diff options
| author | Peter Jones <pjones@devalot.com> | 2017-01-13 15:23:34 -0700 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-03-17 20:15:48 +0100 |
| commit | 4defb788ebec831f6a868f46b969755d7754cc4f (patch) | |
| tree | 125369fa8b8c02f863b40b9129e213cfd66bb2ec /nixos/modules/services/mail/rmilter.nix | |
| parent | fa65cc067b3bbdf4d4cdfb21f24009c297334b28 (diff) | |
| download | nixlib-4defb788ebec831f6a868f46b969755d7754cc4f.tar nixlib-4defb788ebec831f6a868f46b969755d7754cc4f.tar.gz nixlib-4defb788ebec831f6a868f46b969755d7754cc4f.tar.bz2 nixlib-4defb788ebec831f6a868f46b969755d7754cc4f.tar.lz nixlib-4defb788ebec831f6a868f46b969755d7754cc4f.tar.xz nixlib-4defb788ebec831f6a868f46b969755d7754cc4f.tar.zst nixlib-4defb788ebec831f6a868f46b969755d7754cc4f.zip | |
rmilter service: Fix a couple of bugs
* The module uses `stringSplit` but it should be `splitString`
* `rmilter` doesn't actually support binding to multiple sockets.
Therefore, bind to the last one specified if `socketActivation` is
`false`.
I also believe there is a bug in this module related to systemd
`ListenStream`. If `socketActivation` is true, Postfix gets
connection timeouts trying to connect to one of the `ListenStream`
inet addresses. I don't know enough about `ListenStream` passing
connections on to `fd:3` to understand what's going on.
These changes are in production (with `socketActivation = false`) via NixOps.
Diffstat (limited to 'nixos/modules/services/mail/rmilter.nix')
| -rw-r--r-- | nixos/modules/services/mail/rmilter.nix | 47 |
1 files changed, 24 insertions, 23 deletions
diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix index 8f18b929c114..7fb4a5195821 100644 --- a/nixos/modules/services/mail/rmilter.nix +++ b/nixos/modules/services/mail/rmilter.nix @@ -7,32 +7,31 @@ let rspamdCfg = config.services.rspamd; cfg = config.services.rmilter; - inetSockets = map (sock: let s = stringSplit ":" sock; in "inet:${last s}:${head s}") cfg.bindInetSockets; + inetSockets = map (sock: let s = splitString ":" sock; in "inet:${last s}@${head s}") cfg.bindInetSockets; unixSockets = map (sock: "unix:${sock}") cfg.bindUnixSockets; allSockets = unixSockets ++ inetSockets; rmilterConf = '' -pidfile = /run/rmilter/rmilter.pid; -bind_socket = ${if cfg.socketActivation then "fd:3" else concatStringsSep ", " allSockets}; -tempdir = /tmp; - + pidfile = /run/rmilter/rmilter.pid; + bind_socket = ${if cfg.socketActivation then "fd:3" else last inetSockets}; + tempdir = /tmp; '' + (with cfg.rspamd; if enable then '' -spamd { - servers = ${concatStringsSep ", " servers}; - connect_timeout = 1s; - results_timeout = 20s; - error_time = 10; - dead_time = 300; - maxerrors = 10; - reject_message = "${rejectMessage}"; - ${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"} - - # rspamd_metric - metric for using with rspamd - # Default: "default" - rspamd_metric = "default"; - ${extraConfig} -}; + spamd { + servers = ${concatStringsSep ", " servers}; + connect_timeout = 1s; + results_timeout = 20s; + error_time = 10; + dead_time = 300; + maxerrors = 10; + reject_message = "${rejectMessage}"; + ${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"} + + # rspamd_metric - metric for using with rspamd + # Default: "default" + rspamd_metric = "default"; + ${extraConfig} + }; '' else "") + cfg.extraConfig; rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf; @@ -100,9 +99,11 @@ in default = true; description = '' Enable systemd socket activation for rmilter. - (disabling socket activation not recommended - when unix socket used, and follow to wrong - permissions on unix domain socket.) + + Disabling socket activation is not recommended when a Unix + domain socket is used and could lead to incorrect + permissions. Therefore, setting this to false will + configure rmilter to use an inet socket only. ''; }; |