new: spamassassin

.gitea/workflows/container.yml

@@ -43,3 +43,10 @@ jobs:
           context: fuglu
           push: true
           tags: git.domainforge.de/public/fuglu:latest
+
+      - name: Build and push SpamAssassin Container
+        uses: docker/build-push-action@v2
+        with:
+          context: spamassassin
+          push: true
+          tags: git.domainforge.de/public/spamassassin:latest

spamassassin/Dockerfile

@@ -0,0 +1,24 @@
+FROM debian:bookworm-slim
+
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y --purge autoremove && \
+    apt-get -y install wget spamd spamc cron sudo && \
+    apt-get -y clean && \
+    mkdir -p /spamd/etc /spamd/run /spamd/home /spamd/gpg /spamd/compiled && \
+    chmod 0700 /spamd/gpg && \
+    chown -R debian-spamd:debian-spamd /spamd
+
+COPY sudoers /etc/sudoers.d/spamd
+COPY --chmod=0755 cron /etc/cron.daily/spamd
+
+EXPOSE 783/tcp
+
+USER debian-spamd:debian-spamd
+
+ENV PERL5LIB=/spamd/compiled
+
+RUN sa-update --gpghomedir=/spamd/gpg --updatedir=/spamd/etc && \
+    sa-compile --configpath=/spamd/etc --updatedir=/spamd/compiled
+
+CMD sudo /usr/sbin/cron && /usr/sbin/spamd --syslog=stderr --configpath=/spamd/etc --helper-home-dir=/spamd/home --pidfile=/spamd/run/spamd.pid --create-prefs --max-children 5 --listen-ip=0.0.0.0 --allowed-ips=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,127.0.0.0/8

spamassassin/cron

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# drop priviledges
+if [ "$(id -u)" -eq 0 ]; then
+    exec sudo -H -u debian-spamd $0 "$@"
+fi
+
+/usr/bin/sa-update --gpghomedir=/spamd/gpg --updatedir=/spamd/etc && \
+/usr/bin/sa-compile --configpath=/spamd/etc --updatedir=/spamd/compiled && \
+kill -HUP `cat /spamd/run/spamd.pid`

spamassassin/sudoers

@@ -0,0 +1 @@
+debian-spamd  ALL = NOPASSWD: /usr/sbin/cron