Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
34289a34a405ab07495d62e046a1b88f7ea2d819
nixos/utils/modules/rspamd.nix

132 lines
3.4 KiB
Nix
Raw Blame History

{ pkgs
, config
, ...
}:
let
domain = config.networking.domain;
localConfig = pkgs.writeText "local.conf" ''
logging {
level = "notice";
}
classifier "bayes" {
autolearn = true;
}
dkim_signing {
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "default";
allow_username_mismatch = true;
}
arc {
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "default";
allow_username_mismatch = true;
}
milter_headers {
use = ["authentication-results", "x-spam-status"];
authenticated_headers = ["authentication-results"];
}
replies {
action = "no action";
}
url_reputation {
enabled = true;
}
phishing {
openphish_enabled = true;
# too much memory
#phishtank_enabled = true;
}
neural {
enabled = true;
}
neural_group {
symbols = {
"NEURAL_SPAM" {
weight = 3.0; # sample weight
description = "Neural network spam";
}
"NEURAL_HAM" {
weight = -3.0; # sample weight
description = "Neural network ham";
}
}
}
'';
sieve-spam-filter = pkgs.callPackage ../pkgs/sieve-spam-filter { };
in
{
services.rspamd = {
enable = true;
extraConfig = ''
.include(priority=1,duplicate=merge) "${localConfig}"
'';
postfix.enable = true;
workers.controller = {
extraConfig = ''
count = 1;
static_dir = "''${WWWDIR}";
password = "$2$7rb4gnnw8qbcy3x3m7au8c4mezecfjim$da4ahtt3gnjtbj7ni6bt1q8jwgqtzxp5ck6941m6prjxsz3udfgb";
enable_password = "$2$xo1qdd1zgozwto8yazr1o35zbarbzcgp$u8mx6hcsb1qdscejb4zadcb3iucmm4mw6btgmim9h6e5d8cpy5ib";
'';
};
};
services.dovecot2 = {
mailboxes.Spam = {
auto = "subscribe";
specialUse = "Junk";
};
extraConfig = ''
protocol imap {
mail_plugins = $mail_plugins imap_sieve
}
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve
# Move Spam emails to Spam folder
sieve_before = /var/lib/dovecot/sieve/move-to-spam.sieve
sieve_pipe_bin_dir = ${sieve-spam-filter}/bin
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
'';
};
services.nginx.enable = true;
services.nginx.virtualHosts."rspamd.${domain}" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/".extraConfig = ''
proxy_pass http://localhost:11334;
'';
};
# systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "redis-rspamd" ];
systemd.services.dovecot2.preStart = ''
mkdir -p /var/lib/dovecot/sieve/
for i in ${sieve-spam-filter}/share/sieve-rspamd-filter/*.sieve; do
dest="/var/lib/dovecot/sieve/$(basename $i)"
cp "$i" "$dest"
${pkgs.dovecot_pigeonhole}/bin/sievec "$dest"
done
chown -R "${config.services.dovecot2.mailUser}:${config.services.dovecot2.mailGroup}" /var/lib/dovecot/sieve
'';
}
Reference in New Issue View Git Blame Copy Permalink