Move from rmilter to rspamd

[r-raymond]

With rmilter being deprecated, we should move the scanning system over to rspamd

[r-raymond]

Ok after investigating this a bit the issue is that we would need some patches upstream (nixpkgs) to make this work. At the very least we would need to update the package to a more recent version.

Another note is that rspamd has some really fancy features to the point where it maybe is a overkill for a Simple Nixos Mailserver. Some of the statistics also rely on databases (given sqlite databases), so strictly speaking it goes against the goals of the project -- even though I doubt anyone is worried about backing up spam statistics.

Another possibility would be to move to a different milter system, maybe just basic opendkim, clamav and spam assassin. Opinions are very welcome!

[phdoerfler]

I am in favor of rspamd. It also provides very useful statistics graphically.

[r-raymond]

NixOS/nixpkgs#31734 upstream patch.

Kind of unclear what we are supposed to do until it lands in a stable release though.

[r-raymond]

rspamd 1.6.5 is now in unstable so the transition can begin

[vstakhov]

By the way, you can remove OpenDKIM completely if you switch to the recent Rspamd.

[r-raymond]

@vstakhov, we use opendkim only for key creation right now, rmilter does the signing. Thanks for pointing it out though!

[vstakhov]

Rmilter also uses libopendkim. Rspamd does not uses it on the contrary. Hence, if you throw off Rmilter you won't need any traces of opendkim as well. Rspamadm tool from rspamd distribution can generate dkim keys and DNS records.

…

On 16 January 2018 12:40:41 pm Robin Raymond ***@***.***> wrote: @vstakhov, we use opendkim only for key creation right now, rmilter does the signing. Thanks for pointing it out though! -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #25 (comment)

[jbboehr]

Looks like 18.03 is out as of yesterday: https://groups.google.com/forum/#!topic/nix-devel/7bRK8FUcC5s

[nyanloutre]

#90

So that's why the spam filtering doesn't work on 18.03

[dotlambda]

I am seeing

postfix/smtpd[10743]: NOQUEUE: milter-reject: CONNECT from example.com[X.X.X.X]: 451 4.7.1 Service unavailable - try again later; proto=SMTP

in my logs when I try to send a message. Therefore I'm unable to send emails right now.
Do you know of any workaround?

[r-raymond]

I'm sorry to hear that. Are you on 18.03? In this case the best bet would be to turn off spam filtering all together.

[dotlambda]

No, I'm on unstable. Disabled the rmilter service for now.

[eqyiel]

Some related work:
https://github.com/mayflower/nixpkgs/blob/26dde7d6c654356990ab4246471d000c3330762c/nixos/modules/services/mail/rspamd.nix (based on 17.09?)
NixOS/nixpkgs#20715

[eqyiel]

For those who are running unstable, with the following change to the upstream rmilter service I can at least send and receive mail:

nixos/rmilter: temporarily accept on failure

1 file changed, 2 insertions(+)
nixos/modules/services/mail/rmilter.nix | 2 ++

modified   nixos/modules/services/mail/rmilter.nix
@@ -179,6 +179,8 @@ in
             smtpd_milters = ${rmilterSocket}
             milter_protocol = 6
             milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
+            # skip mail without checks if something goes wrong
+            milter_default_action = accept
           '';
         };
       };

Otherwise it will reject mails with warning: connect to Milter service unix:/run/rmilter/rmilter.sock: No such file or directory.

I haven't disabled the rmilter service.

[telent]

#90 (comment) I have spam filtering working in 18.03 with this rather kludgey workaround, if it helps

[eqyiel]

This is a thing: NixOS/nixpkgs#40434