mailserver: Add spam filter
This commit is contained in:
parent
cec6a8de65
commit
0ca15315ad
GPG key ID:
8D3C82F9F309F8EC
|
|
@ -84,6 +84,9 @@ in
|
||||||
"spammer@example.com"
|
"spammer@example.com"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
spam = {
|
||||||
|
enable = (lib.mkEnableOption "spam filtering") // { default = true; };
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
@ -357,5 +360,55 @@ in
|
||||||
networking.resolvconf.extraConfig = ''
|
networking.resolvconf.extraConfig = ''
|
||||||
name_servers='127.0.0.53'
|
name_servers='127.0.0.53'
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# rspamd
|
||||||
|
sops.secrets.rspamd-worker-controller = lib.mkIf cfg.spam.enable {
|
||||||
|
owner = config.users.users.rspamd.name;
|
||||||
|
sopsFile = ../machines + "/${config.networking.hostName}/secrets.yaml";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.rspamd = {
|
||||||
|
enable = cfg.spam.enable;
|
||||||
|
postfix.enable = true;
|
||||||
|
workers = {
|
||||||
|
normal = {
|
||||||
|
includes = [ "$CONFDIR/worker-normal.inc" ];
|
||||||
|
bindSockets = lib.singleton {
|
||||||
|
socket = "/run/rspamd/rspamd.sock";
|
||||||
|
mode = "0660";
|
||||||
|
owner = "${config.services.rspamd.user}";
|
||||||
|
group = "${config.services.rspamd.group}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
controller = {
|
||||||
|
includes = [ "$CONFDIR/worker-controller.inc" ];
|
||||||
|
bindSockets = [ "127.0.0.1:11334" ] ++ lib.optional config.sbruder.wireguard.home.enable "${config.sbruder.wireguard.home.address}:11334";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
locals = {
|
||||||
|
"dkim_signing.conf".text = ''
|
||||||
|
enabled = false;
|
||||||
|
'';
|
||||||
|
"logging.inc".text = ''
|
||||||
|
# starts at info, drops to notice once started up
|
||||||
|
level = "silent";
|
||||||
|
'';
|
||||||
|
"milter_headers.conf".text = ''
|
||||||
|
extended_spam_headers = true;
|
||||||
|
'';
|
||||||
|
"redis.conf".text = ''
|
||||||
|
servers = "127.0.0.1:${toString config.services.redis.servers.rspamd.port}"
|
||||||
|
'';
|
||||||
|
"worker-controller.inc".source = config.sops.secrets.rspamd-worker-controller.path; # includes password
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.redis = lib.mkIf cfg.spam.enable {
|
||||||
|
vmOverCommit = true;
|
||||||
|
servers.rspamd = {
|
||||||
|
enable = true;
|
||||||
|
port = 6379;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue