|
|
|
apiVersion: v1
|
|
|
|
kind: ConfigMap
|
|
|
|
metadata:
|
|
|
|
name: {{ include "rspamd.fullname" . }}
|
|
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
|
|
labels: {{- include "rspamd.labels" . | nindent 4 }}
|
|
|
|
data:
|
|
|
|
ratelimit.conf: |-
|
|
|
|
rates {
|
|
|
|
# Limit for all mail per recipient (default rate 70 per day)
|
|
|
|
to = "{{ .Values.rspamd.rateLimits.to }}";
|
|
|
|
# Limit for all mail per one source ip (default rate 150 per day)
|
|
|
|
to_ip = "{{ .Values.rspamd.rateLimits.toIp }}";
|
|
|
|
# Limit for all mail per one source ip and from address (default rate 100 per day)
|
|
|
|
to_ip_from = "{{ .Values.rspamd.rateLimits.toIpFrom }}";
|
|
|
|
# Limit for all bounce mail (rate 2 per hour)
|
|
|
|
#bounce_to = "2 / 1h";
|
|
|
|
# Limit for bounce mail per one source ip (rate 1 per hour)
|
|
|
|
#bounce_to_ip = "1 / 1h";
|
|
|
|
# Limit for all mail per authenticated user (default rate 100 per day)
|
|
|
|
user = "{{ .Values.rspamd.rateLimits.user }}";
|
|
|
|
}
|
|
|
|
whitelisted_rcpts = "{{ .Values.rspamd.rateLimits.whitelisted.rcpts }}";
|
|
|
|
whitelisted_ip = "/etc/rspamd/local.d/ratelimit_whitelist.map";
|
|
|
|
max_rcpt = {{ .Values.rspamd.rateLimits.maxRcpt }};
|
|
|
|
ratelimit_whitelist.map: |-
|
|
|
|
{{- range .Values.rspamd.rateLimits.whitelisted.ips }}
|
|
|
|
{{ . }}
|
|
|
|
{{- end }}
|
|
|
|
redis.conf: |-
|
|
|
|
servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}";
|
|
|
|
db = "3";
|
|
|
|
password = "{{ .Values.redis.auth.password }}";
|
|
|
|
worker-proxy.inc: |-
|
|
|
|
milter = {{ .Values.rspamd.workerProxy.milter }};
|
|
|
|
bind_socket = "*:{{ .Values.service.ports.milter }}";
|
|
|
|
timeout = {{ .Values.rspamd.workerProxy.timeout }};
|
|
|
|
upstream "local" {
|
|
|
|
default = yes; # Self-scan upstreams are always default
|
|
|
|
self_scan = yes; # Enable self-scan
|
|
|
|
}
|
|
|
|
count = {{ .Values.rspamd.workerProxy.count }}; # Spawn more processes in self-scan mode
|
|
|
|
max_retries = {{ .Values.rspamd.workerProxy.maxRetries }}; # How many times master is queried in case of failure
|
|
|
|
discard_on_reject = {{ .Values.rspamd.workerProxy.discardOnReject }}; # Discard message instead of rejection
|
|
|
|
quarantine_on_reject = {{ .Values.rspamd.workerProxy.quarantineOnReject }}; # Tell MTA to quarantine rejected messages
|
|
|
|
spam_header = "{{ .Values.rspamd.workerProxy.spamHeader }}"; # Use the specific spam header
|
|
|
|
reject_message = "{{ .Values.rspamd.workerProxy.rejectMessage }}"; # Use custom rejection message
|
|
|
|
worker-normal.inc: |-
|
|
|
|
{{ if eq .Values.rspamd.workerProxy.milter "yes" -}}
|
|
|
|
# Disable worker-normal in Milter mode
|
|
|
|
worker "normal" {
|
|
|
|
enabled = false;
|
|
|
|
}
|
|
|
|
{{- end }}
|
|
|
|
worker-controller.inc: |-
|
|
|
|
secure_ip = "127.0.0.1";
|
|
|
|
password = "{{ .Values.rspamd.password }}";
|
|
|
|
enable_password = "{{ .Values.rspamd.password }}";
|
|
|
|
dkim_signing.conf: |-
|
|
|
|
{{- range $key, $value := .Values.rspamd.dkimSigning }}
|
|
|
|
{{ if or (eq $value "true") (eq $value "false") -}}
|
|
|
|
{{ $key }} = {{ $value }};
|
|
|
|
{{- else -}}
|
|
|
|
{{ $key }} = "{{ $value }}";
|
|
|
|
{{- end -}}
|
|
|
|
{{- end }}
|
|
|
|
milter_headers.conf: |-
|
|
|
|
extended_spam_headers = {{ .Values.rspamd.milter.headers.extended_spam_headers }};
|
|
|
|
skip_local = {{ .Values.rspamd.milter.headers.skip_local }};
|
|
|
|
skip_authenticated = {{ .Values.rspamd.milter.headers.skip_authenticated }};
|
|
|
|
classifier-bayes.conf: |-
|
|
|
|
backend = "redis";
|
|
|
|
servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}:6379";
|
|
|
|
password = "{{ .Values.redis.auth.password }}";
|
|
|
|
autolearn = true
|