fix(self_host/mail): restore the connection to mailjet

2025-12-25 01:27:31 +01:00 · 2025-12-25 01:27:31 +01:00 · b9ed7f1eb8
commit b9ed7f1eb8
parent 997042d9be
1 changed files with 44 additions and 54 deletions
--- a/services/self_host/mail.nix
+++ b/services/self_host/mail.nix
@ -77,11 +77,6 @@ in
          smtpd_tls_cert_file = "/var/lib/acme/mail.enium.eu/fullchain.pem";
          smtpd_tls_key_file = "/var/lib/acme/mail.enium.eu/key.pem";
          smtpd_milters = "unix:/run/rspamd/rspamd.sock";
          non_smtpd_milters = "unix:/run/rspamd/rspamd.sock";
          milter_protocol = "6";
          milter_default_action = "accept";
          milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_authen}";
        };
        master."submission" = {
          type = "inet";
@ -107,7 +102,7 @@ in
    systemd.services.postfix.preStart = lib.mkMerge [
      (lib.mkAfter ''
        umask 077
-        echo "[in-v3.mailjet.com]:587 $(cat ${mailjet-pass}):$(cat ${mailjet-pass})" > /var/lib/postfix/sasl_passwd
+        echo "[in-v3.mailjet.com]:587 $(cat ${mailjet-user}):$(cat ${mailjet-pass})" > /var/lib/postfix/sasl_passwd
        chown postfix:postfix /var/lib/postfix/sasl_passwd
        chmod 600 /var/lib/postfix/sasl_passwd
        ${pkgs.postfix}/bin/postmap /var/lib/postfix/sasl_passwd
@ -143,7 +138,7 @@ in
      extraConfig = ''
        protocols = imap lmtp
        auth_mechanisms = plain login
-        disable_plaintext_auth = yes
+        disable_plaintext_auth = no
        base_dir = /run/dovecot
        userdb {
@ -240,57 +235,51 @@ in
    services.rspamd = {
      enable = true;
-        extraConfig = ''
+      postfix.enable = true;
-          worker "controller" {
+      extraConfig = ''
-            bind_socket = "127.0.0.1:11334";
+        worker "controller" {
-            password = "admin";
+          bind_socket = "127.0.0.1:11334";
          password = "admin";
        };
        worker "normal" {
          bind_socket = "127.0.0.1:11333";
        };
        worker "rspamd_proxy" {
          bind_socket = "127.0.0.1:11332";
          milter = yes;
          timeout = 120s;
          upstream "local" {
            self_scan = yes;
          };
        };
        actions {
          reject = 12;
          add_header = 6;
          greylist = 4;
        };
        classifier "bayes" {
          backend = "redis";
          servers = "127.0.0.1:6381";
          autolearn = true;
          min_learns = 200;
          new_schema = true;
          cache = true;
          statfile {
            symbol = "BAYES_HAM";
            spam = false;
          };
-          worker "normal" {
+          statfile {
-            bind_socket = "127.0.0.1:11333";
+            symbol = "BAYES_SPAM";
            spam = true;
          };
-          worker "rspamd_proxy" {
+        learn_condition = <<EOD
            bind_socket = "127.0.0.1:11332";
            milter = yes;
            timeout = 120s;
            upstream "local" {
              self_scan = yes;
            };
          };
          actions {
            reject = 12;
            add_header = 6;
            greylist = 4;
          };
          milter {
            unix_socket = "/run/rspamd/milter.sock";
            unix_permissions = 0660;
            user = "rspamd";
            group = "postfix";
          };
          classifier "bayes" {
            backend = "redis";
            servers = "127.0.0.1:6381";
            autolearn = true;
            min_learns = 200;
            new_schema = true;
            cache = true;
            statfile {
              symbol = "BAYES_HAM";
              spam = false;
            };
            statfile {
              symbol = "BAYES_SPAM";
              spam = true;
            };
            learn_condition = <<EOD
 return function(task)
  return true
 end
@ -318,6 +307,7 @@ EOD;
    };
    security.acme.certs."mail.enium.eu" = {
      listenHTTP = ":80";
      group = "dovecot2";
    };
  };
 }