ymir rspamd on odin

author: Gregor Kleen <gkleen@yggdrasil.li> 2020-03-28 15:38:35 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2020-03-28 15:38:35 +0100
commit: 54b7f8b7a1022a86e8c734d8986f27eb3620cab6 (patch)
tree: d677ebd1c1cdb0de7d55c9d1f68dc98cce4e3cc8
parent: f7da7fd41b36f690f2da1bcf9c0d659ed024b3bd (diff)
download: nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar
nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar.gz
nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar.bz2
nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar.xz
nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.zip
1 files changed, 72 insertions, 0 deletions
diff --git a/odin.nix b/odin.nix
index 26a6f3c5..c98e18ae 100644
--- a/odin.nix
+++ b/odin.nix
@@ -180,6 +180,10 @@
      mail_spool_directory = "/srv/mail";
      luser_relay = ''postmaster''${recipient_delimiter}''${local:unknown}'';
+      
+      milter_default_action = "accept";
+      smtpd_milters = ["inet:ymir.niflheim.yggdrasil:11332"];
+      non_smtpd_milters = ["inet:ymir.niflheim.yggdrasil:11332"];
    };
    masterConfig = {
@@ -196,6 +200,74 @@
    networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
  };
+  services.rspamd = {
+    enable = true;
+    workers = {
+      controller = {};
+      rspamd_proxy = {
+        bindSockets = [
+          { mode = "0660";
+            socket = "/var/lib/postfix/queue/private/rspamd";
+            owner = config.services.rspamd.user;
+            group = config.services.postfix.group;
+          }
+        ];
+        extraConfig = ''
+          upstream "local" {
+            default = yes;
+            self_scan = yes;
+          }
+        '';
+      };
+    };
+    locals = {
+      "milter_headers.conf".text = ''
+        use = ["authentication-results", "x-spamd-result", "x-rspamd-queue-id", "x-rspamd-server"];
+        remove_upstream_spam_flag = false;
+      '';
+      "actions.conf".text = ''
+        add_header = 10;
+      '';
+      "groups.conf".text = ''
+        symbols {
+          "BAYES_SPAM" {
+            weight = 2.0;
+          }
+        }
+      '';
+      "dmarc.conf".text = ''
+        reporting = true;
+          domain = "yggdrasil.li";
+          email = "postmaster@yggdrasil.li";
+        }
+      '';
+      "redis.conf".text = ''
+        servers = "localhost";
+      '';
+      "dkim_signing.conf".text = "enabled = false;";
+      "neural.conf".text = "enabled = false;";
+      "classifier-bayes.conf".text = ''
+        enable = true;
+        expire = 8640000;
+        new_schema = true;
+        backend = "redis";
+        per_user = true;
+        min_learns = 0;
+        autolearn = [0, 10];
+        
+        statfile {
+            symbol = "BAYES_HAM";
+            spam = false;
+        }
+        statfile {
+            symbol = "BAYES_SPAM";
+            spam = true;
+        }
+      '';
+    };
+  };
  services.borgbackup = {
    snapshots = "lvm";
    prefix = "yggdrasil.asgard.odin.";
author	Gregor Kleen <gkleen@yggdrasil.li>	2020-03-28 15:38:35 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2020-03-28 15:38:35 +0100
commit	54b7f8b7a1022a86e8c734d8986f27eb3620cab6 (patch)
tree	d677ebd1c1cdb0de7d55c9d1f68dc98cce4e3cc8
parent	f7da7fd41b36f690f2da1bcf9c0d659ed024b3bd (diff)
download	nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar.gz nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar.bz2 nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.tar.xz nixos-54b7f8b7a1022a86e8c734d8986f27eb3620cab6.zip

diff --git a/odin.nix b/odin.nix index 26a6f3c5..c98e18ae 100644 --- a/odin.nix +++ b/odin.nix
@@ -180,6 +180,10 @@
180	mail_spool_directory = "/srv/mail";	180	mail_spool_directory = "/srv/mail";
181		181
182	luser_relay = ''postmaster''${recipient_delimiter}''${local:unknown}'';	182	luser_relay = ''postmaster''${recipient_delimiter}''${local:unknown}'';
		183
		184	milter_default_action = "accept";
		185	smtpd_milters = ["inet:ymir.niflheim.yggdrasil:11332"];
		186	non_smtpd_milters = ["inet:ymir.niflheim.yggdrasil:11332"];
183	};	187	};
184		188
185	masterConfig = {	189	masterConfig = {
@@ -196,6 +200,74 @@
196	networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];	200	networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
197	};	201	};
198		202
		203	services.rspamd = {
		204	enable = true;
		205	workers = {
		206	controller = {};
		207	rspamd_proxy = {
		208	bindSockets = [
		209	{ mode = "0660";
		210	socket = "/var/lib/postfix/queue/private/rspamd";
		211	owner = config.services.rspamd.user;
		212	group = config.services.postfix.group;
		213	}
		214	];
		215	extraConfig = ''
		216	upstream "local" {
		217	default = yes;
		218	self_scan = yes;
		219	}
		220	'';
		221	};
		222	};
		223	locals = {
		224	"milter_headers.conf".text = ''
		225	use = ["authentication-results", "x-spamd-result", "x-rspamd-queue-id", "x-rspamd-server"];
		226	remove_upstream_spam_flag = false;
		227	'';
		228	"actions.conf".text = ''
		229	add_header = 10;
		230	'';
		231	"groups.conf".text = ''
		232	symbols {
		233	"BAYES_SPAM" {
		234	weight = 2.0;
		235	}
		236	}
		237	'';
		238	"dmarc.conf".text = ''
		239	reporting = true;
		240	domain = "yggdrasil.li";
		241	email = "postmaster@yggdrasil.li";
		242	}
		243	'';
		244	"redis.conf".text = ''
		245	servers = "localhost";
		246	'';
		247	"dkim_signing.conf".text = "enabled = false;";
		248	"neural.conf".text = "enabled = false;";
		249	"classifier-bayes.conf".text = ''
		250	enable = true;
		251	expire = 8640000;
		252	new_schema = true;
		253	backend = "redis";
		254	per_user = true;
		255	min_learns = 0;
		256
		257	autolearn = [0, 10];
		258
		259	statfile {
		260	symbol = "BAYES_HAM";
		261	spam = false;
		262	}
		263	statfile {
		264	symbol = "BAYES_SPAM";
		265	spam = true;
		266	}
		267	'';
		268	};
		269	};
		270
199	services.borgbackup = {	271	services.borgbackup = {
200	snapshots = "lvm";	272	snapshots = "lvm";
201	prefix = "yggdrasil.asgard.odin.";	273	prefix = "yggdrasil.asgard.odin.";