git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "a832becb"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "a832becb"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/logging.inc b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/logging.inc
new file mode 100644
index 0000000..64d4064
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/logging.inc
@@ -0,0 +1,5 @@
+level = "silent";
+type = "console";
+systemd = false;
+.include "$CONFDIR/logging.inc"
+.include(try=true; priority=20) "$CONFDIR/override.d/logging.custom.inc"
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/ratelimit.conf b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/ratelimit.conf
new file mode 100644
index 0000000..aec1c78
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/ratelimit.conf
@@ -0,0 +1,12 @@
+rates {
+ # Format: "1 / 1h" or "20 / 1m" etc. - global ratelimits are disabled by default
+ to = "100 / 1s";
+ to_ip = "100 / 1s";
+ to_ip_from = "100 / 1s";
+ bounce_to = "100 / 1h";
+ bounce_to_ip = "7 / 1m";
+}
+whitelisted_rcpts = "postmaster,mailer-daemon";
+max_rcpt = 25;
+custom_keywords = "/etc/rspamd/lua/ratelimit.lua";
+info_symbol = "RATELIMITED";
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-controller.inc b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-controller.inc
new file mode 100644
index 0000000..8c929b1
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-controller.inc
@@ -0,0 +1,7 @@
+bind_socket = "*:11334";
+count = 1;
+secure_ip = "127.0.0.1";
+secure_ip = "::1";
+bind_socket = "/var/lib/rspamd/rspamd.sock mode=0666 owner=nobody";
+.include(try=true; priority=10) "$CONFDIR/override.d/worker-controller-password.inc"
+.include(try=true; priority=30) "$CONFDIR/override.d/worker-controller.custom.inc"
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-fuzzy.inc b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-fuzzy.inc
new file mode 100644
index 0000000..291e615
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-fuzzy.inc
@@ -0,0 +1,12 @@
+# Socket to listen on (UDP and TCP from rspamd 1.3)
+bind_socket = "*:11445";
+allow_update = ["127.0.0.1", "::1"];
+# Number of processes to serve this storage (useful for read scaling)
+count = 1;
+# Backend ("sqlite" or "redis" - default "sqlite")
+backend = "redis";
+# Hashes storage time (3 months)
+expire = 90d;
+# Synchronize updates to the storage each minute
+sync = 1min;
+
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-normal.inc b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-normal.inc
new file mode 100644
index 0000000..c0f1fb1
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-normal.inc
@@ -0,0 +1,4 @@
+bind_socket = "*:11333";
+task_timeout = 12s;
+count = 1;
+.include(try=true; priority=30) "$CONFDIR/override.d/worker-normal.custom.inc"
diff --git a/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-proxy.inc b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-proxy.inc
new file mode 100644
index 0000000..9eb4775
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/conf/rspamd/override.d/worker-proxy.inc
@@ -0,0 +1,9 @@
+bind_socket = "rspamd:9900";
+milter = true;
+upstream "local" {
+ name = "localhost";
+ default = true;
+ hosts = "rspamd:11333"
+}
+reject_message = "This message does not meet our delivery requirements";
+.include(try=true; priority=30) "$CONFDIR/override.d/worker-proxy.custom.inc"