# Default values for rspamd. replicaCount: 1 image: repository: interlegis/alpine-rspamd pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 rspamd: password: apassword rateLimits: # Limit for all mail per recipient (default rate 70 per day) to: "70 / 1d" # Limit for all mail per one source ip (default rate 150 per day) toIp: "150 / 1d" # Limit for all mail per one source ip and from address (default rate 100 per day) toIpFrom: "100 / 1d" # Limit for all mail per authenticated user (default rate 100 per day) user: "100 / 1d" maxRcpt: 50 whitelisted: rcpts: "postmaster,mailer-daemon,<>" ips: - "127.0.0.1" - "192.168.0.0/16" - "172.16.0.0/12" - "10.0.0.0/8" - "[::1]/128" dkimSigning: # If false, messages with empty envelope from are not signed allow_envfrom_empty: "true" # If true, envelope/header domain mismatch is ignored allow_hdrfrom_mismatch: "false" # If true, multiple from headers are allowed (but only first is used) allow_hdrfrom_multiple: "true" # If true, username does not need to contain matching domain allow_username_mismatch: "false" # If false, messages from authenticated users are not selected for signing auth_only: "true" # Default path to key, can include 'domain' and 'selector' variables path: "/var/lib/rspamd/dkim/$domain.$selector.key" # Default selector to use selector: "dkim" # If false, messages from local networks are not selected for signing sign_local: "true" # Symbol to add when message is signed symbol: "DKIM_SIGNED" # Whether to fallback to global config try_fallback: "true" # Domain to use for DKIM signing: can be "header" or "envelope" use_domain: "header" # Whether to normalise domains to eSLD use_esld: "false" # Whether to get keys from Redis use_redis: "false" # Hash for DKIM keys in Redis key_prefix: "DKIM_KEYS" milter: headers: extended_spam_headers: "true" skip_local: "false" skip_authenticated: "false" actions: reject: 15 add_header: 6 greylist: 4 antivirus: clamav: {} workerProxy: milter: "yes" timeout: "120s" count: 4 # Spawn more processes in self-scan mode maxRetries: 5 # How many times master is queried in case of failure discardOnReject: false # Discard message instead of rejection quarantineOnReject: false # Tell MTA to quarantine rejected messages spamHeader: "X-Spam" # Use the specific spam header rejectMessage: "Spam message rejected" # Use custom rejection message service: type: ClusterIP ports: antispam: 11333 http: 11334 milter: 11332 ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 2 maxReplicas: 6 targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 nodeSelector: {} tolerations: [] affinity: {} # Redis definitions redis: image: tag: 7.0.3-debian-11-r0 pullPolicy: IfNotPresent architecture: standalone auth: enabled: true password: agoodredispassword master: persistence: enabled: true accessModes: - ReadWriteOnce size: 2Gi resources: requests: cpu: 50m memory: 150Mi limits: cpu: 800m memory: 1Gi