-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, nodes, ... }:
{
config = lib.mkIf config.myServices.mail.enable {
services.duplyBackup.profiles.mail.excludeFile = ''
)
);
};
+ sasl_access = {
+ host_sender_login = pkgs.writeText "host-sender-login"
+ (builtins.concatStringsSep "\n" (lib.flatten (lib.attrsets.mapAttrsToList
+ (n: v: (map (e: "${e} ${n}@immae.eu") v.emails)) config.myEnv.servers)));
+ host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox"
+ (builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu dummy") nodes));
+ };
in
- recipient_maps // relay_restrictions // virtual_map;
+ recipient_maps // relay_restrictions // virtual_map // sasl_access;
config = {
### postfix module overrides
readme_directory = "${pkgs.postfix}/share/postfix/doc";
)
config.myEnv.dns.masterZones
)));
- virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}";
+ virtual_mailbox_maps = "hash:/etc/postfix/host_dummy_mailboxes mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}";
dovecot_destination_recipient_limit = "1";
virtual_transport = "dovecot";
# Refuse to send e-mails with a From that is not handled
smtpd_sender_restrictions =
"reject_sender_login_mismatch,reject_unlisted_sender,permit_sasl_authenticated,reject";
- smtpd_sender_login_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_sender_login_maps"}";
+ smtpd_sender_login_maps = "hash:/etc/postfix/host_sender_login,mysql:${config.secrets.fullPaths."postfix/mysql_sender_login_maps"}";
smtpd_recipient_restrictions = "permit_sasl_authenticated,reject";
milter_macro_daemon_name = "ORIGINATING";
smtpd_milters = "unix:${config.myServices.mail.milters.sockets.opendkim}";