public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rmilter service: Fix a couple of bugs

Browse Source 
* The module uses `stringSplit` but it should be `splitString`

  * `rmilter` doesn't actually support binding to multiple sockets.
    Therefore, bind to the last one specified if `socketActivation` is
    `false`.

I also believe there is a bug in this module related to systemd
`ListenStream`.  If `socketActivation` is true, Postfix gets
connection timeouts trying to connect to one of the `ListenStream`
inet addresses.  I don't know enough about `ListenStream` passing
connections on to `fd:3` to understand what's going on.

These changes are in production (with `socketActivation = false`) via NixOps.
This commit is contained in:
Peter Jones 2017-01-13 15:23:34 -07:00 committed by Franz Pletz
parent fa65cc067b
commit 4defb788eb
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
1 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
nixos/modules/services/mail/rmilter.nix
View File

@ -7,32 +7,31 @@ let
rspamdCfg = config.services.rspamd; rspamdCfg = config.services.rspamd;
cfg = config.services.rmilter; cfg = config.services.rmilter;
inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets; inetSockets = map (sock: let s = splitString ":" sock; in "inet:${last s}@${head s}") cfg.bindInetSockets;
unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets; unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets;
allSockets = unixSockets ++ inetSockets; allSockets = unixSockets ++ inetSockets;
rmilterConf = '' rmilterConf = ''
pidfile = /run/rmilter/rmilter.pid; pidfile = /run/rmilter/rmilter.pid;
bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets}; bind_socket = ${if cfg.socketActivation then "fd:3" else last inetSockets};
tempdir = /tmp; tempdir = /tmp;
'' + (with cfg.rspamd; if enable then '' '' + (with cfg.rspamd; if enable then ''
spamd { spamd {
servers = ${concatStringsSep ", " servers}; servers = ${concatStringsSep ", " servers};
connect_timeout = 1s; connect_timeout = 1s;
results_timeout = 20s; results_timeout = 20s;
error_time = 10; error_time = 10;
dead_time = 300; dead_time = 300;
maxerrors = 10; maxerrors = 10;
reject_message = "${rejectMessage}"; reject_message = "${rejectMessage}";
${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"} ${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"}
# rspamd_metric - metric for using with rspamd # rspamd_metric - metric for using with rspamd
# Default: "default" # Default: "default"
rspamd_metric = "default"; rspamd_metric = "default";
${extraConfig} ${extraConfig}
}; };
'' else "") + cfg.extraConfig; '' else "") + cfg.extraConfig;
rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf; rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf;
@ -100,9 +99,11 @@ in
default = true; default = true;
description = '' description = ''
Enable systemd socket activation for rmilter. Enable systemd socket activation for rmilter.
(disabling socket activation not recommended
when unix socket used, and follow to wrong Disabling socket activation is not recommended when a Unix
permissions on unix domain socket.) domain socket is used and could lead to incorrect
permissions. Therefore, setting this to false will
configure rmilter to use an inet socket only.
''; '';
}; };