95 lines
2.1 KiB
Nix
95 lines
2.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
# TODO: use blacklists
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.fudo.mail.rspamd;
|
|
mailCfg = config.fudo.mail;
|
|
|
|
in {
|
|
options.fudo.mail.rspamd = with types; {
|
|
enable = mkEnableOption "Enable rspamd spam test server.";
|
|
|
|
ports = {
|
|
metrics = mkOption {
|
|
type = port;
|
|
default = 7573;
|
|
};
|
|
controller = mkOption {
|
|
type = port;
|
|
default = 11334;
|
|
};
|
|
milter = mkOption {
|
|
type = port;
|
|
default = 11335;
|
|
};
|
|
};
|
|
|
|
antivirus = {
|
|
host = mkOption {
|
|
type = str;
|
|
description = "Host of the ClamAV server.";
|
|
};
|
|
|
|
port = mkOption {
|
|
type = port;
|
|
description = "Port at which to reach ClamAV";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.prometheus.exporters.rspamd = {
|
|
enable = true;
|
|
listenAddress = "127.0.0.1";
|
|
port = cfg.metrics-port;
|
|
};
|
|
|
|
services.rspamd = {
|
|
enable = true;
|
|
|
|
locals = {
|
|
"milter_headers.conf".text = "extended_spam_headers = yes;";
|
|
|
|
"antivirus.conf".text = ''
|
|
clamav {
|
|
action = "reject";
|
|
symbol = "CLAM_VIRUS";
|
|
type = "clamav";
|
|
log_clean = true;
|
|
servers = "${cfg.antivirus.host}:${cfg.antivirus.port}";
|
|
scan_mime_parts = false; # scan mail as a whole unit, not parts. seems to be needed to work at all
|
|
}
|
|
'';
|
|
};
|
|
|
|
overrides."milter_headers.conf".text = "extended_spam_headers = true;";
|
|
|
|
workers = {
|
|
rspamd_proxy = {
|
|
type = "rspamd_proxy";
|
|
bindSockets = [ "localhost:${toString cfg.port}" ];
|
|
count = 4;
|
|
extraConfig = ''
|
|
milter = yes;
|
|
timeout = 120s;
|
|
|
|
upstream "local" {
|
|
default = yes;
|
|
self_scan = yes;
|
|
}
|
|
'';
|
|
};
|
|
|
|
controller = {
|
|
type = "controller";
|
|
count = 4;
|
|
bindSockets = [ "localhost:${toString cfg.controller-port}" ];
|
|
includes = [ ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|