···
1
+
{ config, lib, pkgs, ... }:
5
+
cfg = config.services.clamsmtp;
6
+
clamdSocket = "/run/clamav/clamd.ctl"; # See services/security/clamav.nix
11
+
services.clamsmtp = {
15
+
description = "Whether to enable clamsmtp.";
18
+
instances = mkOption {
19
+
description = "Instances of clamsmtp to run.";
20
+
type = types.listOf (types.submodule { options = {
22
+
type = types.enum [ "bounce" "drop" "pass" ];
26
+
Action to take when a virus is detected.
28
+
Note that viruses often spoof sender addresses, so bouncing is
29
+
in most cases not a good idea.
36
+
example = "X-Virus-Scanned: ClamAV using ClamSMTP";
39
+
A header to add to scanned messages. See clamsmtpd.conf(5) for
40
+
more details. Empty means no header.
44
+
keepAlives = mkOption {
49
+
Number of seconds to wait between each NOOP sent to the sending
50
+
server. 0 to disable.
52
+
This is meant for slow servers where the sending MTA times out
53
+
waiting for clamd to scan the file.
59
+
example = "127.0.0.1:10025";
62
+
Address to wait for incoming SMTP connections on. See
63
+
clamsmtpd.conf(5) for more details.
67
+
quarantine = mkOption {
72
+
Whether to quarantine files that contain viruses by leaving them
73
+
in the temporary directory.
77
+
maxConnections = mkOption {
80
+
description = "Maximum number of connections to accept at once.";
83
+
outAddress = mkOption {
87
+
Address of the SMTP server to send email to once it has been
92
+
tempDirectory = mkOption {
97
+
Temporary directory that needs to be accessible to both clamd
102
+
timeout = mkOption {
105
+
description = "Time-out for network connections.";
108
+
transparentProxy = mkOption {
111
+
description = "Enable clamsmtp's transparent proxy support.";
114
+
virusAction = mkOption {
115
+
type = with types; nullOr path;
119
+
Command to run when a virus is found. Please see VIRUS ACTION in
120
+
clamsmtpd(8) for a discussion of this option and its safe use.
124
+
xClient = mkOption {
129
+
Send the XCLIENT command to the receiving server, for forwarding
130
+
client addresses and connection information if the receiving
131
+
server supports this feature.
139
+
##### implementation
141
+
configfile = conf: pkgs.writeText "clamsmtpd.conf"
143
+
Action: ${conf.action}
144
+
ClamAddress: ${clamdSocket}
145
+
Header: ${conf.header}
146
+
KeepAlives: ${toString conf.keepAlives}
147
+
Listen: ${conf.listen}
148
+
Quarantine: ${if conf.quarantine then "on" else "off"}
149
+
MaxConnections: ${toString conf.maxConnections}
150
+
OutAddress: ${conf.outAddress}
151
+
TempDirectory: ${conf.tempDirectory}
152
+
TimeOut: ${toString conf.timeout}
153
+
TransparentProxy: ${if conf.transparentProxy then "on" else "off"}
155
+
${optionalString (conf.virusAction != null) "VirusAction: ${conf.virusAction}"}
156
+
XClient: ${if conf.xClient then "on" else "off"}
161
+
{ assertion = config.services.clamav.daemon.enable;
162
+
message = "clamsmtp requires clamav to be enabled";
166
+
systemd.services = listToAttrs (imap1 (i: conf:
167
+
nameValuePair "clamsmtp-${toString i}" {
168
+
description = "ClamSMTP instance ${toString i}";
169
+
wantedBy = [ "multi-user.target" ];
170
+
script = "exec ${pkgs.clamsmtp}/bin/clamsmtpd -f ${configfile conf}";
171
+
after = [ "clamav-daemon.service" ];
172
+
requires = [ "clamav-daemon.service" ];
173
+
serviceConfig.Type = "forking";
174
+
serviceConfig.PrivateTmp = "yes";
175
+
unitConfig.JoinsNamespaceOf = "clamav-daemon.service";
pyrox.dev