Use relaynets in rmilter whitelist, fixes #140

rmilter/Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:edge
 
 RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
- && apk add --no-cache rmilter@testing rsyslog
+ && apk add --no-cache rmilter@testing rsyslog bash
 
 COPY rmilter.conf /etc/rmilter.conf
 COPY rsyslog.conf /etc/rsyslog.conf

rmilter/rmilter.conf

@@ -54,7 +54,7 @@ spamd {
 	# reject_message - reject message for spam
 	reject_message = "Spam message rejected; If this is not spam contact abuse";
 	# whitelist - list of ips or nets that should be not checked with spamd
-	whitelist = 127.0.0.1/32, [::1]/128;
+	whitelist = 127.0.0.1/32, [::1]/128, {{ WHITELIST }};
 	# rspamd_metric - metric for using with rspamd
 	rspamd_metric = "default";
   # Do not reject, add header
@@ -91,7 +91,7 @@ redis {
 # limits section
 limits {
 	# Whitelisted ip or networks
-	limit_whitelist = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, [::1]/128;
+	limit_whitelist = 127.0.0.1, [::1]/128, {{ WHITELIST }};
 	# Whitelisted recipients
 	limit_whitelist_rcpt =  postmaster, mailer-daemon;
 	# Addrs for bounce checks
@@ -112,7 +112,7 @@ limits {
 greylisting {
 	timeout = 300s;
 	expire = 3d;
-	whitelist = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, [::1]/128;
+	whitelist = 127.0.0.1, [::1]/128, {{ WHITELIST }};
 };
 
 dkim {
@@ -125,7 +125,7 @@ dkim {
   body_canon = relaxed;
   sign_alg = sha256;
   auth_only = yes;
-  sign_networks = 127.0.0.1, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, [::1]/128;
+  sign_networks = 127.0.0.1, [::1]/128, {{ WHITELIST }};
 };
 
 # .try_include /overrides/rmilter.conf

rmilter/start.sh

@@ -1,4 +1,11 @@
-#!/bin/sh
+#!/bin/bash
+
+export WHITELIST=$(echo "$RELAYNETS" | sed 's/ /,/g')
+
+# Substitute configuration
+for VARIABLE in `env | cut -f1 -d=`; do
+  sed -i "s={{ $VARIABLE }}=${!VARIABLE}=g" /etc/rmilter.conf
+done
 
 rm -f /var/run/rsyslogd.pid
 rmilter -c /etc/rmilter.conf