From db391a39076c838389cb7c2e4d5b2fbbf38e7d10 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Wed, 31 May 2023 13:40:48 +0200 Subject: [PATCH] mailserver: Remove rejectSenders This now gets handled by rspamd with a dynamic map. --- machines/vueko/configuration.nix | 1 - machines/vueko/secrets/mail-reject-senders.nix | Bin 126 -> 0 bytes modules/mailserver/default.nix | 9 --------- modules/mailserver/postfix.nix | 10 +--------- modules/mailserver/rspamd.nix | 10 ++++++++++ 5 files changed, 11 insertions(+), 19 deletions(-) delete mode 100644 machines/vueko/secrets/mail-reject-senders.nix diff --git a/machines/vueko/configuration.nix b/machines/vueko/configuration.nix index 2fc8c36..cfcd6ee 100644 --- a/machines/vueko/configuration.nix +++ b/machines/vueko/configuration.nix @@ -26,7 +26,6 @@ ]; autoconfig.enable = true; users = import ./secrets/mail-users.nix; - rejectSenders = import ./secrets/mail-reject-senders.nix; }; }; diff --git a/machines/vueko/secrets/mail-reject-senders.nix b/machines/vueko/secrets/mail-reject-senders.nix deleted file mode 100644 index f4d125508b939b9db61370b6916fb6bb7b627805..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 126 zcmV-^0D=DiM@dveQdv+`0Nlo;NKe1zgd*t7i}0LVS#tmD5B?5vSnU0wvF@VovlRO1 zW=yXAU_loANBslrJ0M>E3GjkBWJp*10-Jljxf%q5i{pkNS!2z^vlh8&HmuI1XE80c ga|I@jUbJG>jJH3t4`D)H7G4>#&s`RAmg*_P2->1O)c^nh diff --git a/modules/mailserver/default.nix b/modules/mailserver/default.nix index de75815..6c7aeed 100644 --- a/modules/mailserver/default.nix +++ b/modules/mailserver/default.nix @@ -79,15 +79,6 @@ in "/^\\s*X-Originating-IP:/" ]; }; - rejectSenders = mkOption { - type = listOf str; - description = "A list of senders to reject mails from"; - default = [ ]; - example = [ - "newsletter@example.com" - "spammer@example.com" - ]; - }; }; imports = [ diff --git a/modules/mailserver/postfix.nix b/modules/mailserver/postfix.nix index 2dbd116..3311674 100644 --- a/modules/mailserver/postfix.nix +++ b/modules/mailserver/postfix.nix @@ -28,13 +28,6 @@ let valiases = pkgs.writeText "valiases" aliasesString; - access_sender = pkgs.writeText - "access_sender" - (lib.concatMapStringsSep - "\n" - (sender: "${sender} REJECT") - cfg.rejectSenders); - submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" (lib.concatMapStringsSep "\n" @@ -57,7 +50,7 @@ lib.mkIf cfg.enable { recipientDelimiter = "+"; mapFiles = { - inherit access_sender valiases; + inherit valiases; }; config = { @@ -86,7 +79,6 @@ lib.mkIf cfg.enable { ]; smtpd_sender_restrictions = listToString [ - "check_sender_access hash:/var/lib/postfix/conf/access_sender" "reject_non_fqdn_sender" "reject_unknown_sender_domain" ]; diff --git a/modules/mailserver/rspamd.nix b/modules/mailserver/rspamd.nix index 82866ee..59d686f 100644 --- a/modules/mailserver/rspamd.nix +++ b/modules/mailserver/rspamd.nix @@ -43,6 +43,16 @@ in extended_spam_headers = true; ''; "multimap.conf".text = '' + SENDER_BLOCKED { + type = "from"; + filter = "email:addr"; + map = "/var/lib/rspamd/blocked_senders.map"; + symbol = "SENDER_BLOCKED"; + description = "Sender’s address is manually blocked"; + prefilter = true; + action = "reject"; + score = 30.0; + } SENDER_DOMAIN_BLOCKED { type = "from"; filter = "email:domain:tld";