
new file mode 100644
index 0000000..73454b5
--- /dev/null
+++ b/roles/mail/files/spamassasin/local.cf
@@ -0,0 +1,76 @@
+ifplugin Mail::SpamAssassin::Plugin::AskDNS
+
+askdns __DMARC_POLICY_NONE _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=none;/
+askdns __DMARC_POLICY_QUAR _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=quarantine;/
+askdns __DMARC_POLICY_REJECT _dmarc._AUTHORDOMAIN_ TXT /^v=DMARC1;.*\bp=reject;/
+
+meta DMARC_REJECT !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_REJECT
+score DMARC_REJECT 10
+
+meta DMARC_QUAR !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_QUAR
+score DMARC_QUAR 3
+
+meta DMARC_NONE !(DKIM_VALID_AU || SPF_PASS) && __DMARC_POLICY_NONE
+score DMARC_NONE 2
+
+endif # Mail::SpamAssassin::Plugin::AskDNS
+
+
+score DKIM_INVALID 5
+
+header      LOCAL_FROM_TLD_BASE  From   =~ /@[a-z0-9\-\.]+\.*/i
+describe    LOCAL_FROM_TLD_BASE         Match any Domain
+score       LOCAL_FROM_TLD_BASE 2
+
+header      LOCAL_FROM_TLD  From   =~ /@[a-z0-9\-\.]+\.(de|com|org)[>\s]*\z/i
+describe    LOCAL_FROM_TLD         Match standard domains
+score       LOCAL_FROM_TLD  -3
+
+header      OBFUSCATED_FROM_TLD  From   =~ /@[a-z0-9\-\.]+\.(de|com|org)\..+/i
+describe    OBFUSCATED_FROM_TLD         Obfuscation attempt in FROM TLD
+score       OBFUSCATED_FROM_TLD  5
+
+header      MAIL_CHIMP_MARKETING  Return-Path =~ /@.*bounce-mc.+/i
+describe    MAIL_CHIMP_MARKETING         Mailchimp Marketing Lists
+score       MAIL_CHIMP_MARKETING  5
+
+header UTF_BASE64_SUBJECT Subject =~ /.*=\?utf-[0-9]+\?.*/i
+describe UTF_BASE64_SUBJECT UTF_X base64 encoded subject
+score    UTF_BASE64_SUBJECT 1
+
+score HTML_MESSAGE 1
+score URIBL_ABUSE_SURBL 5
+score HTML_IMAGE_ONLY_24 2
+score HTML_IMAGE_ONLY_28 2
+score HTML_IMAGE_RATIO_02 2
+score BAYES_999 3
+debug 1
+
+# Bayes
+use_bayes 1
+use_bayes_rules 1
+
+bayes_auto_learn 0
+bayes_file_mode 0660
+bayes_path /etc/spamassassin/bayes/bayes
+bayes_file_mode 0770
+
+bayes_min_ham_num 40
+bayes_min_spam_num 40
+
+bayes_ignore_header X-Bogosity
+bayes_ignore_header X-Spam-Flag
+bayes_ignore_header X-Spam-Status
+include /usr/share/spamassassin/
+
+required_hits 3.1
+
+clear_report_template
+report Hello!
+report This is the atlantis-mailsystem reporting in. This mail is likely spam. Proceed with maximum caution.
+report
+report Content analysis details:   (_SCORE_ points, _REQD_ required)
+report
+report " pts rule name              description"
+report  ---- ---------------------- --------------------------------------------------
+report _SUMMARY_