From eadc7ff8ca7cb7b16301d863fa5f02b6d2ef2fb0 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Wed, 22 Oct 2025 11:33:20 +0700
Subject: [PATCH] docker: Use spamass-milter

---
 Dockerfile                                          | 13 +++++++++++--
 .../authentication_milter.json                      |  6 ++++++
 docker/postfix/main.cf                              |  4 ++--
 docker/postfix/master.cf                            |  5 -----
 docker/supervisor/supervisord.conf                  | 12 ++++++++++++
 5 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index eee71bd..6e099f6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,12 +31,13 @@ COPY --from=nodebuild /build/web/build/ ./web/build/
 RUN go generate ./... && \
     CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -ldflags="-w -s" -o happyDeliver ./cmd/happyDeliver
 
-# Stage 3: Prepare perl
+# Stage 3: Prepare perl and spamass-milt
 FROM alpine:3 AS pl
 
 RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
     apk add --no-cache \
     build-base \
+    libmilter-dev \
     musl-obstack-dev \
     openssl \
     openssl-dev \
@@ -68,6 +69,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/a
     perl-variable-magic \
     perl-xml-libxml \
     perl-dev \
+    spamassassin-client \
     zlib-dev \
     && \
     ln -s /usr/bin/ld /bin/ld
@@ -75,6 +77,11 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/a
 RUN cpanm --notest Mail::SPF && \
     cpanm --notest Mail::Milter::Authentication
 
+RUN wget https://download.savannah.nongnu.org/releases/spamass-milt/spamass-milter-0.4.0.tar.gz && \
+    tar xzf spamass-milter-0.4.0.tar.gz && \
+    cd spamass-milter-0.4.0 && \
+    ./configure && make install
+
 # Stage 4: Runtime image with Postfix and all filters
 FROM alpine:3
 
@@ -83,6 +90,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/a
     apk add --no-cache \
     bash \
     ca-certificates \
+    libmilter \
     openssl \
     perl \
     perl-alien-libxml2 \
@@ -134,8 +142,9 @@ RUN mkdir -p /etc/happydeliver \
     /var/cache/authentication_milter \
     /var/lib/authentication_milter \
     /var/spool/postfix/authentication_milter \
+    /var/spool/postfix/spamassassin \
     && chown -R happydeliver:happydeliver /var/lib/happydeliver /var/log/happydeliver \
-    && chown -R mail:mail /var/spool/postfix/authentication_milter
+    && chown -R mail:mail /var/spool/postfix/authentication_milter /var/spool/postfix/spamassassin
 
 # Copy the built application
 COPY --from=builder /build/happyDeliver /usr/local/bin/happyDeliver
diff --git a/docker/authentication_milter/authentication_milter.json b/docker/authentication_milter/authentication_milter.json
index 2f65d3b..5db3bbc 100644
--- a/docker/authentication_milter/authentication_milter.json
+++ b/docker/authentication_milter/authentication_milter.json
@@ -18,6 +18,12 @@
         "Sanitize" : {
             "hosts_to_remove" : [
                 "__HOSTNAME__"
+            ],
+            "extra_auth_results_types" : [
+                "X-Spam-Status",
+                "X-Spam-Report",
+                "X-Spam-Level",
+                "X-Spam-Checker-Version"
             ]
         },
 
diff --git a/docker/postfix/main.cf b/docker/postfix/main.cf
index e7d1fb0..fcdb75c 100644
--- a/docker/postfix/main.cf
+++ b/docker/postfix/main.cf
@@ -10,7 +10,7 @@ inet_interfaces = all
 inet_protocols = ipv4
 
 # Recipient settings
-mydestination = $myhostname, localhost.$mydomain, localhost
+mydestination = localhost.$mydomain, localhost
 mynetworks = 127.0.0.0/8 [::1]/128
 
 # Relay settings - accept mail for our test domain
@@ -28,7 +28,7 @@ transport_maps = pcre:/etc/postfix/transport_maps
 # OpenDKIM for DKIM verification
 milter_default_action = accept
 milter_protocol = 6
-smtpd_milters = unix:/var/spool/postfix/authentication_milter/authentication_milter.sock
+smtpd_milters = unix:/var/spool/postfix/authentication_milter/authentication_milter.sock unix:/var/spool/postfix/spamassassin/spamass-milter.sock
 non_smtpd_milters = $smtpd_milters
 
 # SPF policy checking
diff --git a/docker/postfix/master.cf b/docker/postfix/master.cf
index 92976a4..9c2ac57 100644
--- a/docker/postfix/master.cf
+++ b/docker/postfix/master.cf
@@ -2,7 +2,6 @@
 
 # SMTP service
 smtp      inet  n       -       n       -       -       smtpd
-  -o content_filter=spamassassin
 
 # Pickup service
 pickup    unix  n       -       n       60      1       pickup
@@ -74,10 +73,6 @@ scache    unix  -       -       n       -       1       scache
 maildrop  unix  -       n       n       -       -       pipe
   flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
 
-# SPF policy service
-policy-spf unix -       n       n       -       0       spawn
-  user=nobody argv=/usr/bin/postfix-policyd-spf-perl
-
 # SpamAssassin content filter
 spamassassin unix -     n       n       -       -       pipe
   user=mail argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
diff --git a/docker/supervisor/supervisord.conf b/docker/supervisor/supervisord.conf
index 4d4ff32..c0c7002 100644
--- a/docker/supervisor/supervisord.conf
+++ b/docker/supervisor/supervisord.conf
@@ -43,6 +43,18 @@ stdout_logfile=/var/log/happydeliver/spamd.log
 stderr_logfile=/var/log/happydeliver/spamd_error.log
 user=root
 
+# SpamAssassin milter
+[program:spamass_milter]
+command=/usr/local/sbin/spamass-milter -p /var/spool/postfix/spamassassin/spamass-milter.sock -m
+autostart=true
+autorestart=true
+priority=7
+stdout_logfile=/var/log/happydeliver/spamass-milter.log
+stderr_logfile=/var/log/happydeliver/spamass-milter_error.log
+user=mail
+group=mail
+umask=007
+
 # Postfix service
 [program:postfix]
 command=/usr/sbin/postfix start-fg