The line type of this option make its concatenation cleaner: the user
doesn't have to manually add `\n` to its policydSPFExtraConfig value
when debug in set.
Currently oneshot services are not re-run on NixOS activate and that
meant that you needed to manually restart `gen-passwd-file` for new
users to be available.
This commit removes the `gen-passwd-file` service and instead simply
calls the same script in the dovecot2 preStart.
`services.postfix.extraConfig` is just a string while the
`services.postfix.config` option configures the same thing but with a
typed attrset instead which is easier to manipulate and override in Nix.
The sqlite backed is deprecated, and the redis backend is the default
since rspamd 2.0.
Not having redis started results in such errors:
rspamd_redis_init: cannot init redis backend for BAYES_SPAM
To migrate the sqlite database, run
rspamadm statconvert --spam-db /var/lib/rspamd/bayes.spam.sqlite --ham-db /var/lib/rspamd/bayes.ham.sqlite -h 127.0.0.1:6379 --symbol-ham BAYES_HAM --symbol-spam BAYES_SPAM
The current module implements the recommended configuration that this
utility prints out.
- Move the "create password hash file from hashed password" behavior to
a separate variable, since having it in the default field of config
would always cause the warning to trigger
- Change type of hashedPassword to `nullOr str`
That's how nixpkgs-unstable is now, so to be compatible with both we
have to force that setting. Use systemd tmpfiles to provision
directory with correct owner.
- restructure rspamd config. It's nicer now, and it was getting
overridden the old way.
- "scan_mime_parts = false" apparently must be used in rspamd for ClamAV
to work
- refactor the clamav test a bit for cleanliness
- wait for rspamd and clamd sockets to open, before testing
- use clamdscan for speed, and verify that the virus was found
- verify msmtp returns virus scan result
TLSv1.0 is as deprecated as the older SSL versions, and should not be
used. I've also disabled a slew of ciphers, and hopefully this will
make us less vulnerable to downgrade attacks and similar.
SNM used to define virtual_alias_maps in extraConfig which collides with
the same parameter defined by the standard services.postfix.virtual
option. This led to *lots* of warnings during postfix startup like
```
May 02 18:29:58 nun postfix/master[24758]: warning: /etc/postfix/main.cf, line 47: overriding earlier entry: virtual_alias_maps=hash:/etc/postfix/virtual
```
Refraining from overriding virtual_alias_maps has the additional
advantage that virtual aliases defined by other modules dont' stop
working with SNM.