Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

rspamd: restrict addresses we disable checks for to localhost

Browse source 
By default this includes private network subnets, but those should really
use authentication instead, if they want to skip checks.

Closes: #326
This commit is contained in:
Martin Weinelt 2025-08-25 03:13:30 +02:00
parent cc5f180427
commit 1a2d7a4bf5
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
2 changed files with 19 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
mail-server/rspamd.nix
View file

@ -132,6 +132,13 @@ in
''; '';
}; };
}; };
overrides = {
"options.inc" = {
text = ''
local_addrs = [::1/128, 127.0.0.0/8]
'';
};
};
workers.rspamd_proxy = { workers.rspamd_proxy = {
type = "rspamd_proxy"; type = "rspamd_proxy";

6
tests/lib/config.nix
View file

@ -10,12 +10,16 @@
# Enable second CPU core # Enable second CPU core
virtualisation.cores = lib.mkDefault 2; virtualisation.cores = lib.mkDefault 2;
services.rspamd = {
# Don't make tests block on DNS requests that will never succeed # Don't make tests block on DNS requests that will never succeed
services.rspamd.locals."options.inc".text = '' locals."options.inc".text = ''
dns { dns {
nameservers = ["127.0.0.1"]; nameservers = ["127.0.0.1"];
timeout = 0.0s; timeout = 0.0s;
retransmits = 0; retransmits = 0;
} }
''; '';
# Relax `local_addrs` definition to default for tests, so mail doesn't get flagged as spam
overrides."options.inc".enable = false;
};
} }