public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/rspamd: Add options for postfix integration

Browse Source 
The `rmilter` module has options for configuring `postfix` to use it but
since that module is deprecated because rspamd now has a builtin worker
that supports the milter protocol this commit adds similar `postfix`
integration options directly to the `rspamd` module.
This commit is contained in:
Brian Olsen 2018-11-06 00:40:52 +01:00
parent fba69f388b
commit e01605be15
No known key found for this signature in database
GPG Key ID: 029DD8E8B95882E8
2 changed files with 87 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
nixos/modules/services/mail/rspamd.nix
View File

@ -6,6 +6,7 @@ let
cfg = config.services.rspamd; cfg = config.services.rspamd;
opts = options.services.rspamd; opts = options.services.rspamd;
postfixCfg = config.services.postfix;
bindSocketOpts = {options, config, ... }: { bindSocketOpts = {options, config, ... }: {
options = { options = {
@ -309,7 +310,30 @@ in
description = '' description = ''
Group to use when no root privileges are required. Group to use when no root privileges are required.
''; '';
}; };
postfix = {
enable = mkOption {
type = types.bool;
default = false;
description = "Add rspamd milter to postfix main.conf";
};
config = mkOption {
type = with types; attrsOf (either bool (either str (listOf str)));
description = ''
Addon to postfix configuration
'';
default = {
smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"];
non_smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"];
};
example = {
smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"];
non_smtpd_milters = ["unix:/run/rspamd/rspamd-milter.sock"];
};
};
};
}; };
}; };
@ -318,6 +342,24 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.rspamd.overrides = configOverrides; services.rspamd.overrides = configOverrides;
services.rspamd.workers = mkIf cfg.postfix.enable {
controller = {};
rspamd_proxy = {
bindSockets = [ {
mode = "0660";
socket = "/run/rspamd/rspamd-milter.sock";
owner = cfg.user;
group = postfixCfg.group;
} ];
extraConfig = ''
upstream "local" {
default = yes; # Self-scan upstreams are always default
self_scan = yes; # Enable self-scan
}
'';
};
};
services.postfix.config = mkIf cfg.postfix.enable cfg.postfix.config;
# Allow users to run 'rspamc' and 'rspamadm'. # Allow users to run 'rspamc' and 'rspamadm'.
environment.systemPackages = [ pkgs.rspamd ]; environment.systemPackages = [ pkgs.rspamd ];

44
nixos/tests/rspamd.nix
View File

@ -181,4 +181,48 @@ in
$machine->log($machine->succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH")); $machine->log($machine->succeed("cat /etc/tests/muh.eml | rspamc -h 127.0.0.1:11334 symbols | grep NO_MUH"));
''; '';
}; };
postfixIntegration = makeTest {
name = "rspamd-postfix-integration";
machine = {
environment.systemPackages = with pkgs; [ msmtp ];
environment.etc."tests/gtube.eml".text = ''
From: Sheep1<bah@example.com>
To: Sheep2<tester@example.com>
Subject: Evil cows
I find cows to be evil don't you?
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
'';
environment.etc."tests/example.eml".text = ''
From: Sheep1<bah@example.com>
To: Sheep2<tester@example.com>
Subject: Evil cows
I find cows to be evil don't you?
'';
users.users.tester.password = "test";
services.postfix = {
enable = true;
destination = ["example.com"];
};
services.rspamd = {
enable = true;
postfix.enable = true;
};
};
testScript = ''
${initMachine}
$machine->waitForOpenPort(11334);
$machine->waitForOpenPort(25);
${checkSocket "/run/rspamd/rspamd-milter.sock" "rspamd" "postfix" "660" }
$machine->log($machine->succeed("rspamc -h 127.0.0.1:11334 stat"));
$machine->log($machine->succeed("msmtp --host=localhost -t --read-envelope-from < /etc/tests/example.eml"));
$machine->log($machine->fail("msmtp --host=localhost -t --read-envelope-from < /etc/tests/gtube.eml"));
$machine->waitUntilFails('[ "$(postqueue -p)" != "Mail queue is empty" ]');
$machine->fail("journalctl -u postfix | grep -i error >&2");
$machine->fail("journalctl -u postfix | grep -i warning >&2");
'';
};
} }