From efe77ce80634bba53856e7ddbd76f74186b0a014 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sat, 6 May 2023 11:20:12 +0200
Subject: [PATCH] mail-server: add `dmarcReporting.excludeDomains`

The option `exclude_domains` for dmarc reporting in `rspamd`[1] allows
to configure a list of domains and/or eSLDs (external effective second level
domain) to be excluded from dmarc reports.

Helpful because e.g. dmarc reports to hotmail.com always fail for me
with the following undeliverable notification:

    The recipient's mailbox is full and can't accept messages now.

[1] https://www.rspamd.com/doc/modules/dmarc.html
---
 default.nix            | 8 ++++++++
 mail-server/rspamd.nix | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/default.nix b/default.nix
index 60dbceb..4008df3 100644
--- a/default.nix
+++ b/default.nix
@@ -894,6 +894,14 @@ in
           The sender name for DMARC reports. Defaults to the organization name.
         '';
       };
+
+      excludeDomains = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = ''
+          List of domains or eSLDs to be excluded from DMARC reports.
+        '';
+      };
     };
 
     debug = mkOption {
diff --git a/mail-server/rspamd.nix b/mail-server/rspamd.nix
index 8fb9b00..fc6f4b9 100644
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@@ -74,6 +74,9 @@ in
                 org_name = "${cfg.dmarcReporting.organizationName}";
                 from_name = "${cfg.dmarcReporting.fromName}";
                 msgid_from = "dmarc-rua";
+                ${lib.optionalString (cfg.dmarcReporting.excludeDomains != []) ''
+                  exclude_domains = ${builtins.toJSON cfg.dmarcReporting.excludeDomains};
+                ''}
               }''}
           ''; };
       };