mailsystem: Configure rspamd as spam filter

2024-12-05 14:10:04 +01:00 · 2024-12-05 14:10:04 +01:00 · d35763a8a2
commit d35763a8a2
parent b7fac23bd1
6 changed files with 144 additions and 2 deletions
--- a/mailsystem/postfix.nix
+++ b/mailsystem/postfix.nix
@ -154,6 +154,16 @@ in {
        # Configure a non-blocking source of randomness
        tls_random_source = "dev:/dev/urandom";

+        smtpd_milters = [
+          "unix:${rspamdProxySocket}"
+        ];
+        # Also use milter for outgoing mails (for e.g., dkim)
+        non_smtpd_milters = [
+          "unix:${rspamdProxySocket}"
+        ];
+        milter_protocol = "6";
+        milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}";
+
        # Fix for https://www.postfix.org/smtp-smuggling.html
        smtpd_forbid_bare_newline = "yes";
        smtpd_forbid_bare_newline_exclusions = "$mynetworks";
@ -179,9 +189,9 @@ in {
    systemd.services.postfix = {
      wants = sslCertService;
      after =
-        ["dovecot2.service"]
+        ["dovecot2.service" "rspamd.service"]
        ++ sslCertService;
-      requires = ["dovecot2.service"];
+      requires = ["dovecot2.service" "rspamd.service"];
    };

    networking.firewall = lib.mkIf cfg.openFirewall {