diff options
author | tv <tv@krebsco.de> | 2019-06-23 21:06:48 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2019-06-23 21:16:32 +0200 |
commit | bd12c487c31b448b87e37efbae74953df689e7f4 (patch) | |
tree | 770c96c78870ef8ff1da6b28c6d62615ca0573c3 /krebs/3modules/exim-retiolum.nix | |
parent | 3d4d39eecc86b9b67c74ec3c9997099c3f243970 (diff) |
exim-retiolum module: integrate rspamd
Diffstat (limited to 'krebs/3modules/exim-retiolum.nix')
-rw-r--r-- | krebs/3modules/exim-retiolum.nix | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index dbd98d059..854fdd70e 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -21,7 +21,32 @@ in { "*.r" ]; }; + rspamd = { + enable = mkEnableOption "krebs.exim-retiolum.rspamd" // { + default = false; + }; + local_networks = mkOption { + type = types.listOf types.cidr; + default = [ + config.krebs.build.host.nets.retiolum.ip4.prefix + config.krebs.build.host.nets.retiolum.ip6.prefix + ]; + }; + }; }; + imports = [ + { + config = lib.mkIf cfg.rspamd.enable { + services.rspamd.enable = true; + services.rspamd.locals."options.inc".text = '' + local_networks = ${toJSON cfg.rspamd.local_networks}; + ''; + users.users.${config.krebs.exim.user.name}.extraGroups = [ + config.services.rspamd.group + ]; + }; + } + ]; config = lib.mkIf cfg.enable { krebs.exim = { enable = true; @@ -36,6 +61,10 @@ in { domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} + ${optionalString cfg.rspamd.enable /* exim */ '' + spamd_address = /run/rspamd/rspamd.sock variant=rspamd + ''} + acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data @@ -64,6 +93,24 @@ in { acl_check_data: + ${optionalString cfg.rspamd.enable /* exim */ '' + accept condition = ''${if eq{$interface_port}{587}} + + warn remove_header = ${concatStringsSep " : " [ + "x-spam" + "x-spam-report" + "x-spam-score" + ]} + + warn + spam = nobody:true + + warn + condition = ''${if !eq{$spam_action}{no action}} + add_header = X-Spam: Yes + add_header = X-Spam-Report: $spam_report + add_header = X-Spam-Score: $spam_score + ''} accept |