apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "rspamd.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "rspamd.labels" . | nindent 4 }}
data:
ratelimit.conf: |-
rates {
# Limit for all mail per recipient (default rate 70 per day)
to = "{{ .Values.rspamd.rateLimits.to }}";
# Limit for all mail per one source ip (default rate 150 per day)
to_ip = "{{ .Values.rspamd.rateLimits.toIp }}";
# Limit for all mail per one source ip and from address (default rate 100 per day)
to_ip_from = "{{ .Values.rspamd.rateLimits.toIpFrom }}";
# Limit for all bounce mail (rate 2 per hour)
#bounce_to = "2 / 1h";
# Limit for bounce mail per one source ip (rate 1 per hour)
#bounce_to_ip = "1 / 1h";
# Limit for all mail per authenticated user (default rate 100 per day)
user = "{{ .Values.rspamd.rateLimits.user }}";
}
whitelisted_rcpts = "{{ .Values.rspamd.rateLimits.whitelisted.rcpts }}";
whitelisted_ip = "/etc/rspamd/local.d/ratelimit_whitelist.map";
max_rcpt = {{ .Values.rspamd.rateLimits.maxRcpt }};
ratelimit_whitelist.map: |-
{{- range .Values.rspamd.rateLimits.whitelisted.ips }}
{{ . }}
{{- end }}
redis.conf: |-
servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}";
db = "3";
password = "{{ .Values.redis.auth.password }}";
worker-proxy.inc: |-
milter = {{ .Values.rspamd.workerProxy.milter }};
bind_socket = "*:{{ .Values.service.ports.milter }}";
timeout = {{ .Values.rspamd.workerProxy.timeout }};
upstream "local" {
default = yes; # Self-scan upstreams are always default
self_scan = yes; # Enable self-scan
}
count = {{ .Values.rspamd.workerProxy.count }}; # Spawn more processes in self-scan mode
max_retries = {{ .Values.rspamd.workerProxy.maxRetries }}; # How many times master is queried in case of failure
discard_on_reject = {{ .Values.rspamd.workerProxy.discardOnReject }}; # Discard message instead of rejection
quarantine_on_reject = {{ .Values.rspamd.workerProxy.quarantineOnReject }}; # Tell MTA to quarantine rejected messages
spam_header = "{{ .Values.rspamd.workerProxy.spamHeader }}"; # Use the specific spam header
reject_message = "{{ .Values.rspamd.workerProxy.rejectMessage }}"; # Use custom rejection message
worker-normal.inc: |-
{{ if eq .Values.rspamd.workerProxy.milter "yes" -}}
# Disable worker-normal in Milter mode
worker "normal" {
enabled = false;
}
{{- end }}
worker-controller.inc: |-
secure_ip = "127.0.0.1";
password = "{{ .Values.rspamd.password }}";
enable_password = "{{ .Values.rspamd.password }}";
dkim_signing.conf: |-
{{- range $key, $value := .Values.rspamd.dkimSigning }}
{{ if or (eq $value "true") (eq $value "false") -}}
{{ $key }} = {{ $value }};
{{- else -}}
{{ $key }} = "{{ $value }}";
{{- end -}}
{{- end }}
milter_headers.conf: |-
extended_spam_headers = {{ .Values.rspamd.milter.headers.extended_spam_headers }};
skip_local = {{ .Values.rspamd.milter.headers.skip_local }};
skip_authenticated = {{ .Values.rspamd.milter.headers.skip_authenticated }};
classifier-bayes.conf: |-
backend = "redis";
servers = "{{ printf "%s-%s" .Release.Name "redis-master" | trunc 63 | trimSuffix "-" }}:6379";
password = "{{ .Values.redis.auth.password }}";
autolearn = true
actions.conf: |-
reject = {{ .Values.rspamd.actions.reject }}; # Reject when reaching this score
add_header = {{ .Values.rspamd.actions.add_header }}; # Add header when reaching this score
greylist = {{ .Values.rspamd.actions.greylist }}; # Apply greylisting when reaching this score (will emit `soft reject action`)
antivirus.conf: |-
clamav {
{{- range $key, $value := .Values.rspamd.antivirus.clamav }}
{{ if or (eq $value "true") (eq $value "false") -}}
{{ $key }} = {{ $value }};
{{- else -}}
{{ $key }} = "{{ $value }}";
{{- end -}}
{{- end }}
}