simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

mailserver: Remove rejectSenders

Browse source 
This now gets handled by rspamd with a dynamic map.
This commit is contained in:
Simon Bruder 2023-05-31 13:40:48 +02:00
parent 5b39654159
commit db391a3907
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
5 changed files with 11 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/vueko/configuration.nix
View file

@ -26,7 +26,6 @@
]; ];
autoconfig.enable = true; autoconfig.enable = true;
users = import ./secrets/mail-users.nix; users = import ./secrets/mail-users.nix;
rejectSenders = import ./secrets/mail-reject-senders.nix;
}; };
}; };

BIN
machines/vueko/secrets/mail-reject-senders.nix
View file

Binary file not shown.

9
modules/mailserver/default.nix
View file

@ -79,15 +79,6 @@ in
"/^\\s*X-Originating-IP:/" "/^\\s*X-Originating-IP:/"
]; ];
}; };
rejectSenders = mkOption {
type = listOf str;
description = "A list of senders to reject mails from";
default = [ ];
example = [
"newsletter@example.com"
"spammer@example.com"
];
};
}; };
imports = [ imports = [

10
modules/mailserver/postfix.nix
View file

@ -28,13 +28,6 @@ let
valiases = pkgs.writeText "valiases" aliasesString; valiases = pkgs.writeText "valiases" aliasesString;
access_sender = pkgs.writeText
"access_sender"
(lib.concatMapStringsSep
"\n"
(sender: "${sender} REJECT")
cfg.rejectSenders);
submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules"
(lib.concatMapStringsSep (lib.concatMapStringsSep
"\n" "\n"
@ -57,7 +50,7 @@ lib.mkIf cfg.enable {
recipientDelimiter = "+"; recipientDelimiter = "+";
mapFiles = { mapFiles = {
inherit access_sender valiases; inherit valiases;
}; };
config = { config = {
@ -86,7 +79,6 @@ lib.mkIf cfg.enable {
]; ];
smtpd_sender_restrictions = listToString [ smtpd_sender_restrictions = listToString [
"check_sender_access hash:/var/lib/postfix/conf/access_sender"
"reject_non_fqdn_sender" "reject_non_fqdn_sender"
"reject_unknown_sender_domain" "reject_unknown_sender_domain"
]; ];

10
modules/mailserver/rspamd.nix
View file

@ -43,6 +43,16 @@ in
extended_spam_headers = true; extended_spam_headers = true;
''; '';
"multimap.conf".text = '' "multimap.conf".text = ''
SENDER_BLOCKED {
type = "from";
filter = "email:addr";
map = "/var/lib/rspamd/blocked_senders.map";
symbol = "SENDER_BLOCKED";
description = "Senders address is manually blocked";
prefilter = true;
action = "reject";
score = 30.0;
}
SENDER_DOMAIN_BLOCKED { SENDER_DOMAIN_BLOCKED {
type = "from"; type = "from";
filter = "email:domain:tld"; filter = "email:domain:tld";