From 28fc91f5f35ae66ca07733bd0a722900336abf6d Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Sun, 15 Oct 2023 23:25:36 +0200
Subject: [PATCH] rspamd: add rate limiting

---
 cmdeploy/src/cmdeploy/__init__.py           | 10 ++++++++++
 cmdeploy/src/cmdeploy/rspamd/ratelimit.conf |  9 +++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 cmdeploy/src/cmdeploy/rspamd/ratelimit.conf

diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py
index 6cd991c..06401b4 100644
--- a/cmdeploy/src/cmdeploy/__init__.py
+++ b/cmdeploy/src/cmdeploy/__init__.py
@@ -416,6 +416,16 @@ def _configure_rspamd(dkim_selector: str, mail_domain: str) -> bool:
     )
     need_restart |= hfilter.changed
 
+    ratelimit_conf = files.put(
+        name="enable rate limiting",
+        src=importlib.resources.files(__package__).joinpath("rspamd/ratelimit.conf"),
+        dest="/etc/rspamd/local.d/ratelimit.conf",
+        user="root",
+        group="root",
+        mode="644",
+    )
+    need_restart |= ratelimit_conf.changed
+
     dkim_directory = "/var/lib/rspamd/dkim/"
     dkim_key_path = f"{dkim_directory}{mail_domain}.{dkim_selector}.key"
 
diff --git a/cmdeploy/src/cmdeploy/rspamd/ratelimit.conf b/cmdeploy/src/cmdeploy/rspamd/ratelimit.conf
new file mode 100644
index 0000000..fe6bb18
--- /dev/null
+++ b/cmdeploy/src/cmdeploy/rspamd/ratelimit.conf
@@ -0,0 +1,9 @@
+rates {
+    user = {
+        bucket = {
+            burst = 110;
+            rate = "90 / 1min";
+        }
+    }
+}
+whitelisted_user = "/etc/rspamd/local.d/whitelisted_users_ratelimit.map"