From bd12c487c31b448b87e37efbae74953df689e7f4 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sun, 23 Jun 2019 21:06:48 +0200
Subject: exim-retiolum module: integrate rspamd
---
krebs/3modules/exim-retiolum.nix | 47 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix
index dbd98d059..854fdd70e 100644
--- a/krebs/3modules/exim-retiolum.nix
+++ b/krebs/3modules/exim-retiolum.nix
@@ -21,7 +21,32 @@ in {
"*.r"
];
};
+ rspamd = {
+ enable = mkEnableOption "krebs.exim-retiolum.rspamd" // {
+ default = false;
+ };
+ local_networks = mkOption {
+ type = types.listOf types.cidr;
+ default = [
+ config.krebs.build.host.nets.retiolum.ip4.prefix
+ config.krebs.build.host.nets.retiolum.ip6.prefix
+ ];
+ };
+ };
};
+ imports = [
+ {
+ config = lib.mkIf cfg.rspamd.enable {
+ services.rspamd.enable = true;
+ services.rspamd.locals."options.inc".text = ''
+ local_networks = ${toJSON cfg.rspamd.local_networks};
+ '';
+ users.users.${config.krebs.exim.user.name}.extraGroups = [
+ config.services.rspamd.group
+ ];
+ };
+ }
+ ];
config = lib.mkIf cfg.enable {
krebs.exim = {
enable = true;
@@ -36,6 +61,10 @@ in {
domainlist local_domains = ${concatStringsSep ":" cfg.local_domains}
domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains}
+ ${optionalString cfg.rspamd.enable /* exim */ ''
+ spamd_address = /run/rspamd/rspamd.sock variant=rspamd
+ ''}
+
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@@ -64,6 +93,24 @@ in {
acl_check_data:
+ ${optionalString cfg.rspamd.enable /* exim */ ''
+ accept condition = ''${if eq{$interface_port}{587}}
+
+ warn remove_header = ${concatStringsSep " : " [
+ "x-spam"
+ "x-spam-report"
+ "x-spam-score"
+ ]}
+
+ warn
+ spam = nobody:true
+
+ warn
+ condition = ''${if !eq{$spam_action}{no action}}
+ add_header = X-Spam: Yes
+ add_header = X-Spam-Report: $spam_report
+ add_header = X-Spam-Score: $spam_score
+ ''}
accept
--
cgit v1.2.3