};
config.services.postfix = {
mapFiles = let
- name = n: i: "relay_${n}_${toString i}";
- pair = n: i: m: lib.attrsets.nameValuePair (name n i) (
- if m.type == "hash"
- then pkgs.writeText (name n i) m.content
- else null
- );
- pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps;
- in
- lib.attrsets.filterAttrs (k: v: v != null) (
+ recipient_maps = let
+ name = n: i: "relay_${n}_${toString i}";
+ pair = n: i: m: lib.attrsets.nameValuePair (name n i) (
+ if m.type == "hash"
+ then pkgs.writeText (name n i) m.content
+ else null
+ );
+ pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps;
+ in lib.attrsets.filterAttrs (k: v: v != null) (
lib.attrsets.listToAttrs (lib.flatten (
lib.attrsets.mapAttrsToList pairs myconfig.env.mail.postfix.backup_domains
))
);
+ relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) (
+ lib.attrsets.mapAttrs' (n: v:
+ lib.attrsets.nameValuePair "recipient_access_${n}" (
+ if lib.attrsets.hasAttr "relay_restrictions" v
+ then pkgs.writeText "recipient_access_${n}" v.relay_restrictions
+ else null
+ )
+ ) myconfig.env.mail.postfix.backup_domains
+ );
+ in
+ recipient_maps // relay_restrictions;
config = {
### postfix module overrides
readme_directory = "${pkgs.postfix}/share/postfix/doc";
relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v:
lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps
) myconfig.env.mail.postfix.backup_domains);
+ smtpd_relay_restrictions = [
+ "permit_mynetworks"
+ "permit_sasl_authenticated"
+ "defer_unauth_destination"
+ ] ++ lib.flatten (lib.attrsets.mapAttrsToList (n: v:
+ if lib.attrsets.hasAttr "relay_restrictions" v
+ then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ]
+ else []
+ ) myconfig.env.mail.postfix.backup_domains);
### Additional smtpd configuration
smtpd_tls_received_header = "yes";