mailserver: Add spam filter

This commit is contained in:
Simon Bruder 2023-04-27 23:07:27 +02:00
parent cec6a8de65
commit 0ca15315ad
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -84,6 +84,9 @@ in
"spammer@example.com"
];
};
spam = {
enable = (lib.mkEnableOption "spam filtering") // { default = true; };
};
};
config = lib.mkIf cfg.enable {
@ -357,5 +360,55 @@ in
networking.resolvconf.extraConfig = ''
name_servers='127.0.0.53'
'';
# rspamd
sops.secrets.rspamd-worker-controller = lib.mkIf cfg.spam.enable {
owner = config.users.users.rspamd.name;
sopsFile = ../machines + "/${config.networking.hostName}/secrets.yaml";
};
services.rspamd = {
enable = cfg.spam.enable;
postfix.enable = true;
workers = {
normal = {
includes = [ "$CONFDIR/worker-normal.inc" ];
bindSockets = lib.singleton {
socket = "/run/rspamd/rspamd.sock";
mode = "0660";
owner = "${config.services.rspamd.user}";
group = "${config.services.rspamd.group}";
};
};
controller = {
includes = [ "$CONFDIR/worker-controller.inc" ];
bindSockets = [ "127.0.0.1:11334" ] ++ lib.optional config.sbruder.wireguard.home.enable "${config.sbruder.wireguard.home.address}:11334";
};
};
locals = {
"dkim_signing.conf".text = ''
enabled = false;
'';
"logging.inc".text = ''
# starts at info, drops to notice once started up
level = "silent";
'';
"milter_headers.conf".text = ''
extended_spam_headers = true;
'';
"redis.conf".text = ''
servers = "127.0.0.1:${toString config.services.redis.servers.rspamd.port}"
'';
"worker-controller.inc".source = config.sops.secrets.rspamd-worker-controller.path; # includes password
};
};
services.redis = lib.mkIf cfg.spam.enable {
vmOverCommit = true;
servers.rspamd = {
enable = true;
port = 6379;
};
};
};
}