diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 37346948b289..b02d99438de0 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -506,6 +506,12 @@ been removed. + + + The rmilter package was removed with associated module and options due deprecation by upstream developer. + Use rspamd in proxy mode instead. + + diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 1047df95cdf5..ac741caa953b 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -251,7 +251,7 @@ gale = 223; matrix-synapse = 224; rspamd = 225; - rmilter = 226; + # rmilter = 226; # unused, removed 2019-08-22 cfdyndns = 227; gammu-smsd = 228; pdnsd = 229; @@ -559,7 +559,7 @@ gale = 223; matrix-synapse = 224; rspamd = 225; - rmilter = 226; + # rmilter = 226; # unused, removed 2019-08-22 cfdyndns = 227; pdnsd = 229; octoprint = 230; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 388f4788b59e..437a118bf679 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -387,7 +387,6 @@ ./services/mail/spamassassin.nix ./services/mail/rspamd.nix ./services/mail/rss2email.nix - ./services/mail/rmilter.nix ./services/mail/roundcube.nix ./services/mail/nullmailer.nix ./services/misc/airsonic.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 65014b4beed4..348ad094e5ad 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -72,8 +72,8 @@ with lib; # PAM (mkRenamedOptionModule [ "security" "pam" "enableU2F" ] [ "security" "pam" "u2f" "enable" ]) - (mkRemovedOptionModule [ "services" "rmilter" "bindInetSockets" ] "Use services.rmilter.bindSocket.* instead") - (mkRemovedOptionModule [ "services" "rmilter" "bindUnixSockets" ] "Use services.rmilter.bindSocket.* instead") + # rmilter/rspamd + (mkRemovedOptionModule [ "services" "rmilter" ] "Use services.rspamd.* instead to set up milter service") # Xsession script (mkRenamedOptionModule [ "services" "xserver" "displayManager" "job" "logsXsession" ] [ "services" "xserver" "displayManager" "job" "logToFile" ]) diff --git a/nixos/modules/services/mail/rmilter.nix b/nixos/modules/services/mail/rmilter.nix deleted file mode 100644 index 466365b6b305..000000000000 --- a/nixos/modules/services/mail/rmilter.nix +++ /dev/null @@ -1,252 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - rspamdCfg = config.services.rspamd; - postfixCfg = config.services.postfix; - cfg = config.services.rmilter; - - inetSocket = addr: port: "inet:${addr}:${toString port}"; - unixSocket = sock: "unix:${sock}"; - - systemdSocket = if cfg.bindSocket.type == "unix" then cfg.bindSocket.path - else "${cfg.bindSocket.address}:${toString cfg.bindSocket.port}"; - rmilterSocket = if cfg.bindSocket.type == "unix" then unixSocket cfg.bindSocket.path - else inetSocket cfg.bindSocket.address cfg.bindSocket.port; - - rmilterConf = '' - pidfile = /run/rmilter/rmilter.pid; - bind_socket = ${if cfg.socketActivation then "fd:3" else rmilterSocket}; - tempdir = /tmp; - '' + (with cfg.rspamd; if enable then '' - spamd { - servers = ${concatStringsSep ", " servers}; - connect_timeout = 1s; - results_timeout = 20s; - error_time = 10; - dead_time = 300; - maxerrors = 10; - reject_message = "${rejectMessage}"; - ${optionalString (length whitelist != 0) "whitelist = ${concatStringsSep ", " whitelist};"} - - # rspamd_metric - metric for using with rspamd - # Default: "default" - rspamd_metric = "default"; - ${extraConfig} - }; - '' else "") + cfg.extraConfig; - - rmilterConfigFile = pkgs.writeText "rmilter.conf" rmilterConf; - -in - -{ - - ###### interface - - options = { - - services.rmilter = { - - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to run the rmilter daemon."; - }; - - debug = mkOption { - type = types.bool; - default = false; - description = "Whether to run the rmilter daemon in debug mode."; - }; - - user = mkOption { - type = types.string; - default = "rmilter"; - description = '' - User to use when no root privileges are required. - ''; - }; - - group = mkOption { - type = types.string; - default = "rmilter"; - description = '' - Group to use when no root privileges are required. - ''; - }; - - bindSocket.type = mkOption { - type = types.enum [ "unix" "inet" ]; - default = "unix"; - description = '' - What kind of socket rmilter should listen on. Either "unix" - for an Unix domain socket or "inet" for a TCP socket. - ''; - }; - - bindSocket.path = mkOption { - type = types.str; - default = "/run/rmilter.sock"; - description = '' - Path to Unix domain socket to listen on. - ''; - }; - - bindSocket.address = mkOption { - type = types.str; - default = "[::1]"; - example = "0.0.0.0"; - description = '' - Inet address to listen on. - ''; - }; - - bindSocket.port = mkOption { - type = types.int; - default = 11990; - description = '' - Inet port to listen on. - ''; - }; - - socketActivation = mkOption { - type = types.bool; - default = true; - description = '' - Enable systemd socket activation for rmilter. - - Disabling socket activation is not recommended when a Unix - domain socket is used and could lead to incorrect - permissions. - ''; - }; - - rspamd = { - enable = mkOption { - type = types.bool; - default = rspamdCfg.enable; - description = "Whether to use rspamd to filter mails"; - }; - - servers = mkOption { - type = types.listOf types.str; - default = ["r:/run/rspamd/rspamd.sock"]; - description = '' - Spamd socket definitions. - Is server name is prefixed with r: it is rspamd server. - ''; - }; - - whitelist = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "list of ips or nets that should be not checked with spamd"; - }; - - rejectMessage = mkOption { - type = types.str; - default = "Spam message rejected; If this is not spam contact abuse"; - description = "reject message for spam"; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Custom snippet to append to end of `spamd' section"; - }; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = "Custom snippet to append to rmilter config"; - }; - - postfix = { - enable = mkOption { - type = types.bool; - default = false; - description = "Add rmilter to postfix main.conf"; - }; - - configFragment = mkOption { - type = types.str; - description = "Addon to postfix configuration"; - default = '' - smtpd_milters = ${rmilterSocket} - milter_protocol = 6 - milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} - ''; - }; - }; - - }; - - }; - - - ###### implementation - - config = mkMerge [ - - (mkIf cfg.enable { - warnings = [ - ''`config.services.rmilter' is deprecated, `rmilter' deprecated and unsupported by upstream, and will be removed from next releases. Use built-in rspamd milter instead.'' - ]; - - users.users = singleton { - name = cfg.user; - description = "rmilter daemon"; - uid = config.ids.uids.rmilter; - group = cfg.group; - }; - - users.groups = singleton { - name = cfg.group; - gid = config.ids.gids.rmilter; - }; - - systemd.services.rmilter = { - description = "Rmilter Service"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - ExecStart = "${pkgs.rmilter}/bin/rmilter ${optionalString cfg.debug "-d"} -n -c ${rmilterConfigFile}"; - ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; - User = cfg.user; - Group = cfg.group; - PermissionsStartOnly = true; - Restart = "always"; - RuntimeDirectory = "rmilter"; - RuntimeDirectoryMode = "0750"; - }; - - }; - - systemd.sockets.rmilter = mkIf cfg.socketActivation { - description = "Rmilter service socket"; - wantedBy = [ "sockets.target" ]; - socketConfig = { - ListenStream = systemdSocket; - SocketUser = cfg.user; - SocketGroup = cfg.group; - SocketMode = "0660"; - }; - }; - }) - - (mkIf (cfg.enable && cfg.rspamd.enable && rspamdCfg.enable) { - users.users.${cfg.user}.extraGroups = [ rspamdCfg.group ]; - }) - - (mkIf (cfg.enable && cfg.postfix.enable) { - services.postfix.extraConfig = cfg.postfix.configFragment; - users.users.${postfixCfg.user}.extraGroups = [ cfg.group ]; - }) - ]; -} diff --git a/pkgs/servers/mail/rmilter/default.nix b/pkgs/servers/mail/rmilter/default.nix deleted file mode 100644 index 739270326e5b..000000000000 --- a/pkgs/servers/mail/rmilter/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ stdenv, fetchFromGitHub, cmake, bison, flex, pkgconfig, openssl, pcre -, libmilter, opendkim, libmemcached, glib }: - -let patchedLibmilter = stdenv.lib.overrideDerivation libmilter (_ : { - patches = libmilter.patches ++ [ ./fd-passing-libmilter.patch ]; -}); -in - -stdenv.mkDerivation rec { - name = "rmilter-${version}"; - version = "1.10.0"; - - src = fetchFromGitHub { - owner = "vstakhov"; - repo = "rmilter"; - rev = version; - sha256 = "1gbp6jah88l6xqgflim01ycyp63l733bgir65fxnnrmifj1qzymh"; - }; - - nativeBuildInputs = [ bison cmake flex pkgconfig ]; - buildInputs = [ libmemcached patchedLibmilter openssl pcre opendkim glib ]; - - meta = with stdenv.lib; { - homepage = https://github.com/vstakhov/rmilter; - license = licenses.asl20; - description = '' - Daemon to integrate rspamd and milter compatible MTA, for example - postfix or sendmail - ''; - maintainers = with maintainers; [ avnik fpletz ]; - platforms = with platforms; linux; - }; -} diff --git a/pkgs/servers/mail/rmilter/fd-passing-libmilter.patch b/pkgs/servers/mail/rmilter/fd-passing-libmilter.patch deleted file mode 100644 index 3ab61a6fab00..000000000000 --- a/pkgs/servers/mail/rmilter/fd-passing-libmilter.patch +++ /dev/null @@ -1,80 +0,0 @@ -Description: systemd-like socket activation support for libmilter -Author: Mikhail Gusarov {unix|local}:/path/to/file -- A named pipe. -
  • inet:port@{hostname|ip-address} -- An IPV4 socket. -
  • inet6:port@{hostname|ip-address} -- An IPV6 socket. -+
  • fd:number -- Pre-opened file descriptor. - - - -diff --git a/libmilter/listener.c b/libmilter/listener.c -index 48c552f..2249a1f 100644 ---- a/libmilter/listener.c -+++ b/libmilter/listener.c -@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, name) - L_socksize = sizeof addr.sin6; - } - #endif /* NETINET6 */ -+ else if (strcasecmp(p, "fd") == 0) -+ { -+ addr.sa.sa_family = AF_UNSPEC; -+ L_socksize = sizeof (_SOCK_ADDR); -+ } - else - { - smi_log(SMI_LOG_ERR, "%s: unknown socket type %s", -@@ -443,7 +448,21 @@ mi_milteropen(conn, backlog, rmsocket, name) - } - #endif /* NETINET || NETINET6 */ - -- sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); -+ if (addr.sa.sa_family == AF_UNSPEC) -+ { -+ char *end; -+ sock = strtol(colon, &end, 10); -+ if (*end != '\0' || sock < 0) -+ { -+ smi_log(SMI_LOG_ERR, "%s: expected positive integer as fd, got %s", name, colon); -+ return INVALID_SOCKET; -+ } -+ } -+ else -+ { -+ sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); -+ } -+ - if (!ValidSocket(sock)) - { - smi_log(SMI_LOG_ERR, -@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, name) - #if NETUNIX - addr.sa.sa_family != AF_UNIX && - #endif /* NETUNIX */ -+ addr.sa.sa_family != AF_UNSPEC && - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, - sizeof(sockopt)) == -1) - { -@@ -511,7 +531,8 @@ mi_milteropen(conn, backlog, rmsocket, name) - } - #endif /* NETUNIX */ - -- if (bind(sock, &addr.sa, L_socksize) < 0) -+ if (addr.sa.sa_family != AF_UNSPEC && -+ bind(sock, &addr.sa, L_socksize) < 0) - { - smi_log(SMI_LOG_ERR, - "%s: Unable to bind to port %s: %s", -@@ -817,7 +838,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog) - # ifdef BSD4_4_SOCKADDR - cliaddr.sa.sa_len == 0 || - # endif /* BSD4_4_SOCKADDR */ -- cliaddr.sa.sa_family != L_family)) -+ (L_family != AF_UNSPEC && cliaddr.sa.sa_family != L_family))) - { - (void) closesocket(connfd); - connfd = INVALID_SOCKET; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 5ec34dab22b1..87f41f088c74 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14793,8 +14793,6 @@ in postsrsd = callPackage ../servers/mail/postsrsd { }; - rmilter = callPackage ../servers/mail/rmilter { }; - rspamd = callPackage ../servers/mail/rspamd { }; pfixtools = callPackage ../servers/mail/postfix/pfixtools.nix {