|
|
|
apiVersion: v1
|
|
|
|
kind: ConfigMap
|
|
|
|
metadata:
|
|
|
|
name: {{ include "rspamd.fullname" . }}
|
|
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
|
|
labels: {{- include "rspamd.labels" . | nindent 4 }}
|
|
|
|
data:
|
|
|
|
ratelimit.conf: |-
|
|
|
|
rates {
|
|
|
|
# Limit for all mail per recipient (default rate 70 per day)
|
|
|
|
to = "{{ .Values.rspamd.rateLimits.to }}";
|
|
|
|
# Limit for all mail per one source ip (default rate 150 per day)
|
|
|
|
to_ip = "{{ .Values.rspamd.rateLimits.toIp }}";
|
|
|
|
# Limit for all mail per one source ip and from address (default rate 100 per day)
|
|
|
|
to_ip_from = "{{ .Values.rspamd.rateLimits.toIpFrom }}";
|
|
|
|
# Limit for all bounce mail (rate 2 per hour)
|
|
|
|
#bounce_to = "2 / 1h";
|
|
|
|
# Limit for bounce mail per one source ip (rate 1 per hour)
|
|
|
|
#bounce_to_ip = "1 / 1h";
|
|
|
|
# Limit for all mail per authenticated user (default rate 100 per day)
|
|
|
|
user = "{{ .Values.rspamd.rateLimits.user }}";
|
|
|
|
}
|
|
|
|
whitelisted_rcpts = "{{ .Values.rspamd.rateLimits.whitelisted.rcpts }}";
|
|
|
|
whitelisted_ip = "/etc/rspamd/local.d/ratelimit_whitelist.map";
|
|
|
|
max_rcpt = {{ .Values.rspamd.rateLimits.maxRcpt }};
|
|
|
|
ratelimit_whitelist.map: |-
|
|
|
|
{{- range .Values.rspamd.rateLimits.whitelisted.ips }}
|
|
|
|
{{ . }}
|
|
|
|
{{- end }}
|
|
|
|
redis.conf: |-
|
|
|
|
servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}";
|
|
|
|
db = "3";
|
|
|
|
password = "{{ .Values.redis.auth.password }}";
|
|
|
|
worker-proxy.inc: |-
|
|
|
|
milter = {{ .Values.rspamd.workerProxy.milter }};
|
|
|
|
bind_socket = "*:11332"
|
|
|
|
timeout = {{ .Values.rspamd.workerProxy.timeout }};
|
|
|
|
upstream "local" {
|
|
|
|
default = yes; # Self-scan upstreams are always default
|
|
|
|
self_scan = yes; # Enable self-scan
|
|
|
|
}
|
|
|
|
count = {{ .Values.rspamd.workerProxy.count }}; # Spawn more processes in self-scan mode
|
|
|
|
max_retries = {{ .Values.rspamd.workerProxy.maxRetries }}; # How many times master is queried in case of failure
|
|
|
|
discard_on_reject = {{ .Values.rspamd.workerProxy.discardOnReject }}; # Discard message instead of rejection
|
|
|
|
quarantine_on_reject = {{ .Values.rspamd.workerProxy.quarantineOnReject }}; # Tell MTA to quarantine rejected messages
|
|
|
|
spam_header = "{{ .Values.rspamd.workerProxy.spamHeader }}"; # Use the specific spam header
|
|
|
|
reject_message = "{{ .Values.rspamd.workerProxy.rejectMessage }}"; # Use custom rejection message
|
|
|
|
worker-normal.inc: |-
|
|
|
|
{{ if eq .Values.rspamd.workerProxy.milter "yes" -}}
|
|
|
|
# Disable worker-normal in Milter mode
|
|
|
|
worker "normal" {
|
|
|
|
enabled = false;
|
|
|
|
}
|
|
|
|
{{- end -}}
|