apiVersion: v1 kind: ConfigMap metadata: name: {{ include "rspamd.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "rspamd.labels" . | nindent 4 }} data: ratelimit.conf: |- rates { # Limit for all mail per recipient (default rate 70 per day) to = "{{ .Values.rspamd.rateLimits.to }}"; # Limit for all mail per one source ip (default rate 150 per day) to_ip = "{{ .Values.rspamd.rateLimits.toIp }}"; # Limit for all mail per one source ip and from address (default rate 100 per day) to_ip_from = "{{ .Values.rspamd.rateLimits.toIpFrom }}"; # Limit for all bounce mail (rate 2 per hour) #bounce_to = "2 / 1h"; # Limit for bounce mail per one source ip (rate 1 per hour) #bounce_to_ip = "1 / 1h"; # Limit for all mail per authenticated user (default rate 100 per day) user = "{{ .Values.rspamd.rateLimits.user }}"; } whitelisted_rcpts = "{{ .Values.rspamd.rateLimits.whitelisted.rcpts }}"; whitelisted_ip = "/etc/rspamd/local.d/ratelimit_whitelist.map"; max_rcpt = {{ .Values.rspamd.rateLimits.maxRcpt }}; ratelimit_whitelist.map: |- {{- range .Values.rspamd.rateLimits.whitelisted.ips }} {{ . }} {{- end }} redis.conf: |- servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}"; db = "3"; password = "{{ .Values.redis.auth.password }}"; worker-proxy.inc: |- milter = {{ .Values.rspamd.workerProxy.milter }}; bind_socket = "*:{{ .Values.service.ports.milter }}"; timeout = {{ .Values.rspamd.workerProxy.timeout }}; upstream "local" { default = yes; # Self-scan upstreams are always default self_scan = yes; # Enable self-scan } count = {{ .Values.rspamd.workerProxy.count }}; # Spawn more processes in self-scan mode max_retries = {{ .Values.rspamd.workerProxy.maxRetries }}; # How many times master is queried in case of failure discard_on_reject = {{ .Values.rspamd.workerProxy.discardOnReject }}; # Discard message instead of rejection quarantine_on_reject = {{ .Values.rspamd.workerProxy.quarantineOnReject }}; # Tell MTA to quarantine rejected messages spam_header = "{{ .Values.rspamd.workerProxy.spamHeader }}"; # Use the specific spam header reject_message = "{{ .Values.rspamd.workerProxy.rejectMessage }}"; # Use custom rejection message worker-normal.inc: |- {{ if eq .Values.rspamd.workerProxy.milter "yes" -}} # Disable worker-normal in Milter mode worker "normal" { enabled = false; } {{- end }} worker-controller.inc: |- secure_ip = "127.0.0.1"; password = "{{ .Values.rspamd.password }}"; enable_password = "{{ .Values.rspamd.password }}"; dkim_signing.conf: |- {{- range $key, $value := .Values.rspamd.dkimSigning }} {{ if or (eq $value "true") (eq $value "false") -}} {{ $key }} = {{ $value }}; {{- else -}} {{ $key }} = "{{ $value }}"; {{- end -}} {{- end }} milter_headers.conf: |- extended_spam_headers = {{ .Values.rspamd.milter.headers.extended_spam_headers }}; skip_local = {{ .Values.rspamd.milter.headers.skip_local }}; skip_authenticated = {{ .Values.rspamd.milter.headers.skip_authenticated }}; classifier-bayes.conf: |- backend = "redis"; servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}:6379"; password = "{{ .Values.redis.auth.password }}"; autolearn = true actions.conf: |- reject = {{ .Values.rspamd.actions.reject }}; # Reject when reaching this score add_header = {{ .Values.rspamd.actions.add_header }}; # Add header when reaching this score greylist = {{ .Values.rspamd.actions.greylist }}; # Apply greylisting when reaching this score (will emit `soft reject action`) antivirus.conf: |- clamav { {{- range $key, $value := .Values.rspamd.antivirus.clamav }} {{ if or (eq $value "true") (eq $value "false") -}} {{ $key }} = {{ $value }}; {{- else -}} {{ $key }} = "{{ $value }}"; {{- end -}} {{- end }} }