132 lines
3.4 KiB
Nix
132 lines
3.4 KiB
Nix
{ pkgs
|
|
, config
|
|
, ...
|
|
}:
|
|
let
|
|
domain = config.networking.domain;
|
|
|
|
localConfig = pkgs.writeText "local.conf" ''
|
|
logging {
|
|
level = "notice";
|
|
}
|
|
classifier "bayes" {
|
|
autolearn = true;
|
|
}
|
|
dkim_signing {
|
|
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
|
|
selector = "default";
|
|
allow_username_mismatch = true;
|
|
}
|
|
arc {
|
|
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
|
|
selector = "default";
|
|
allow_username_mismatch = true;
|
|
}
|
|
milter_headers {
|
|
use = ["authentication-results", "x-spam-status"];
|
|
authenticated_headers = ["authentication-results"];
|
|
}
|
|
replies {
|
|
action = "no action";
|
|
}
|
|
url_reputation {
|
|
enabled = true;
|
|
}
|
|
phishing {
|
|
openphish_enabled = true;
|
|
# too much memory
|
|
#phishtank_enabled = true;
|
|
}
|
|
neural {
|
|
enabled = true;
|
|
}
|
|
neural_group {
|
|
symbols = {
|
|
"NEURAL_SPAM" {
|
|
weight = 3.0; # sample weight
|
|
description = "Neural network spam";
|
|
}
|
|
"NEURAL_HAM" {
|
|
weight = -3.0; # sample weight
|
|
description = "Neural network ham";
|
|
}
|
|
}
|
|
}
|
|
'';
|
|
|
|
sieve-spam-filter = pkgs.callPackage ../pkgs/sieve-spam-filter { };
|
|
in
|
|
{
|
|
services.rspamd = {
|
|
enable = true;
|
|
extraConfig = ''
|
|
.include(priority=1,duplicate=merge) "${localConfig}"
|
|
'';
|
|
|
|
postfix.enable = true;
|
|
workers.controller = {
|
|
extraConfig = ''
|
|
count = 1;
|
|
static_dir = "''${WWWDIR}";
|
|
password = "$2$7rb4gnnw8qbcy3x3m7au8c4mezecfjim$da4ahtt3gnjtbj7ni6bt1q8jwgqtzxp5ck6941m6prjxsz3udfgb";
|
|
enable_password = "$2$xo1qdd1zgozwto8yazr1o35zbarbzcgp$u8mx6hcsb1qdscejb4zadcb3iucmm4mw6btgmim9h6e5d8cpy5ib";
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.dovecot2 = {
|
|
mailboxes.Spam = {
|
|
auto = "subscribe";
|
|
specialUse = "Junk";
|
|
};
|
|
extraConfig = ''
|
|
protocol imap {
|
|
mail_plugins = $mail_plugins imap_sieve
|
|
}
|
|
|
|
plugin {
|
|
sieve_plugins = sieve_imapsieve sieve_extprograms
|
|
|
|
# From elsewhere to Spam folder
|
|
imapsieve_mailbox1_name = Spam
|
|
imapsieve_mailbox1_causes = COPY
|
|
imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve
|
|
|
|
# From Spam folder to elsewhere
|
|
imapsieve_mailbox2_name = *
|
|
imapsieve_mailbox2_from = Spam
|
|
imapsieve_mailbox2_causes = COPY
|
|
imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve
|
|
|
|
# Move Spam emails to Spam folder
|
|
sieve_before = /var/lib/dovecot/sieve/move-to-spam.sieve
|
|
|
|
sieve_pipe_bin_dir = ${sieve-spam-filter}/bin
|
|
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
|
|
}
|
|
'';
|
|
};
|
|
|
|
services.nginx.enable = true;
|
|
services.nginx.virtualHosts."rspamd.${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
acmeRoot = null;
|
|
locations."/".extraConfig = ''
|
|
proxy_pass http://localhost:11334;
|
|
'';
|
|
};
|
|
|
|
# systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "redis-rspamd" ];
|
|
|
|
systemd.services.dovecot2.preStart = ''
|
|
mkdir -p /var/lib/dovecot/sieve/
|
|
for i in ${sieve-spam-filter}/share/sieve-rspamd-filter/*.sieve; do
|
|
dest="/var/lib/dovecot/sieve/$(basename $i)"
|
|
cp "$i" "$dest"
|
|
${pkgs.dovecot_pigeonhole}/bin/sievec "$dest"
|
|
done
|
|
chown -R "${config.services.dovecot2.mailUser}:${config.services.dovecot2.mailGroup}" /var/lib/dovecot/sieve
|
|
'';
|
|
}
|