fixes to tests

- restructure rspamd config. It's nicer now, and it was getting overridden the old way. - "scan_mime_parts = false" apparently must be used in rspamd for ClamAV to work - refactor the clamav test a bit for cleanliness - wait for rspamd and clamd sockets to open, before testing - use clamdscan for speed, and verify that the virus was found - verify msmtp returns virus scan result
2019-07-06 03:31:24 -06:00 · 2019-07-06 03:31:24 -06:00 · 93660eabcd
commit 93660eabcd
parent 0e6bb4e898
3 changed files with 36 additions and 22 deletions
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@ -27,19 +27,22 @@ in
  config = with cfg; lib.mkIf enable {
    services.rspamd = {
      enable = true;
-      extraConfig = ''
-        extended_spam_headers = yes;
-      '' + (lib.optionalString cfg.virusScanning ''
-        antivirus {
-          clamav {
-            action = "reject";
-            symbol = "CLAM_VIRUS";
-            type = "clamav";
-            log_clean = true;
-            servers = "/run/clamav/clamd.ctl";
-          }
-        }
-      '');
+      inherit debug;
+      locals = {
+          "milter_headers.conf" = { text = ''
+              extended_spam_headers = yes;
+          ''; };
+          "antivirus.conf" = lib.mkIf cfg.virusScanning { text = ''
+              clamav {
+                action = "reject";
+                symbol = "CLAM_VIRUS";
+                type = "clamav";
+                log_clean = true;
+                servers = "/run/clamav/clamd.ctl";
+                scan_mime_parts = false; # scan mail as a whole unit, not parts. seems to be needed to work at all
+              }
+          ''; };
+      };

      workers.rspamd_proxy = {
        type = "rspamd_proxy";