simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity
nixos-config/modules/mailserver/rspamd.nix

85 lines
2.6 KiB
Nix
Raw Normal View History

Relicense This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
2024-01-06 01:19:35 +01:00
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
mailserver: Separate into multiple files
2023-05-31 13:11:12 +02:00
{ config, lib, ... }:
let
cfg = config.sbruder.mailserver;
in
{
options.sbruder.mailserver.spam = {
enable = (lib.mkEnableOption "spam filtering") // { default = true; };
};
config = lib.mkIf (cfg.enable && cfg.spam.enable) {
sops.secrets.rspamd-worker-controller = {
owner = config.users.users.rspamd.name;
sopsFile = ../../machines + "/${config.networking.hostName}/secrets.yaml";
};
services.rspamd = {
enable = true;
postfix.enable = true;
workers = {
normal = {
includes = [ "$CONFDIR/worker-normal.inc" ];
bindSockets = lib.singleton {
socket = "/run/rspamd/rspamd.sock";
mode = "0660";
owner = "${config.services.rspamd.user}";
group = "${config.services.rspamd.group}";
};
};
controller = {
includes = [ "$CONFDIR/worker-controller.inc" ];
bindSockets = [ "127.0.0.1:11334" ] ++ lib.optional config.sbruder.wireguard.home.enable "${config.sbruder.wireguard.home.address}:11334";
};
};
locals = {
"dkim_signing.conf".text = ''
enabled = false;
'';
"logging.inc".text = ''
# starts at info, drops to notice once started up
level = "silent";
'';
"milter_headers.conf".text = ''
extended_spam_headers = true;
'';
"multimap.conf".text = ''
mailserver: Remove rejectSenders This now gets handled by rspamd with a dynamic map.
2023-05-31 13:40:48 +02:00
SENDER_BLOCKED {
type = "from";
filter = "email:addr";
map = "/var/lib/rspamd/blocked_senders.map";
symbol = "SENDER_BLOCKED";
description = "Senders address is manually blocked";
prefilter = true;
action = "reject";
score = 30.0;
}
mailserver: Separate into multiple files
2023-05-31 13:11:12 +02:00
SENDER_DOMAIN_BLOCKED {
type = "from";
filter = "email:domain:tld";
map = "/var/lib/rspamd/blocked_sender_domains.map";
symbol = "SENDER_DOMAIN_BLOCKED";
description = "Senders effective second level domain is manually blocked";
score = 8.0;
}
'';
"redis.conf".text = ''
servers = "127.0.0.1:${toString config.services.redis.servers.rspamd.port}"
'';
"worker-controller.inc".source = config.sops.secrets.rspamd-worker-controller.path; # includes password
};
};
services.redis = {
vmOverCommit = true;
servers.rspamd = {
enable = true;
port = 6379;
};
};
};
}
Reference in a new issue Copy permalink