blob: 8a2b5f3348614a1bc7bef60d0ae161363689910f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
{ lib, pkgs, config, ... }:
{
options.myServices.mail.rspamd.sockets = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
default = {
worker-controller = "/run/rspamd/worker-controller.sock";
};
readOnly = true;
description = ''
rspamd sockets
'';
};
config = lib.mkIf config.myServices.mail.enable {
services.cron.systemCronJobs = let
cron_script = pkgs.runCommand "cron_script" {
buildInputs = [ pkgs.makeWrapper ];
} ''
mkdir -p $out
cp ${./scan_reported_mails} $out/scan_reported_mails
patchShebangs $out
for i in $out/*; do
wrapProgram "$i" --prefix PATH : ${lib.makeBinPath [ pkgs.coreutils pkgs.rspamd pkgs.flock ]}
done
'';
in
[ "*/20 * * * * vhost ${cron_script}/scan_reported_mails" ];
systemd.services.rspamd.serviceConfig.Slice = "mail.slice";
systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "vhost" ];
services.rspamd = {
enable = true;
debug = false;
overrides = {
"actions.conf".text = ''
reject = null;
add_header = 6;
greylist = null;
'';
"milter_headers.conf".text = ''
extended_spam_headers = true;
'';
};
locals = {
"composites.conf".text = ''
# Local delivered e-mails have both SMTP AUTH and only one Received
"LOCAL_DELIVERED_EMAILS" = {
expression = "RCVD_VIA_SMTP_AUTH and ONCE_RECEIVED";
score = -10.0;
}
'';
"redis.conf".text = ''
servers = "${config.myEnv.mail.rspamd.redis.socket}";
db = "${config.myEnv.mail.rspamd.redis.db}";
'';
"classifier-bayes.conf".text = ''
users_enabled = true;
backend = "redis";
servers = "${config.myEnv.mail.rspamd.redis.socket}";
database = "${config.myEnv.mail.rspamd.redis.db}";
autolearn = true;
cache {
backend = "redis";
}
new_schema = true;
statfile {
BAYES_HAM {
spam = false;
}
BAYES_SPAM {
spam = true;
}
}
'';
};
workers = {
controller = {
extraConfig = ''
enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}";
password = "${config.myEnv.mail.rspamd.read_password_hashed}";
'';
bindSockets = [ {
socket = config.myServices.mail.rspamd.sockets.worker-controller;
mode = "0660";
owner = config.services.rspamd.user;
group = "vhost";
} ];
};
};
postfix = {
enable = true;
config = {};
};
};
};
}
|