|
|
|
# Default values for rspamd.
|
|
|
|
replicaCount: 1
|
|
|
|
|
|
|
|
image:
|
|
|
|
repository: interlegis/alpine-rspamd
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
|
|
tag: ""
|
|
|
|
|
|
|
|
imagePullSecrets: []
|
|
|
|
nameOverride: ""
|
|
|
|
fullnameOverride: ""
|
|
|
|
|
|
|
|
podAnnotations: {}
|
|
|
|
|
|
|
|
podSecurityContext: {}
|
|
|
|
# fsGroup: 2000
|
|
|
|
|
|
|
|
securityContext: {}
|
|
|
|
# capabilities:
|
|
|
|
# drop:
|
|
|
|
# - ALL
|
|
|
|
# readOnlyRootFilesystem: true
|
|
|
|
# runAsNonRoot: true
|
|
|
|
# runAsUser: 1000
|
|
|
|
|
|
|
|
rspamd:
|
|
|
|
password: apassword
|
|
|
|
rateLimits:
|
|
|
|
# Limit for all mail per recipient (default rate 70 per day)
|
|
|
|
to: "70 / 1d"
|
|
|
|
# Limit for all mail per one source ip (default rate 150 per day)
|
|
|
|
toIp: "150 / 1d"
|
|
|
|
# Limit for all mail per one source ip and from address (default rate 100 per day)
|
|
|
|
toIpFrom: "100 / 1d"
|
|
|
|
# Limit for all mail per authenticated user (default rate 100 per day)
|
|
|
|
user: "100 / 1d"
|
|
|
|
maxRcpt: 50
|
|
|
|
whitelisted:
|
|
|
|
rcpts: "postmaster,mailer-daemon,<>"
|
|
|
|
ips:
|
|
|
|
- "127.0.0.1"
|
|
|
|
- "192.168.0.0/16"
|
|
|
|
- "172.16.0.0/12"
|
|
|
|
- "10.0.0.0/8"
|
|
|
|
- "[::1]/128"
|
|
|
|
dkimSigning:
|
|
|
|
# If false, messages with empty envelope from are not signed
|
|
|
|
allow_envfrom_empty: "true"
|
|
|
|
# If true, envelope/header domain mismatch is ignored
|
|
|
|
allow_hdrfrom_mismatch: "false"
|
|
|
|
# If true, multiple from headers are allowed (but only first is used)
|
|
|
|
allow_hdrfrom_multiple: "true"
|
|
|
|
# If true, username does not need to contain matching domain
|
|
|
|
allow_username_mismatch: "false"
|
|
|
|
# If false, messages from authenticated users are not selected for signing
|
|
|
|
auth_only: "true"
|
|
|
|
# Default path to key, can include 'domain' and 'selector' variables
|
|
|
|
path: "/var/lib/rspamd/dkim/$domain.$selector.key"
|
|
|
|
# Default selector to use
|
|
|
|
selector: "dkim"
|
|
|
|
# If false, messages from local networks are not selected for signing
|
|
|
|
sign_local: "true"
|
|
|
|
# Symbol to add when message is signed
|
|
|
|
symbol: "DKIM_SIGNED"
|
|
|
|
# Whether to fallback to global config
|
|
|
|
try_fallback: "true"
|
|
|
|
# Domain to use for DKIM signing: can be "header" or "envelope"
|
|
|
|
use_domain: "header"
|
|
|
|
# Whether to normalise domains to eSLD
|
|
|
|
use_esld: "false"
|
|
|
|
# Whether to get keys from Redis
|
|
|
|
use_redis: "false"
|
|
|
|
# Hash for DKIM keys in Redis
|
|
|
|
key_prefix: "DKIM_KEYS"
|
|
|
|
|
|
|
|
milter:
|
|
|
|
headers:
|
|
|
|
extended_spam_headers: "true"
|
|
|
|
skip_local: "false"
|
|
|
|
skip_authenticated: "false"
|
|
|
|
|
|
|
|
actions:
|
|
|
|
reject: 15
|
|
|
|
add_header: 6
|
|
|
|
greylist: 4
|
|
|
|
|
|
|
|
workerProxy:
|
|
|
|
milter: "yes"
|
|
|
|
timeout: "120s"
|
|
|
|
count: 4 # Spawn more processes in self-scan mode
|
|
|
|
maxRetries: 5 # How many times master is queried in case of failure
|
|
|
|
discardOnReject: false # Discard message instead of rejection
|
|
|
|
quarantineOnReject: false # Tell MTA to quarantine rejected messages
|
|
|
|
spamHeader: "X-Spam" # Use the specific spam header
|
|
|
|
rejectMessage: "Spam message rejected" # Use custom rejection message
|
|
|
|
|
|
|
|
service:
|
|
|
|
type: ClusterIP
|
|
|
|
ports:
|
|
|
|
antispam: 11333
|
|
|
|
http: 11334
|
|
|
|
milter: 11332
|
|
|
|
|
|
|
|
ingress:
|
|
|
|
enabled: false
|
|
|
|
className: ""
|
|
|
|
annotations: {}
|
|
|
|
# kubernetes.io/ingress.class: nginx
|
|
|
|
# kubernetes.io/tls-acme: "true"
|
|
|
|
hosts:
|
|
|
|
- host: chart-example.local
|
|
|
|
paths:
|
|
|
|
- path: /
|
|
|
|
pathType: ImplementationSpecific
|
|
|
|
tls: []
|
|
|
|
# - secretName: chart-example-tls
|
|
|
|
# hosts:
|
|
|
|
# - chart-example.local
|
|
|
|
|
|
|
|
resources: {}
|
|
|
|
# limits:
|
|
|
|
# cpu: 100m
|
|
|
|
# memory: 128Mi
|
|
|
|
# requests:
|
|
|
|
# cpu: 100m
|
|
|
|
# memory: 128Mi
|
|
|
|
|
|
|
|
autoscaling:
|
|
|
|
enabled: false
|
|
|
|
minReplicas: 2
|
|
|
|
maxReplicas: 6
|
|
|
|
targetCPUUtilizationPercentage: 80
|
|
|
|
# targetMemoryUtilizationPercentage: 80
|
|
|
|
|
|
|
|
nodeSelector: {}
|
|
|
|
|
|
|
|
tolerations: []
|
|
|
|
|
|
|
|
affinity: {}
|
|
|
|
|
|
|
|
# Redis definitions
|
|
|
|
redis:
|
|
|
|
image:
|
|
|
|
tag: 7.0.3-debian-11-r0
|
|
|
|
pullPolicy: IfNotPresent
|
|
|
|
architecture: standalone
|
|
|
|
auth:
|
|
|
|
enabled: true
|
|
|
|
password: agoodredispassword
|
|
|
|
master:
|
|
|
|
persistence:
|
|
|
|
enabled: true
|
|
|
|
accessModes:
|
|
|
|
- ReadWriteOnce
|
|
|
|
size: 2Gi
|
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
cpu: 50m
|
|
|
|
memory: 150Mi
|
|
|
|
limits:
|
|
|
|
cpu: 800m
|
|
|
|
memory: 1Gi
|