chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

spam

Browse source
This commit is contained in:
ChaotiCryptidz 2022-06-28 09:45:59 +01:00
parent 3f8129a015
commit e6ce9fa166
No known key found for this signature in database
9 changed files with 156 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/hetzner-vm/services/mail.nix
View file

@ -7,5 +7,6 @@
./mailserver/firewall.nix ./mailserver/firewall.nix
./mailserver/webmail.nix ./mailserver/webmail.nix
./mailserver/opendkim.nix ./mailserver/opendkim.nix
./mailserver/rspamd.nix
]; ];
} }

32
hosts/hetzner-vm/services/mailserver/dovecot.nix
View file

@ -51,6 +51,23 @@ let
chmod 600 ${passwdFile} chmod 600 ${passwdFile}
''; '';
pipeBin = pkgs.stdenv.mkDerivation {
name = "pipe_bin";
src = ./pipe_bin;
buildInputs = with pkgs; [ makeWrapper coreutils bash rspamd ];
buildCommand = ''
mkdir -p $out/pipe/bin
cp $src/* $out/pipe/bin/
chmod a+x $out/pipe/bin/*
patchShebangs $out/pipe/bin
for file in $out/pipe/bin/*; do
wrapProgram $file \
--set PATH "${pkgs.coreutils}/bin:${pkgs.rspamd}/bin"
done
'';
};
in { in {
services.dovecot2 = { services.dovecot2 = {
enable = true; enable = true;
@ -165,11 +182,24 @@ in {
} }
plugin { plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve = file:${mail_config.sieve_directory}/%u/scripts;active=${mail_config.sieve_directory}/%u/active.sieve sieve = file:${mail_config.sieve_directory}/%u/scripts;active=${mail_config.sieve_directory}/%u/active.sieve
sieve_default = file:${mail_config.sieve_directory}/%u/default.sieve sieve_default = file:${mail_config.sieve_directory}/%u/default.sieve
sieve_default_name = default sieve_default_name = default
sieve_global_extensions = +vnd.dovecot.environment # From elsewhere to Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:${./spam_sieve/report-spam.sieve}
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${./spam_sieve/report-ham.sieve}
sieve_pipe_bin_dir = ${pipeBin}/pipe/bin
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
} }
lda_mailbox_autosubscribe = yes lda_mailbox_autosubscribe = yes
lda_mailbox_autocreate = yes lda_mailbox_autocreate = yes

3
hosts/hetzner-vm/services/mailserver/pipe_bin/rspam-learn-ham.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
set -o errexit
exec rspamc -h /run/rspamd/worker-controller.sock learn_ham

3
hosts/hetzner-vm/services/mailserver/pipe_bin/rspam-learn-spam.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
set -o errexit
exec rspamc -h /run/rspamd/worker-controller.sock learn_spam

2
hosts/hetzner-vm/services/mailserver/postfix.nix
View file

@ -148,7 +148,7 @@ in {
tls_random_source = "dev:/dev/urandom"; tls_random_source = "dev:/dev/urandom";
smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" ]; smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" "unix:/run/rspamd/rspamd-milter.sock" ];
non_smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" ]; non_smtpd_milters = [ "unix:/run/opendkim/opendkim.sock" ];
milter_protocol = "6"; milter_protocol = "6";

94
hosts/hetzner-vm/services/mailserver/rspamd.nix Normal file
View file

@ -0,0 +1,94 @@
{ config, pkgs, lib, ... }:
let
mail_config = (import ./config.nix { });
postfixCfg = config.services.postfix;
rspamdCfg = config.services.rspamd;
rspamdSocket = "rspamd.service";
in {
services.rspamd = {
enable = true;
debug = mail_config.debug_mode;
locals = {
"milter_headers.conf" = {
text = ''
extended_spam_headers = yes;
'';
};
"redis.conf" = {
text = ''
servers = "127.0.0.1:6380";
'';
};
"classifier-bayes.conf" = {
text = ''
cache {
backend = "redis";
}
'';
};
"dkim_signing.conf" = {
text = ''
# opendkim does this
enabled = false;
'';
};
};
overrides = {
"milter_headers.conf" = {
text = ''
extended_spam_headers = true;
'';
};
};
workers.rspamd_proxy = {
type = "rspamd_proxy";
bindSockets = [{
socket = "/run/rspamd/rspamd-milter.sock";
mode = "0664";
}];
count = 1;
extraConfig = ''
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
'';
};
workers.controller = {
type = "controller";
count = 1;
bindSockets = [{
socket = "/run/rspamd/worker-controller.sock";
mode = "0666";
}];
includes = [ ];
};
};
services.redis.servers.rspamd = {
enable = true;
port = 6380;
};
systemd.services.rspamd = {
requires = [ "redis-rspamd.service" ];
after = [ "redis-rspamd.service" ];
};
systemd.services.postfix = {
after = [ rspamdSocket ];
requires = [ rspamdSocket ];
};
users.extraUsers.${postfixCfg.user}.extraGroups = [ rspamdCfg.group ];
}

15
hosts/hetzner-vm/services/mailserver/spam_sieve/report-ham.sieve Normal file
View file

@ -0,0 +1,15 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-ham.sh" [ "${username}" ];

7
hosts/hetzner-vm/services/mailserver/spam_sieve/report-spam.sieve Normal file
View file

@ -0,0 +1,7 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-spam.sh" [ "${username}" ];

1
hosts/hetzner-vm/services/restic.nix
View file

@ -12,6 +12,7 @@ let
mail_config.vmail_config.directory mail_config.vmail_config.directory
mail_config.sieve_directory mail_config.sieve_directory
mail_config.dkim_directory mail_config.dkim_directory
"/var/lib/redis-rspamd"
]; ];
timerConfig = { timerConfig = {
OnBootSec = "1m"; OnBootSec = "1m";