diff --git a/mail-server/rspamd.nix b/mail-server/rspamd.nix
index 7121a46..8b860ba 100644
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@@ -235,10 +235,14 @@ in
         RestrictAddressFamilies = [
           "AF_INET"
           "AF_INET6"
+          "AF_UNIX"
         ];
         RestrictNamespaces = true;
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
+        SupplementaryGroups = lib.optionals cfg.redis.configureLocally [
+          config.services.redis.servers.rspamd.group
+        ];
         SystemCallArchitectures = "native";
         SystemCallFilter = [
           "@system-service"