From eadf067157cf6abede47b6f45d3ee00e42edf3b7 Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Wed, 4 Oct 2023 20:55:42 +0200
Subject: [PATCH] add Rspamd for spam DKIM and DMARC

---
 infra/dns.tf                     | 15 +++++++++++++++
 nomad-job/dockermailserver.nomad | 17 +++++++++++++----
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/infra/dns.tf b/infra/dns.tf
index 8a8ce0c..e533af5 100644
--- a/infra/dns.tf
+++ b/infra/dns.tf
@@ -38,6 +38,21 @@ resource "hetznerdns_record" "spfEu" {
   type    = "TXT"
 }
 
+resource "hetznerdns_record" "dkimRecordEu" {
+  zone_id = hetznerdns_zone.externalZoneEU.id
+  name    = "mail._domainkey"
+  value   = "\"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GadPljh+zM+Hf8MAf2wyj+h9p72aBFeFaiDhnswxO68fM9Uk6XhN4s1BkHLY5AWQh0SP1JDBaFWDfJiOV/27E3qJIa4KDHPZcgxgvo+SbfgNZq5qGIhKyqAAtyg/dI8IMKVOZ5Cevdv9VFrSF84xnTmDBCrWydPyV8D5+xA/bVna/AVCAVUeXVppyMPpC0s1HpRNJ0YaY23RH1KwChxvZY+BkanELSzTA8K0ATbIzwgQaK10/lc1S6EFvaSNG8sy6EIoondl6t+uiqU3bHgAW68r8snzl2gclG+uMkjXkH7YGPJzL9Co1o1MlKOHIONz89CCe0puIH4qaCo1G6EDwIDAQAB\""
+  type    = "TXT"
+}
+
+resource "hetznerdns_record" "dmarcEU" {
+
+  zone_id = hetznerdns_zone.externalZoneEU.id
+  name = "_dmarc.ducamps.eu."
+  value = "\"v=DMARC1; p=none; rua=mailto:vincent@ducamps.eu; ruf=mailto:vincent@ducamps.eu; sp=none; ri=86400\""
+  type  = "TXT"
+}
+
 resource "hetznerdns_record" "rootalias" {
   zone_id = hetznerdns_zone.externalZone.id
   name    = "@"
diff --git a/nomad-job/dockermailserver.nomad b/nomad-job/dockermailserver.nomad
index bd720e2..4ec63c3 100644
--- a/nomad-job/dockermailserver.nomad
+++ b/nomad-job/dockermailserver.nomad
@@ -24,6 +24,9 @@ job "dockermailserver" {
       port "esmtp" {
         to = 465
       }
+      port "rspamd" {
+        to = 11334
+      }
     }
     service {
       name = "smtp"
@@ -34,7 +37,7 @@ job "dockermailserver" {
         "traefik.tcp.routers.smtp.entrypoints=smtp",
         "traefik.tcp.routers.smtp.rule=HostSNI(`*`)",
         "traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=1",
-    ]
+      ]
       check {
         name     = "smtp_probe"
         type     = "tcp"
@@ -95,7 +98,7 @@ job "dockermailserver" {
       driver = "docker"
       config {
         image = "ghcr.io/docker-mailserver/docker-mailserver:edge"
-        ports = ["smtp", "esmtp", "imap"]
+        ports = ["smtp", "esmtp", "imap","rspamd"]
         volumes = [
           "/mnt/diskstation/nomad/dms/mail-data:/var/mail",
           "/mnt/diskstation/nomad/dms/mail-state:/var/mail-state",
@@ -114,8 +117,14 @@ job "dockermailserver" {
         DMS_VMAIL_UID = 1000000
         DMS_VMAIL_GID = 100
         SSL_TYPE= "letsencrypt"
-        SSL_DOMAIN= "mail.ducamps.eu"
         LOG_LEVEL="info"
+        POSTMASTER_ADDRESS="vincent@ducamps.eu"
+        ENABLE_RSPAMD=1
+        ENABLE_OPENDKIM=0
+        ENABLE_OPENDMARC=0
+        ENABLE_POLICYD_SPF=0
+        RSPAMD_CHECK_AUTHENTICATED=1
+
       }
       template {
         data        = <<EOH
@@ -153,7 +162,7 @@ service imap-login {
         destination = "local/dovecot.cf"
       }
       resources {
-        memory = 300
+        memory = 1000
       }
     }