Rspamd

From NixOS Wiki
Revision as of 09:38, 14 October 2023 by imported>Onny (Add note on enable bayesian spam training)

Rspamd is a fast, free and open-source spam filtering system.

Installation

To enable Rspamd add following line to your system configuration

 
/etc/nixos/configuration.nix

services.rspamd.enable = true;

Configuration

Bayesian spam training

To enable bayesian spam training, a Redis backend needs to get setup and configured in Rspamd

 
/etc/nixos/configuration.nix

services.rspamd = {
  locals = {
    "redis.conf".text = ''
      servers = "${config.services.redis.servers.rspamd.unixSocket}";
    '';
    "classifier-bayes.conf".text = ''
      backend = "redis";
      autolearn = true;
    '';
  };
};

services.redis.servers.rspamd = {
  enable = true;
  port = 0;
  unixSocket = "/run/redis-rspamd/redis.sock";
  user = config.services.rspamd.user;
};

Whitelist domain

To whitelist a specific domain (in this example the domain example.org) which otherwise gets rejected by Rspamd for various reasons, this custom configuration override can be added:

 
/etc/nixos/configuration.nix

services.rspamd = {
  enable = true;
  overrides."whitelist.conf".text = ''
    whitelist_from {
      example.org = true;
    }
  '';
};

DKIM key

This module verifies the authenticity of emails through the analysis of DKIM signatures. In this example, we're configure a custom DKIM key file path suitable for the mailserver Maddy and adjust the group permissions for the Rspamd service.

 
/etc/nixos/configuration.nix

services.rspamd = {
  enable = true;
  locals."dkim_signing.conf".text = ''
    selector = "default";
    domain = "example.org";
    path = "/var/lib/maddy/dkim_keys/$domain_$selector.key";
  '';
};

systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ];
Retrieved from "https://wiki.nixos.org/w/index.php?title=Rspamd&oldid=10572"