}
];
- config.networking.firewall.allowedTCPPorts = [ 25 587 ];
+ config.networking.firewall.allowedTCPPorts = [ 25 465 587 ];
config.nixpkgs.overlays = [ (self: super: {
postfix = super.postfix.override { withMySQL = true; };
};
config.services.postfix = {
mapFiles = let
- name = n: i: "relay_${n}_${toString i}";
- pair = n: i: m: lib.attrsets.nameValuePair (name n i) (
- if m.type == "hash"
- then pkgs.writeText (name n i) m.content
- else null
- );
- pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps;
- in
- lib.attrsets.filterAttrs (k: v: v != null) (
+ recipient_maps = let
+ name = n: i: "relay_${n}_${toString i}";
+ pair = n: i: m: lib.attrsets.nameValuePair (name n i) (
+ if m.type == "hash"
+ then pkgs.writeText (name n i) m.content
+ else null
+ );
+ pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps;
+ in lib.attrsets.filterAttrs (k: v: v != null) (
lib.attrsets.listToAttrs (lib.flatten (
lib.attrsets.mapAttrsToList pairs myconfig.env.mail.postfix.backup_domains
))
);
+ relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) (
+ lib.attrsets.mapAttrs' (n: v:
+ lib.attrsets.nameValuePair "recipient_access_${n}" (
+ if lib.attrsets.hasAttr "relay_restrictions" v
+ then pkgs.writeText "recipient_access_${n}" v.relay_restrictions
+ else null
+ )
+ ) myconfig.env.mail.postfix.backup_domains
+ );
+ in
+ recipient_maps // relay_restrictions;
config = {
### postfix module overrides
readme_directory = "${pkgs.postfix}/share/postfix/doc";
relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v:
lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps
) myconfig.env.mail.postfix.backup_domains);
+ smtpd_relay_restrictions = [
+ "permit_mynetworks"
+ "permit_sasl_authenticated"
+ "defer_unauth_destination"
+ ] ++ lib.flatten (lib.attrsets.mapAttrsToList (n: v:
+ if lib.attrsets.hasAttr "relay_restrictions" v
+ then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ]
+ else []
+ ) myconfig.env.mail.postfix.backup_domains);
### Additional smtpd configuration
smtpd_tls_received_header = "yes";
milter_macro_daemon_name = "ORIGINATING";
smtpd_milters = "unix:${config.myServices.mail.milters.sockets.opendkim}";
};
+ # FIXME: Mail adressed to localhost.immae.eu will still have mx-1 as
+ # prioritized MX, which provokes "mail for localhost.immae.eu loops
+ # back to myself" errors. This transport entry forces to push
+ # e-mails to its right destination.
+ transport = ''
+ localhost.immae.eu smtp:[immae.eu]:25
+ '';
destination = ["localhost"];
# This needs to reverse DNS
hostname = "eldiron.immae.eu";
sslKey = "/var/lib/acme/mail/key.pem";
recipientDelimiter = "+";
masterConfig = {
+ submissions = {
+ type = "inet";
+ private = false;
+ command = "smtpd";
+ args = ["-o" "smtpd_tls_wrappermode=yes" ] ++ (let
+ mkKeyVal = opt: val: [ "-o" (opt + "=" + val) ];
+ in lib.concatLists (lib.mapAttrsToList mkKeyVal config.services.postfix.submissionOptions)
+ );
+ };
dovecot = {
type = "unix";
privileged = true;