From 54b7f8b7a1022a86e8c734d8986f27eb3620cab6 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 28 Mar 2020 15:38:35 +0100
Subject: ymir rspamd on odin

---
 odin.nix | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/odin.nix b/odin.nix
index 26a6f3c5..c98e18ae 100644
--- a/odin.nix
+++ b/odin.nix
@@ -180,6 +180,10 @@
       mail_spool_directory = "/srv/mail";
 
       luser_relay = ''postmaster''${recipient_delimiter}''${local:unknown}'';
+      
+      milter_default_action = "accept";
+      smtpd_milters = ["inet:ymir.niflheim.yggdrasil:11332"];
+      non_smtpd_milters = ["inet:ymir.niflheim.yggdrasil:11332"];
     };
 
     masterConfig = {
@@ -196,6 +200,74 @@
     networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
   };
 
+  services.rspamd = {
+    enable = true;
+    workers = {
+      controller = {};
+      rspamd_proxy = {
+        bindSockets = [
+          { mode = "0660";
+            socket = "/var/lib/postfix/queue/private/rspamd";
+            owner = config.services.rspamd.user;
+            group = config.services.postfix.group;
+          }
+        ];
+        extraConfig = ''
+          upstream "local" {
+            default = yes;
+            self_scan = yes;
+          }
+        '';
+      };
+    };
+    locals = {
+      "milter_headers.conf".text = ''
+        use = ["authentication-results", "x-spamd-result", "x-rspamd-queue-id", "x-rspamd-server"];
+        remove_upstream_spam_flag = false;
+      '';
+      "actions.conf".text = ''
+        add_header = 10;
+      '';
+      "groups.conf".text = ''
+        symbols {
+          "BAYES_SPAM" {
+            weight = 2.0;
+          }
+        }
+      '';
+      "dmarc.conf".text = ''
+        reporting = true;
+          domain = "yggdrasil.li";
+          email = "postmaster@yggdrasil.li";
+        }
+      '';
+      "redis.conf".text = ''
+        servers = "localhost";
+      '';
+      "dkim_signing.conf".text = "enabled = false;";
+      "neural.conf".text = "enabled = false;";
+      "classifier-bayes.conf".text = ''
+        enable = true;
+        expire = 8640000;
+        new_schema = true;
+        backend = "redis";
+        per_user = true;
+        min_learns = 0;
+
+        autolearn = [0, 10];
+        
+        statfile {
+            symbol = "BAYES_HAM";
+            spam = false;
+        }
+        statfile {
+            symbol = "BAYES_SPAM";
+            spam = true;
+        }
+      '';
+    };
+  };
+
   services.borgbackup = {
     snapshots = "lvm";
     prefix = "yggdrasil.asgard.odin.";
-- 
cgit v1.2.3