diff --git a/lib/modules.nix b/lib/modules.nix
index 6c8033322a540..848de12d30f74 100644
--- a/lib/modules.nix
+++ b/lib/modules.nix
@@ -647,7 +647,17 @@ rec {
result of the change function
*/
mkChangedOptionModule = from: to: changeFn:
- mkMergedOptionModule [ from ] to changeFn;
+ { config, options, ... }:
+ { options = setAttrByPath from (mkOption {
+ visible = false;
+ });
+ config =
+ let opt = getAttrFromPath from options; in {
+ warnings =
+ optional opt.isDefined
+ "The option `${showOption from}' defined in ${showFiles opt.files} has been changed to `${showOption to}' that has a different type. Please read `${showOption to}' documentation and update your configuration accordingly.";
+ } // setAttrByPath to (mkIf opt.isDefined (changeFn config));
+ };
/* Like ‘mkRenamedOptionModule’, but doesn't show a warning. */
mkAliasOptionModule = from: to: doRename {
diff --git a/nixos/doc/manual/release-notes/rl-1809.xml b/nixos/doc/manual/release-notes/rl-1809.xml
index 01b5e9d77460d..ef4c290569559 100644
--- a/nixos/doc/manual/release-notes/rl-1809.xml
+++ b/nixos/doc/manual/release-notes/rl-1809.xml
@@ -233,6 +233,14 @@ $ nix-instantiate -E '(import <nixpkgsunstable> {}).gitFull'
networking.networkmanager.dns instead.
+
+
+ services.rmilter has been deprecated and corresponding package removed.
+ rspamd now listens on a UNIX socket by default. Use services.rspamd.postfix.enable
+ instead of services.rmilter.postfix.enable for quick Postfix integration.
+
+
+
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 6c4326046ef84..7e73009fe46dc 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -298,7 +298,6 @@
./services/mail/postgrey.nix
./services/mail/spamassassin.nix
./services/mail/rspamd.nix
- ./services/mail/rmilter.nix
./services/mail/nullmailer.nix
./services/misc/airsonic.nix
./services/misc/apache-kafka.nix
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 56b7bf00448c9..88d75f68f992a 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -49,9 +49,6 @@ with lib;
(mkRemovedOptionModule [ "security" "setuidOwners" ] "Use security.wrappers instead")
(mkRemovedOptionModule [ "security" "setuidPrograms" ] "Use security.wrappers instead")
- (mkRemovedOptionModule [ "services" "rmilter" "bindInetSockets" ] "Use services.rmilter.bindSocket.* instead")
- (mkRemovedOptionModule [ "services" "rmilter" "bindUnixSockets" ] "Use services.rmilter.bindSocket.* instead")
-
# Xsession script
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "xserver" "displayManager" "job" "logToFile" ])
(mkRenamedOptionModule [ "services" "xserver" "displayManager" "logToJournal" ] [ "services" "xserver" "displayManager" "job" "logToJournal" ])
@@ -250,6 +247,9 @@ with lib;
(mkRenamedOptionModule [ "programs" "info" "enable" ] [ "documentation" "info" "enable" ])
(mkRenamedOptionModule [ "programs" "man" "enable" ] [ "documentation" "man" "enable" ])
+ # rmilter
+ (mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd directly instead")
+
] ++ (flip map [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
"jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
"snmpExporter" "unifiExporter" "varnishExporter" ]
diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix
deleted file mode 100644
index e17b7516bfff8..0000000000000
--- a/nixos/modules/services/mail/rmilter.nix
+++ /dev/null
@@ -1,249 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
- rspamdCfg = config.services.rspamd;
- postfixCfg = config.services.postfix;
- cfg = config.services.rmilter;
-
- inetSocket = addr: port: "inet:[${toString port}@${addr}]";
- unixSocket = sock: "unix:${sock}";
-
- systemdSocket = if cfg.bindSocket.type == "unix" then cfg.bindSocket.path
- else "${cfg.bindSocket.address}:${toString cfg.bindSocket.port}";
- rmilterSocket = if cfg.bindSocket.type == "unix" then unixSocket cfg.bindSocket.path
- else inetSocket cfg.bindSocket.address cfg.bindSocket.port;
-
- rmilterConf = ''
- pidfile = /run/rmilter/rmilter.pid;
- bind_socket = ${if cfg.socketActivation then "fd:3" else rmilterSocket};
- tempdir = /tmp;
- '' + (with cfg.rspamd; if enable then ''
- spamd {
- servers = ${concatStringsSep ", " servers};
- connect_timeout = 1s;
- results_timeout = 20s;
- error_time = 10;
- dead_time = 300;
- maxerrors = 10;
- reject_message = "${rejectMessage}";
- ${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"}
-
- # rspamd_metric - metric for using with rspamd
- # Default: "default"
- rspamd_metric = "default";
- ${extraConfig}
- };
- '' else "") + cfg.extraConfig;
-
- rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf;
-
-in
-
-{
-
- ###### interface
-
- options = {
-
- services.rmilter = {
-
- enable = mkOption {
- type = types.bool;
- default = cfg.rspamd.enable;
- description = "Whether to run the rmilter daemon.";
- };
-
- debug = mkOption {
- type = types.bool;
- default = false;
- description = "Whether to run the rmilter daemon in debug mode.";
- };
-
- user = mkOption {
- type = types.string;
- default = "rmilter";
- description = ''
- User to use when no root privileges are required.
- '';
- };
-
- group = mkOption {
- type = types.string;
- default = "rmilter";
- description = ''
- Group to use when no root privileges are required.
- '';
- };
-
- bindSocket.type = mkOption {
- type = types.enum [ "unix" "inet" ];
- default = "unix";
- description = ''
- What kind of socket rmilter should listen on. Either "unix"
- for an Unix domain socket or "inet" for a TCP socket.
- '';
- };
-
- bindSocket.path = mkOption {
- type = types.str;
- default = "/run/rmilter/rmilter.sock";
- description = ''
- Path to Unix domain socket to listen on.
- '';
- };
-
- bindSocket.address = mkOption {
- type = types.str;
- default = "::1";
- example = "0.0.0.0";
- description = ''
- Inet address to listen on.
- '';
- };
-
- bindSocket.port = mkOption {
- type = types.int;
- default = 11990;
- description = ''
- Inet port to listen on.
- '';
- };
-
- socketActivation = mkOption {
- type = types.bool;
- default = true;
- description = ''
- Enable systemd socket activation for rmilter.
-
- Disabling socket activation is not recommended when a Unix
- domain socket is used and could lead to incorrect
- permissions.
- '';
- };
-
- rspamd = {
- enable = mkOption {
- type = types.bool;
- default = rspamdCfg.enable;
- description = "Whether to use rspamd to filter mails";
- };
-
- servers = mkOption {
- type = types.listOf types.str;
- default = ["r:/run/rspamd/rspamd.sock"];
- description = ''
- Spamd socket definitions.
- Is server name is prefixed with r: it is rspamd server.
- '';
- };
-
- whitelist = mkOption {
- type = types.listOf types.str;
- default = [ ];
- description = "list of ips or nets that should be not checked with spamd";
- };
-
- rejectMessage = mkOption {
- type = types.str;
- default = "Spam message rejected; If this is not spam contact abuse";
- description = "reject message for spam";
- };
-
- extraConfig = mkOption {
- type = types.lines;
- default = "";
- description = "Custom snippet to append to end of `spamd' section";
- };
- };
-
- extraConfig = mkOption {
- type = types.lines;
- default = "";
- description = "Custom snippet to append to rmilter config";
- };
-
- postfix = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = "Add rmilter to postfix main.conf";
- };
-
- configFragment = mkOption {
- type = types.str;
- description = "Addon to postfix configuration";
- default = ''
- smtpd_milters = ${rmilterSocket}
- milter_protocol = 6
- milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
- '';
- };
- };
-
- };
-
- };
-
-
- ###### implementation
-
- config = mkMerge [
-
- (mkIf cfg.enable {
-
- users.extraUsers = singleton {
- name = cfg.user;
- description = "rmilter daemon";
- uid = config.ids.uids.rmilter;
- group = cfg.group;
- };
-
- users.extraGroups = singleton {
- name = cfg.group;
- gid = config.ids.gids.rmilter;
- };
-
- systemd.services.rmilter = {
- description = "Rmilter Service";
-
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
-
- serviceConfig = {
- ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}";
- ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
- User = cfg.user;
- Group = cfg.group;
- PermissionsStartOnly = true;
- Restart = "always";
- RuntimeDirectory = "rmilter";
- RuntimeDirectoryMode = "0750";
- };
-
- };
-
- systemd.sockets.rmilter = mkIf cfg.socketActivation {
- description = "Rmilter service socket";
- wantedBy = [ "sockets.target" ];
- socketConfig = {
- ListenStream = systemdSocket;
- SocketUser = cfg.user;
- SocketGroup = cfg.group;
- SocketMode = "0660";
- };
- };
- })
-
- (mkIf (cfg.enable && cfg.rspamd.enable && rspamdCfg.enable) {
- users.extraUsers.${cfg.user}.extraGroups = [ rspamdCfg.group ];
- })
-
- (mkIf (cfg.enable && cfg.postfix.enable) {
- services.postfix.extraConfig = cfg.postfix.configFragment;
- users.extraUsers.${postfixCfg.user}.extraGroups = [ cfg.group ];
- })
- ];
-}
diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix
index 09fb587e74b56..c0abefc329d4a 100644
--- a/nixos/modules/services/mail/rspamd.nix
+++ b/nixos/modules/services/mail/rspamd.nix
@@ -18,7 +18,7 @@ let
};
mode = mkOption {
type = types.str;
- default = "0644";
+ default = "0660";
description = "Mode to set on unix socket";
};
owner = mkOption {
@@ -60,6 +60,7 @@ let
type = types.nullOr (types.enum [
"normal" "controller" "fuzzy_storage" "proxy" "lua"
]);
+ default = null;
description = "The type of this worker";
};
bindSockets = mkOption {
@@ -99,19 +100,23 @@ let
description = "Additional entries to put verbatim into worker section of rspamd config file.";
};
};
- config = mkIf (name == "normal" || name == "controller" || name == "fuzzy") {
- type = mkDefault name;
- includes = mkDefault [ "$CONFDIR/worker-${name}.inc" ];
- bindSockets = mkDefault (if name == "normal"
- then [{
- socket = "/run/rspamd/rspamd.sock";
- mode = "0660";
- owner = cfg.user;
- group = cfg.group;
- }]
- else if name == "controller"
- then [ "localhost:11334" ]
- else [] );
+ config = mkIf (name == "normal" || name == "controller" || name == "fuzzy" || name == "rspamd_proxy") {
+ includes = mkDefault [ "$CONFDIR/worker-${if name == "rspamd_proxy" then "proxy" else name}.inc" ];
+ bindSockets =
+ let unixSocket = name: {
+ socket = "/run/rspamd/${name}.sock";
+ owner = cfg.user;
+ group = cfg.group;
+ }; in mkDefault (
+ if name == "normal" then [ (unixSocket "rspamd") ]
+ else if name == "controller" then [ (unixSocket "controller") ]
+ else if name == "rspamd_proxy" then [ (unixSocket "proxy") ]
+ else [] );
+ extraConfig = mkIf (name == "rspamd_proxy") (mkDefault ''
+ upstream "local" {
+ self_scan = yes;
+ }
+ '');
};
};
@@ -146,23 +151,22 @@ let
in (imap (idx: e: "bind_socket = \"systemd:${toString (systemd + idx - 1)}\";") (listenStreams each.socket))
else "bind_socket = \"${each.rawEntry}\";") socks));
- rspamdConfFile = pkgs.writeText "rspamd.conf"
- ''
- .include "$CONFDIR/common.conf"
-
- options {
- pidfile = "$RUNDIR/rspamd.pid";
- .include "$CONFDIR/options.inc"
- }
-
- logging {
- type = "syslog";
- .include "$CONFDIR/logging.inc"
- }
+ rspamdConf = pkgs.symlinkJoin {
+ name = "rspamd-conf";
+ paths =
+ let
+ makeConfigs = prefix: attrs: mapAttrsToList (name: text: pkgs.writeTextFile { inherit name text; destination = "/${prefix}/${name}"; }) attrs;
+ localFiles = makeConfigs "local.d" cfg.locals;
+ overrideFiles = makeConfigs "override.d" cfg.overrides;
+ in [ rspamdConfFile ] ++ localFiles ++ overrideFiles;
+ };
+ rspamdConfFile = pkgs.writeTextDir "rspamd.conf.override"
+ ''
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
- worker ${optionalString (value.name != "normal" && value.name != "controller") "${value.name}"} {
- type = "${value.type}";
+ worker ${optionalString (value.name != null) ''"${value.name}"''} {
+ ${optionalString (value.type != null)
+ ''type = "${value.type}";''}
${optionalString (value.enable != null)
"enabled = ${if value.enable != false then "yes" else "no"};"}
${mkBindSockets value.enable value.bindSockets}
@@ -212,19 +216,35 @@ in
'';
};
+ locals = mkOption {
+ type = with types; attrsOf lines;
+ default = {};
+ description = ''
+ Local configuration files, written into /etc/rspamd/local.d/{name}.
+ '';
+ };
+
+ overrides = mkOption {
+ type = with types; attrsOf lines;
+ default = {};
+ description = ''
+ Overridden configuration files, written into /etc/rspamd/override.d/{name}.
+ '';
+ };
+
workers = mkOption {
type = with types; attrsOf (submodule workerOpts);
description = ''
- Attribute set of workers to start.
+ Attribute set of workers to start. By default, controller and
+ self-scanning proxy worker are started.
'';
default = {
- normal = {};
controller = {};
+ rspamd_proxy = {};
};
example = literalExample ''
{
normal = {
- includes = [ "$CONFDIR/worker-normal.inc" ];
bindSockets = [{
socket = "/run/rspamd/rspamd.sock";
mode = "0660";
@@ -233,7 +253,6 @@ in
}];
};
controller = {
- includes = [ "$CONFDIR/worker-controller.inc" ];
bindSockets = [ "[::1]:11334" ];
};
}
@@ -263,7 +282,15 @@ in
description = ''
Group to use when no root privileges are required.
'';
- };
+ };
+
+ postfix = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Add rspamd milter proxy to postfix main.conf";
+ };
+ };
};
};
@@ -272,8 +299,6 @@ in
config = mkIf cfg.enable {
- services.rspamd.socketActivation = mkDefault (!opts.bindSocket.isDefined && !opts.bindUISocket.isDefined);
-
assertions = [ {
assertion = !cfg.socketActivation || !(opts.bindSocket.isDefined || opts.bindUISocket.isDefined);
message = "Can't use socketActivation for rspamd when using renamed bind socket options";
@@ -294,20 +319,44 @@ in
gid = config.ids.gids.rspamd;
};
- environment.etc."rspamd.conf".source = rspamdConfFile;
+ services.rspamd = {
+ socketActivation = mkDefault (!opts.bindSocket.isDefined && !opts.bindUISocket.isDefined);
+
+ workers = mkIf cfg.postfix.enable {
+ controller = {};
+ rspamd_proxy = {
+ bindSockets = [ {
+ socket = "/var/lib/postfix/queue/private/rspamd";
+ owner = "rspamd";
+ group = "postfix";
+ } ];
+ };
+ };
+
+ overrides."logging.inc" = mkDefault ''
+ type = "syslog";
+ '';
+ };
+
+ services.postfix.extraConfig = mkIf cfg.postfix.enable ''
+ smtpd_milters = unix:private/rspamd
+ non_smtpd_milters = $smtpd_milters
+ milter_protocol = 6
+ '';
+
+ environment.etc."rspamd".source = rspamdConf;
systemd.services.rspamd = {
description = "Rspamd Service";
wantedBy = mkIf (!cfg.socketActivation) [ "multi-user.target" ];
- after = [ "network.target" ] ++
- (if cfg.socketActivation then allSocketNames else []);
- requires = mkIf cfg.socketActivation allSocketNames;
+ after = [ "network.target" ];
+ restartTriggers = [ rspamdConf ];
serviceConfig = {
- ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -c ${rspamdConfFile} -f";
- Restart = "always";
- RuntimeDirectory = "rspamd";
+ ExecStart = "${pkgs.rspamd}/bin/rspamd ${optionalString cfg.debug "-d"} --user=${cfg.user} --group=${cfg.group} --pid=/run/rspamd.pid -f";
+ Restart = "on-failure";
+ RuntimeDirectory = mkIf (!cfg.socketActivation) "rspamd";
PrivateTmp = true;
Sockets = mkIf cfg.socketActivation (concatStringsSep " " allSocketNames);
};
@@ -323,6 +372,7 @@ in
value = {
description = "Rspamd socket ${toString each.index} for worker ${each.name}";
wantedBy = [ "sockets.target" ];
+ after = optional (each.name == "rspamd_proxy") "postfix.service";
listenStreams = (listenStreams each.value.socket);
socketConfig = {
BindIPv6Only = mkIf (isIPv6Socket each.value.socket) "ipv6-only";
@@ -334,8 +384,11 @@ in
};
}) allMappedSockets));
};
- imports = [
- (mkRenamedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" "normal" "bindSockets" ])
- (mkRenamedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" "controller" "bindSockets" ])
- ];
+
+ imports =
+ let mkMappedOptionModule = from: to: changeFn: mkChangedOptionModule from to (config: changeFn config (getAttrFromPath from config));
+ in [
+ (mkMappedOptionModule [ "services" "rspamd" "bindSocket" ] [ "services" "rspamd" "workers" ] (config: value: { normal.bindSockets = value; }))
+ (mkMappedOptionModule [ "services" "rspamd" "bindUISocket" ] [ "services" "rspamd" "workers" ] (config: value: { controller.bindSockets = value; }))
+ ];
}
diff --git a/nixos/tests/rspamd.nix b/nixos/tests/rspamd.nix
index 6b2e2dd3a5317..4df60a4f1212e 100644
--- a/nixos/tests/rspamd.nix
+++ b/nixos/tests/rspamd.nix
@@ -4,7 +4,7 @@ with pkgs.lib;
let
initMachine = ''
startAll
- $machine->waitForUnit("rspamd.service");
+ $machine->waitForUnit("multi-user.target");
$machine->succeed("id \"rspamd\" >/dev/null");
'';
checkSocket = socket: user: group: mode: ''
@@ -13,45 +13,30 @@ let
$machine->succeed("[[ \"\$(stat -c %G ${socket})\" == \"${group}\" ]]");
$machine->succeed("[[ \"\$(stat -c %a ${socket})\" == \"${mode}\" ]]");
'';
- simple = name: socketActivation: enableIPv6: makeTest {
+ simple = name: socketActivation: makeTest {
name = "rspamd-${name}";
machine = {
services.rspamd = {
enable = true;
socketActivation = socketActivation;
};
- networking.enableIPv6 = enableIPv6;
};
testScript = ''
- startAll
- $machine->waitForUnit("multi-user.target");
- $machine->waitForOpenPort(11334);
- $machine->waitForUnit("rspamd.service");
- $machine->succeed("id \"rspamd\" >/dev/null");
- ${checkSocket "/run/rspamd/rspamd.sock" "rspamd" "rspamd" "660" }
- sleep 10;
- $machine->log($machine->succeed("cat /etc/rspamd.conf"));
+ ${initMachine}
$machine->log($machine->succeed("systemctl cat rspamd.service"));
${if socketActivation then ''
$machine->log($machine->succeed("systemctl cat rspamd-controller-1.socket"));
- $machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
'' else ''
$machine->fail("systemctl cat rspamd-controller-1.socket");
- $machine->fail("systemctl cat rspamd-normal-1.socket");
- ''}
- $machine->log($machine->succeed("curl http://localhost:11334/auth"));
- $machine->log($machine->succeed("curl http://127.0.0.1:11334/auth"));
- ${optionalString enableIPv6 ''
- $machine->log($machine->succeed("curl http://[::1]:11334/auth"));
+ $machine->waitForFile("/run/rspamd/controller.sock");
''}
+ $machine->log($machine->succeed("curl --unix-socket /run/rspamd/controller.sock http://localhost/auth"));
'';
};
in
{
- simple = simple "simple" false true;
- ipv4only = simple "ipv4only" false false;
- simple-socketActivated = simple "simple-socketActivated" true true;
- ipv4only-socketActivated = simple "ipv4only-socketActivated" true false;
+ simple = simple "simple" false;
+ simple-socketActivated = simple "simple-socketActivated" true;
deprecated = makeTest {
name = "rspamd-deprecated";
machine = {
@@ -67,7 +52,6 @@ in
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
- $machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->fail("systemctl cat rspamd-normal-1.socket");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
@@ -100,7 +84,6 @@ in
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
- $machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->fail("systemctl cat rspamd-normal-1.socket");
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
@@ -131,7 +114,6 @@ in
$machine->waitForFile("/run/rspamd.sock");
${checkSocket "/run/rspamd.sock" "root" "root" "600" }
${checkSocket "/run/rspamd-worker.sock" "root" "root" "666" }
- $machine->log($machine->succeed("cat /etc/rspamd.conf"));
$machine->log($machine->succeed("systemctl cat rspamd-normal-1.socket"));
$machine->log($machine->succeed("rspamc -h /run/rspamd-worker.sock stat"));
$machine->log($machine->succeed("curl --unix-socket /run/rspamd-worker.sock http://localhost/ping"));
diff --git a/pkgs/servers/mail/rmilter/default.nix b/pkgs/servers/mail/rmilter/default.nix
deleted file mode 100644
index 739270326e5b6..0000000000000
--- a/pkgs/servers/mail/rmilter/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ stdenv, fetchFromGitHub, cmake, bison, flex, pkgconfig, openssl, pcre
-, libmilter, opendkim, libmemcached, glib }:
-
-let patchedLibmilter = stdenv.lib.overrideDerivation libmilter (_ : {
- patches = libmilter.patches ++ [ ./fd-passing-libmilter.patch ];
-});
-in
-
-stdenv.mkDerivation rec {
- name = "rmilter-${version}";
- version = "1.10.0";
-
- src = fetchFromGitHub {
- owner = "vstakhov";
- repo = "rmilter";
- rev = version;
- sha256 = "1gbp6jah88l6xqgflim01ycyp63l733bgir65fxnnrmifj1qzymh";
- };
-
- nativeBuildInputs = [ bison cmake flex pkgconfig ];
- buildInputs = [ libmemcached patchedLibmilter openssl pcre opendkim glib ];
-
- meta = with stdenv.lib; {
- homepage = https://github.com/vstakhov/rmilter;
- license = licenses.asl20;
- description = ''
- Daemon to integrate rspamd and milter compatible MTA, for example
- postfix or sendmail
- '';
- maintainers = with maintainers; [ avnik fpletz ];
- platforms = with platforms; linux;
- };
-}
diff --git a/pkgs/servers/mail/rmilter/fd-passing-libmilter.patch b/pkgs/servers/mail/rmilter/fd-passing-libmilter.patch
deleted file mode 100644
index 3ab61a6fab007..0000000000000
--- a/pkgs/servers/mail/rmilter/fd-passing-libmilter.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-Description: systemd-like socket activation support for libmilter
-Author: Mikhail Gusarov {unix|local}:/path/to/file -- A named pipe.
- inet:port@{hostname|ip-address} -- An IPV4 socket.
- inet6:port@{hostname|ip-address} -- An IPV6 socket.
-+ fd:number -- Pre-opened file descriptor.
-
-
-
-diff --git a/libmilter/listener.c b/libmilter/listener.c
-index 48c552f..2249a1f 100644
---- a/libmilter/listener.c
-+++ b/libmilter/listener.c
-@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, name)
- L_socksize = sizeof addr.sin6;
- }
- #endif /* NETINET6 */
-+ else if (strcasecmp(p, "fd") == 0)
-+ {
-+ addr.sa.sa_family = AF_UNSPEC;
-+ L_socksize = sizeof (_SOCK_ADDR);
-+ }
- else
- {
- smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
-@@ -443,7 +448,21 @@ mi_milteropen(conn, backlog, rmsocket, name)
- }
- #endif /* NETINET || NETINET6 */
-
-- sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
-+ if (addr.sa.sa_family == AF_UNSPEC)
-+ {
-+ char *end;
-+ sock = strtol(colon, &end, 10);
-+ if (*end != '\0' || sock < 0)
-+ {
-+ smi_log(SMI_LOG_ERR, "%s: expected positive integer as fd, got %s", name, colon);
-+ return INVALID_SOCKET;
-+ }
-+ }
-+ else
-+ {
-+ sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
-+ }
-+
- if (!ValidSocket(sock))
- {
- smi_log(SMI_LOG_ERR,
-@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, name)
- #if NETUNIX
- addr.sa.sa_family != AF_UNIX &&
- #endif /* NETUNIX */
-+ addr.sa.sa_family != AF_UNSPEC &&
- setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
- sizeof(sockopt)) == -1)
- {
-@@ -511,7 +531,8 @@ mi_milteropen(conn, backlog, rmsocket, name)
- }
- #endif /* NETUNIX */
-
-- if (bind(sock, &addr.sa, L_socksize) < 0)
-+ if (addr.sa.sa_family != AF_UNSPEC &&
-+ bind(sock, &addr.sa, L_socksize) < 0)
- {
- smi_log(SMI_LOG_ERR,
- "%s: Unable to bind to port %s: %s",
-@@ -817,7 +838,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog)
- # ifdef BSD4_4_SOCKADDR
- cliaddr.sa.sa_len == 0 ||
- # endif /* BSD4_4_SOCKADDR */
-- cliaddr.sa.sa_family != L_family))
-+ (L_family != AF_UNSPEC && cliaddr.sa.sa_family != L_family)))
- {
- (void) closesocket(connfd);
- connfd = INVALID_SOCKET;
diff --git a/pkgs/servers/mail/rspamd/default.nix b/pkgs/servers/mail/rspamd/default.nix
index 3e31327980683..034f2e700effd 100644
--- a/pkgs/servers/mail/rspamd/default.nix
+++ b/pkgs/servers/mail/rspamd/default.nix
@@ -6,29 +6,25 @@ in
stdenv.mkDerivation rec {
name = "rspamd-${version}";
- version = "1.6.6";
+ version = "1.7.4";
src = fetchFromGitHub {
owner = "vstakhov";
repo = "rspamd";
rev = version;
- sha256 = "04jqrki7rlxywdig264kavy1h5882rspi2drkbdzrk35jjq8rh3h";
+ sha256 = "1iba6mpha1ikybn9qnvgxzh6pjw5yj5aipamd586rfb0j9lbwsd5";
};
nativeBuildInputs = [ cmake pkgconfig perl ];
- buildInputs = [ glib gmime libevent libmagic luajit openssl pcre sqlite ragel icu libfann];
+ buildInputs = [ glib gmime libevent libmagic luajit openssl pcre sqlite ragel icu libfann ];
- postPatch = ''
- substituteInPlace conf/common.conf --replace "\$CONFDIR/rspamd.conf.local" "/etc/rspamd/rspamd.conf.local"
- substituteInPlace conf/common.conf --replace "\$CONFDIR/rspamd.conf.local.override" "/etc/rspamd/rspamd.conf.local.override"
- '';
-
- cmakeFlags = ''
- -DDEBIAN_BUILD=ON
- -DRUNDIR=/var/run/rspamd
- -DDBDIR=/var/lib/rspamd
- -DLOGDIR=/var/log/rspamd
- '';
+ cmakeFlags = [
+ "-DDEBIAN_BUILD=ON"
+ "-DRUNDIR=/var/run/rspamd"
+ "-DDBDIR=/var/lib/rspamd"
+ "-DLOGDIR=/var/log/rspamd"
+ "-DLOCAL_CONFDIR=/etc/rspamd"
+ ];
meta = with stdenv.lib; {
homepage = https://github.com/vstakhov/rspamd;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index d6759098dfaa5..254bf77d84baa 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12627,8 +12627,6 @@ with pkgs;
postsrsd = callPackage ../servers/mail/postsrsd { };
- rmilter = callPackage ../servers/mail/rmilter { };
-
rspamd = callPackage ../servers/mail/rspamd { };
pfixtools = callPackage ../servers/mail/postfix/pfixtools.nix {