#!/usr/bin/python3
import os
import sys
import subprocess
import re
CUSTOM_CF_PATH = '/etc/mail/spamassassin/custom.cf'
def get_exim_conf():
if os.path.exists('/etc/exim4/exim4.conf.template'):
return '/etc/exim4/exim4.conf.template'
elif os.path.exists('/etc/exim/exim.conf'):
return '/etc/exim/exim.conf'
return '/etc/exim.conf'
EXIM_CONF_PATH = get_exim_conf()
def get_exim_service():
return 'exim4' if 'exim4' in EXIM_CONF_PATH else 'exim'
def esc(text):
return str(text).replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"')
def parse_config():
config = {
'required_score': '5.0', 'report_safe': '1',
'use_bayes': '1', 'bayes_auto_learn': '1',
'ok_languages': '', 'trusted_networks': '', 'int_nets': '',
'sa_score_reject': '50',
'whitelist_from': [], 'blacklist_from': [],
}
extra_lines = []
if os.path.exists(CUSTOM_CF_PATH):
with open(CUSTOM_CF_PATH, 'r', encoding='utf-8', errors='replace') as f:
for line in f:
stripped = line.strip()
if not stripped or stripped.startswith('#'):
extra_lines.append(line.rstrip('\n'))
continue
parts = stripped.split(None, 1)
if len(parts) < 2:
extra_lines.append(line.rstrip('\n'))
continue
key, value = parts[0], parts[1]
if key == 'internal_networks': config['int_nets'] = value
elif key == 'whitelist_from': config['whitelist_from'].append(value)
elif key == 'blacklist_from': config['blacklist_from'].append(value)
elif key in config: config[key] = value
elif key == 'loadplugin': pass
else: extra_lines.append(line.rstrip('\n'))
config['sa_score_reject'] = read_exim_sa_score_reject()
# Убираем пустые строки в начале и конце extra_lines
while extra_lines and not extra_lines[0].strip():
extra_lines.pop(0)
while extra_lines and not extra_lines[-1].strip():
extra_lines.pop()
return config, extra_lines
def read_exim_sa_score_reject():
try:
if os.path.exists(EXIM_CONF_PATH):
with open(EXIM_CONF_PATH, 'r', encoding='utf-8', errors='replace') as f:
for line in f:
m = re.search(r'SA_SCORE_REJECT\s*=\s*(\d+)', line)
if m: return m.group(1)
except: pass
return '50'
def write_exim_sa_score_reject(value):
try:
if not os.path.exists(EXIM_CONF_PATH): return
with open(EXIM_CONF_PATH, 'r') as f: content = f.read()
new_val = str(value).strip()
if re.search(r'SA_SCORE_REJECT\s*=', content):
new_content = re.sub(r'SA_SCORE_REJECT\s*=\s*\d+', 'SA_SCORE_REJECT = ' + new_val, content)
else: new_content = 'SA_SCORE_REJECT = ' + new_val + '\n' + content
if new_content != content:
with open(EXIM_CONF_PATH, 'w') as f: f.write(new_content)
except: pass
def print_form(config, extra, ok_msg=None, err_msg=None):
b1 = config['use_bayes'].strip()
b2 = config['bayes_auto_learn'].strip()
bc1 = 'checked="yes"' if b1 == '1' else ''
bc2 = 'checked="yes"' if b2 == '1' else ''
print('')
print('')
if ok_msg:
print('' + esc(ok_msg) + '')
if err_msg:
print('' + esc(err_msg) + '')
print('')
print('')
print('')
print('' + esc(config['required_score']) + '')
print('' + esc(config['sa_score_reject']) + '')
print('' + esc(config['report_safe']) + '')
print('' + esc(config['ok_languages']) + '')
print('' + esc(config['trusted_networks']) + '')
print('' + esc(config['int_nets']) + '')
if b1 == '1': print('on')
if b2 == '1': print('on')
print('' + esc('\n'.join(config['whitelist_from'])) + '')
print('' + esc('\n'.join(config['blacklist_from'])) + '')
print('' + esc('\n'.join(extra)) + '')
print('')
print('0 - Add report to message body')
print('1 - Attach original as MIME part (safest)')
print('2 - Attach original as text MIME part')
print('')
print('')
print('SpamAssassin Configuration')
print('Spam Threshold Score')
print('Messages with score above this value will be marked as spam. Lower = more aggressive filtering. Default: 5.0. Recommended range: 3.0 (strict) to 7.0 (loose).')
print('Exim SA_SCORE_REJECT')
print('Messages with score above this value will be rejected by Exim before delivery. Must be higher than required_score. Default: 50.')
print('Report Format')
print('How to handle spam messages: 0 = add report to body, 1 = attach original as MIME part (safest), 2 = attach original as text MIME part.')
print('Allowed Languages')
print('Only accept emails in these languages. ISO codes space-separated (e.g. ru en de). Empty = allow all. Requires TextCat plugin.')
print('Trusted Networks')
print('IP addresses or CIDR ranges that are fully trusted. Emails from these hosts skip all spam checks. Example: 192.168.1.0/24 10.0.0.1')
print('Internal Networks')
print('IP addresses or CIDR ranges considered internal. Must be a subnet of Trusted Networks. Example: 10.0.0.0/8 (if trusted is 10.0.0.0/8 or wider).')
print('Use Bayesian Filter')
print('Enable the self-learning Bayesian classifier. It analyzes words and phrases to improve spam detection over time. Recommended: ON.')
print('Auto-learn Bayes')
print('Automatically train the Bayesian filter on high-confidence emails (very high or very low spam score). Recommended: ON.')
print('Whitelist')
print('Email addresses or domains that will NEVER be marked as spam. One entry per line. Examples: *@yourcompany.com, partner@trusted-domain.com')
print('Blacklist')
print('Email addresses or domains that will ALWAYS be marked as spam. One entry per line. Examples: *@spam-domain.com, baduser@gmail.com')
print('Additional Settings')
print('Any additional SpamAssassin configuration directives (custom rules, score modifications, plugin settings, etc.). These lines will be appended to custom.cf as-is.')
print('Save and Restart')
print('Reset Bayes DB')
print('Clear all Bayesian filter training data. Use this if the filter has learned incorrectly and needs a fresh start.')
print('')
print('')
def build_custom_cf(config, extra_lines):
lines = []
if config.get('ok_languages', '').strip(): lines.append('loadplugin Mail::SpamAssassin::Plugin::TextCat')
lines.append('required_score ' + config.get('required_score', '5.0').strip())
lines.append('report_safe ' + config.get('report_safe', '1').strip())
lines.append('use_bayes ' + config.get('use_bayes', '1'))
lines.append('bayes_auto_learn ' + config.get('bayes_auto_learn', '1'))
for key in ['ok_languages', 'trusted_networks']:
val = config.get(key, '').strip()
if val: lines.append(key + ' ' + val)
int_val = config.get('int_nets', '').strip()
if int_val: lines.append('internal_networks ' + int_val)
for addr in config.get('whitelist_from', []):
if addr.strip(): lines.append('whitelist_from ' + addr.strip())
for addr in config.get('blacklist_from', []):
if addr.strip(): lines.append('blacklist_from ' + addr.strip())
# Добавляем extra_lines без лишней пустой строки
if extra_lines:
filtered = [l for l in extra_lines if l.strip()] # Только непустые
if filtered:
lines.append('')
for line in filtered:
if not line.strip().startswith('loadplugin'):
lines.append(line)
return '\n'.join(lines) + '\n'
def lint_config(config_content):
try:
old_exists = os.path.exists(CUSTOM_CF_PATH)
old_content = ''
if old_exists:
with open(CUSTOM_CF_PATH) as f: old_content = f.read()
with open(CUSTOM_CF_PATH, 'w') as f: f.write(config_content)
result = subprocess.run(['spamassassin', '--lint'], capture_output=True, text=True, timeout=30)
if old_exists:
with open(CUSTOM_CF_PATH, 'w') as f: f.write(old_content)
else: os.remove(CUSTOM_CF_PATH)
issues = []
for line in result.stderr.split('\n') + result.stdout.split('\n'):
if line.strip() and ('warn:' in line.lower() or 'error:' in line.lower()):
issues.append(line.split('] ', 1)[-1] if '] ' in line else line.strip())
return len(issues) == 0, '\n'.join(issues[-5:]) if issues else ''
except: return True, ''
def save_custom_cf(config, extra_lines):
with open(CUSTOM_CF_PATH, 'w') as f: f.write(build_custom_cf(config, extra_lines))
def restart_svc(name):
for cmd in [['systemctl', 'restart', name], ['service', name, 'restart']]:
try: subprocess.run(cmd, capture_output=True, text=True, timeout=30)
except: pass
def restart_all():
restart_svc('spamassassin')
restart_svc(get_exim_service())
def reset_bayes():
for cmd in [['sa-learn', '--clear']]:
try: subprocess.run(cmd, capture_output=True, text=True, timeout=60)
except: pass
# ========== MAIN ==========
try:
clicked = os.environ.get('PARAM_clicked_button', '')
sok = os.environ.get('sok', '')
is_save = (clicked == 'save') or (sok == 'ok' and clicked != 'reset_bayes')
is_reset = (clicked == 'reset_bayes')
if is_save:
config, old_extra = parse_config()
for f in ['required_score', 'report_safe', 'ok_languages', 'trusted_networks', 'int_nets', 'sa_score_reject']:
val = os.environ.get('PARAM_' + f, '')
if val: config[f] = val
config['use_bayes'] = '1' if os.environ.get('PARAM_use_bayes') == 'on' else '0'
config['bayes_auto_learn'] = '1' if os.environ.get('PARAM_bayes_auto_learn') == 'on' else '0'
if 'PARAM_whitelist_from' in os.environ:
config['whitelist_from'] = [a.strip() for a in os.environ['PARAM_whitelist_from'].split('\n') if a.strip()]
if 'PARAM_blacklist_from' in os.environ:
config['blacklist_from'] = [a.strip() for a in os.environ['PARAM_blacklist_from'].split('\n') if a.strip()]
extra_text = os.environ.get('PARAM_extra_config', '')
new_extra = [l for l in extra_text.split('\n')]
cf = build_custom_cf(config, new_extra)
ok, err = lint_config(cf)
if ok:
try:
sr = int(config['sa_score_reject'])
if sr < 1 or sr > 1000: raise ValueError
except:
config, extra = parse_config()
print_form(config, extra, err_msg='SA_SCORE_REJECT must be 1-1000')
sys.exit(0)
save_custom_cf(config, new_extra)
write_exim_sa_score_reject(config['sa_score_reject'])
restart_all()
config, extra = parse_config()
print_form(config, extra, ok_msg='Saved and restarted')
else:
config, extra = parse_config()
print_form(config, extra, err_msg='Lint failed:\n' + err)
elif is_reset:
reset_bayes()
config, extra = parse_config()
print_form(config, extra, ok_msg='Bayes reset')
else:
config, extra = parse_config()
print_form(config, extra)
except Exception as e:
print('' + esc(str(e)) + '')