X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmail%2Fmilters.nix;h=16c8a7a2891e4d69f807b13958fca09e36ba288a;hb=619e4f46adc15e409122c4e0fa0e0a0b811bb32f;hp=6b033e86102c4b684c115cf11cf31e220c0c3949;hpb=ab8f306d7c2c49b8116e1af7b355ed2384617ed9;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix index 6b033e8..16c8a7a 100644 --- a/modules/private/mail/milters.nix +++ b/modules/private/mail/milters.nix @@ -12,7 +12,7 @@ milters sockets ''; }; - config = lib.mkIf config.myServices.mail.enable { + config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) { secrets.keys = [ { dest = "opendkim/eldiron.private"; @@ -34,7 +34,14 @@ user = config.services.opendmarc.user; group = config.services.opendmarc.group; permissions = "0400"; - text = config.myEnv.mail.dmarc.ignore_hosts; + text = let + mxes = lib.attrsets.filterAttrs + (n: v: v.mx.enable) + config.myEnv.servers; + in + builtins.concatStringsSep "\n" ([ + config.myEnv.mail.dmarc.ignore_hosts + ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); } ]; users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; @@ -51,8 +58,9 @@ keyPath = "${config.secrets.location}/opendkim"; selector = "eldiron"; configFile = pkgs.writeText "opendkim.conf" '' - SubDomains yes - UMask 002 + SubDomains yes + UMask 002 + AlwaysAddARHeader yes ''; group = config.services.postfix.group; }; @@ -74,14 +82,14 @@ configFile = pkgs.writeText "opendmarc.conf" '' AuthservID HOSTNAME FailureReports false - FailureReportsBcc postmaster@localhost.immae.eu + FailureReportsBcc postmaster@immae.eu FailureReportsOnNone true FailureReportsSentBy postmaster@immae.eu IgnoreAuthenticatedClients true IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} SoftwareHeader true + SPFIgnoreResults true SPFSelfValidate true - TrustedAuthservIDs HOSTNAME, immae.eu, nef2.ens.fr UMask 002 ''; group = config.services.postfix.group;