mailserver: Add sieve for spam

2023-04-30 16:13:08 +02:00 · 2023-04-30 16:13:08 +02:00 · 0e27e590e4
parent 687439cff9
commit 0e27e590e4
1 changed files with 68 additions and 0 deletions
--- a/modules/mailserver.nix
+++ b/modules/mailserver.nix
@ -303,6 +303,8 @@ in
      {
        enable = true;

+        modules = with pkgs; [ dovecot_pigeonhole ];
+
        enableLmtp = true;
        enablePAM = false;

@ -313,6 +315,20 @@ in
        sslServerCert = "${certDir}/fullchain.pem";
        sslServerKey = "${certDir}/key.pem";

+        mailboxes = {
+          Spam = { specialUse = "Junk"; auto = "subscribe"; };
+        };
+
+        sieveScripts = {
+          before = pkgs.writeText "spam.sieve" ''
+            require "fileinto";
+
+            if header :is "X-Spam" "Yes" {
+                fileinto "Spam";
+            }
+          '';
+        };
+
        extraConfig = ''
          # generated 2021-02-04, Mozilla Guideline v5.6, Dovecot 2.3.13, OpenSSL 1.1.1i, intermediate configuration
          # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.13&config=intermediate&openssl=1.1.1i&guideline=5.6
@ -321,6 +337,14 @@ in
          ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
          ssl_prefer_server_ciphers = no

+          protocol imap {
+            mail_plugins = $mail_plugins imap_sieve
+          }
+
+          protocol lmtp {
+            mail_plugins = $mail_plugins sieve
+          }
+
          service imap-login {
            inet_listener imap {
            }
@ -354,8 +378,52 @@ in

          lda_mailbox_autosubscribe = yes
          lda_mailbox_autocreate = yes
+
+          plugin {
+            sieve_plugins = sieve_imapsieve sieve_extprograms
+
+            ${lib.optionalString cfg.spam.enable ''
+            imapsieve_mailbox1_name = Spam
+            imapsieve_mailbox1_causes = COPY
+            imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/learn-spam.sieve
+
+            imapsieve_mailbox2_name = *
+            imapsieve_mailbox2_from = Spam
+            imapsieve_mailbox2_causes = COPY
+            imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/learn-ham.sieve
+            sieve_pipe_bin_dir = ${pkgs.symlinkJoin { name = "sieve-pipe-bin-dir"; paths = with pkgs; [ rspamd ]; } }/bin
+            ''}
+
+            sieve_global_extensions = +vnd.dovecot.pipe
+          }
        '';
      };
+    systemd.services.dovecot2.preStart = lib.mkIf cfg.spam.enable
+      (lib.mkAfter
+        (lib.concatStrings
+          (lib.mapAttrsToList
+            (name: content: ''
+              cp ${pkgs.writeText name content} /var/lib/dovecot/sieve/${name}
+            '')
+            {
+              "learn-spam.sieve" = ''
+                require ["vnd.dovecot.pipe", "copy", "imapsieve"];
+                pipe :copy "rspamc" ["learn_spam"];
+              '';
+              "learn-ham.sieve" = ''
+                require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
+
+                if environment :matches "imap.mailbox" "*" {
+                    set "mailbox" "''${1}";
+                }
+
+                if string "''${mailbox}" "Trash" {
+                    stop;
+                }
+
+                pipe :copy "rspamc" ["learn_ham"];
+              '';
+            })));

    # DNS (recursor for DNSBLs etc.)
    services.resolved.enable = false;