]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, nodes, ... }: | |
2 | { | |
3 | config = lib.mkIf config.myServices.mail.enable { | |
4 | services.duplyBackup.profiles.mail.excludeFile = '' | |
5 | + /var/lib/postfix | |
6 | ''; | |
7 | secrets.keys = { | |
8 | "postfix/mysql_alias_maps" = { | |
9 | user = config.services.postfix.user; | |
10 | group = config.services.postfix.group; | |
11 | permissions = "0440"; | |
12 | text = '' | |
13 | # We need to specify that option to trigger ssl connection | |
14 | tls_ciphers = TLSv1.2 | |
15 | user = ${config.myEnv.mail.postfix.mysql.user} | |
16 | password = ${config.myEnv.mail.postfix.mysql.password} | |
17 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} | |
18 | dbname = ${config.myEnv.mail.postfix.mysql.database} | |
19 | query = SELECT DISTINCT destination | |
20 | FROM forwardings | |
21 | WHERE | |
22 | ((regex = 1 AND '%s' REGEXP CONCAT('^',source,'$') ) OR (regex = 0 AND source = '%s')) | |
23 | AND active = 1 | |
24 | AND '%s' NOT IN | |
25 | ( | |
26 | SELECT source | |
27 | FROM forwardings_blacklisted | |
28 | WHERE source = '%s' | |
29 | ) UNION | |
30 | SELECT 'devnull@immae.eu' | |
31 | FROM forwardings_blacklisted | |
32 | WHERE source = '%s' | |
33 | ''; | |
34 | }; | |
35 | "postfix/ldap_mailboxes" = { | |
36 | user = config.services.postfix.user; | |
37 | group = config.services.postfix.group; | |
38 | permissions = "0440"; | |
39 | text = '' | |
40 | server_host = ldaps://${config.myEnv.mail.dovecot.ldap.host}:636 | |
41 | search_base = ${config.myEnv.mail.dovecot.ldap.base} | |
42 | query_filter = ${config.myEnv.mail.dovecot.ldap.postfix_mailbox_filter} | |
43 | bind_dn = ${config.myEnv.mail.dovecot.ldap.dn} | |
44 | bind_pw = ${config.myEnv.mail.dovecot.ldap.password} | |
45 | result_attribute = immaePostfixAddress | |
46 | result_format = dummy | |
47 | version = 3 | |
48 | ''; | |
49 | }; | |
50 | "postfix/mysql_sender_login_maps" = { | |
51 | user = config.services.postfix.user; | |
52 | group = config.services.postfix.group; | |
53 | permissions = "0440"; | |
54 | text = '' | |
55 | # We need to specify that option to trigger ssl connection | |
56 | tls_ciphers = TLSv1.2 | |
57 | user = ${config.myEnv.mail.postfix.mysql.user} | |
58 | password = ${config.myEnv.mail.postfix.mysql.password} | |
59 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} | |
60 | dbname = ${config.myEnv.mail.postfix.mysql.database} | |
61 | query = SELECT DISTINCT destination | |
62 | FROM forwardings | |
63 | WHERE | |
64 | ( | |
65 | (regex = 1 AND CONCAT(SUBSTRING_INDEX('%u', '+', 1), '@%d') REGEXP CONCAT('^',source,'$') ) | |
66 | OR | |
67 | (regex = 0 AND source = CONCAT(SUBSTRING_INDEX('%u', '+', 1), '@%d')) | |
68 | ) | |
69 | AND active = 1 | |
70 | UNION SELECT CONCAT(SUBSTRING_INDEX('%u', '+', 1), '@%d') AS destination | |
71 | ''; | |
72 | }; | |
73 | "postfix/mysql_sender_relays_maps" = { | |
74 | user = config.services.postfix.user; | |
75 | group = config.services.postfix.group; | |
76 | permissions = "0440"; | |
77 | text = '' | |
78 | # We need to specify that option to trigger ssl connection | |
79 | tls_ciphers = TLSv1.2 | |
80 | user = ${config.myEnv.mail.postfix.mysql.user} | |
81 | password = ${config.myEnv.mail.postfix.mysql.password} | |
82 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} | |
83 | dbname = ${config.myEnv.mail.postfix.mysql.database} | |
84 | # INSERT INTO sender_relays | |
85 | # (`from`, owner, relay, login, password, regex, active) | |
86 | # VALUES | |
87 | # ( 'sender@otherhost.org' | |
88 | # , 'me@mail.immae.eu' | |
89 | # , '[otherhost.org]:587' | |
90 | # , 'otherhostlogin' | |
91 | # , AES_ENCRYPT('otherhostpassword', '${config.myEnv.mail.postfix.mysql.password_encrypt}') | |
92 | # , '0' | |
93 | # , '1'); | |
94 | ||
95 | query = SELECT DISTINCT `owner` | |
96 | FROM sender_relays | |
97 | WHERE | |
98 | ((regex = 1 AND '%s' REGEXP CONCAT('^',`from`,'$') ) OR (regex = 0 AND `from` = '%s')) | |
99 | AND active = 1 | |
100 | ''; | |
101 | }; | |
102 | "postfix/mysql_sender_relays_hosts" = { | |
103 | user = config.services.postfix.user; | |
104 | group = config.services.postfix.group; | |
105 | permissions = "0440"; | |
106 | text = '' | |
107 | # We need to specify that option to trigger ssl connection | |
108 | tls_ciphers = TLSv1.2 | |
109 | user = ${config.myEnv.mail.postfix.mysql.user} | |
110 | password = ${config.myEnv.mail.postfix.mysql.password} | |
111 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} | |
112 | dbname = ${config.myEnv.mail.postfix.mysql.database} | |
113 | ||
114 | query = SELECT DISTINCT relay | |
115 | FROM sender_relays | |
116 | WHERE | |
117 | ((regex = 1 AND '%s' REGEXP CONCAT('^',`from`,'$') ) OR (regex = 0 AND `from` = '%s')) | |
118 | AND active = 1 | |
119 | ''; | |
120 | }; | |
121 | "postfix/mysql_sender_relays_creds" = { | |
122 | user = config.services.postfix.user; | |
123 | group = config.services.postfix.group; | |
124 | permissions = "0440"; | |
125 | text = '' | |
126 | # We need to specify that option to trigger ssl connection | |
127 | tls_ciphers = TLSv1.2 | |
128 | user = ${config.myEnv.mail.postfix.mysql.user} | |
129 | password = ${config.myEnv.mail.postfix.mysql.password} | |
130 | hosts = unix:${config.myEnv.mail.postfix.mysql.socket} | |
131 | dbname = ${config.myEnv.mail.postfix.mysql.database} | |
132 | ||
133 | query = SELECT DISTINCT CONCAT(`login`, ':', AES_DECRYPT(`password`, '${config.myEnv.mail.postfix.mysql.password_encrypt}')) | |
134 | FROM sender_relays | |
135 | WHERE | |
136 | ((regex = 1 AND '%s' REGEXP CONCAT('^',`from`,'$') ) OR (regex = 0 AND `from` = '%s')) | |
137 | AND active = 1 | |
138 | ''; | |
139 | }; | |
140 | "postfix/ldap_ejabberd_users_immae_fr" = { | |
141 | user = config.services.postfix.user; | |
142 | group = config.services.postfix.group; | |
143 | permissions = "0440"; | |
144 | text = '' | |
145 | server_host = ldaps://${config.myEnv.jabber.ldap.host}:636 | |
146 | search_base = ${config.myEnv.jabber.ldap.base} | |
147 | query_filter = ${config.myEnv.jabber.postfix_user_filter} | |
148 | domain = immae.fr | |
149 | bind_dn = ${config.myEnv.jabber.ldap.dn} | |
150 | bind_pw = ${config.myEnv.jabber.ldap.password} | |
151 | result_attribute = immaeXmppUid | |
152 | result_format = ejabberd@localhost | |
153 | version = 3 | |
154 | ''; | |
155 | }; | |
156 | } // lib.mapAttrs' (name: v: lib.nameValuePair "postfix/scripts/${name}-env" { | |
157 | user = "postfixscripts"; | |
158 | group = "root"; | |
159 | permissions = "0400"; | |
160 | text = builtins.toJSON v.env; | |
161 | }) config.myEnv.mail.scripts; | |
162 | ||
163 | networking.firewall.allowedTCPPorts = [ 25 465 587 ]; | |
164 | ||
165 | users.users.postfixscripts = { | |
166 | group = "keys"; | |
167 | uid = config.ids.uids.postfixscripts; | |
168 | description = "Postfix scripts user"; | |
169 | }; | |
170 | users.users."${config.services.postfix.user}".extraGroups = [ "keys" ]; | |
171 | services.filesWatcher.postfix = { | |
172 | restart = true; | |
173 | paths = [ | |
174 | config.secrets.fullPaths."postfix/mysql_alias_maps" | |
175 | config.secrets.fullPaths."postfix/ldap_mailboxes" | |
176 | config.secrets.fullPaths."postfix/mysql_sender_login_maps" | |
177 | config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr" | |
178 | ]; | |
179 | }; | |
180 | services.postfix = { | |
181 | extraAliases = let | |
182 | toScript = name: script: pkgs.writeScript name '' | |
183 | #! ${pkgs.stdenv.shell} | |
184 | mail=$(${pkgs.coreutils}/bin/cat -) | |
185 | output=$(echo "$mail" | ${script} 2>&1) | |
186 | ret=$? | |
187 | ||
188 | if [ "$ret" != "0" ]; then | |
189 | echo "$mail" \ | |
190 | | ${pkgs.procmail}/bin/formail -i "X-Return-Code: $ret" \ | |
191 | | /run/wrappers/bin/sendmail -i scripts_error+${name}@mail.immae.eu | |
192 | ||
193 | messageId=$(echo "$mail" | ${pkgs.procmail}/bin/formail -x "Message-Id:") | |
194 | repeat=$(echo "$mail" | ${pkgs.procmail}/bin/formail -X "From:" -X "Received:") | |
195 | ||
196 | ${pkgs.coreutils}/bin/cat <<EOF | /run/wrappers/bin/sendmail -i scripts_error+${name}@mail.immae.eu | |
197 | $repeat | |
198 | To: scripts_error+${name}@mail.immae.eu | |
199 | Subject: Log from script error | |
200 | Content-Type: text/plain; charset="UTF-8" | |
201 | Content-Transfer-Encoding: 8bit | |
202 | References:$messageId | |
203 | MIME-Version: 1.0 | |
204 | X-Return-Code: $ret | |
205 | ||
206 | Error code: $ret | |
207 | Output of message: | |
208 | -------------- | |
209 | $output | |
210 | -------------- | |
211 | EOF | |
212 | fi | |
213 | ''; | |
214 | scripts = lib.attrsets.mapAttrs (n: v: | |
215 | toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = config.secrets.fullPaths."postfix/scripts/${n}-env"; }) | |
216 | ) config.myEnv.mail.scripts // { | |
217 | testmail = pkgs.writeScript "testmail" '' | |
218 | #! ${pkgs.stdenv.shell} | |
219 | ${pkgs.coreutils}/bin/touch \ | |
220 | "/var/lib/naemon/checks/email/$(${pkgs.procmail}/bin/formail -x To: | ${pkgs.coreutils}/bin/tr -d ' <>')" | |
221 | ''; | |
222 | }; | |
223 | in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts); | |
224 | mapFiles = let | |
225 | recipient_maps = let | |
226 | name = n: i: "relay_${n}_${toString i}"; | |
227 | pair = n: i: m: lib.attrsets.nameValuePair (name n i) ( | |
228 | if m.type == "hash" | |
229 | then pkgs.writeText (name n i) m.content | |
230 | else null | |
231 | ); | |
232 | pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; | |
233 | in lib.attrsets.filterAttrs (k: v: v != null) ( | |
234 | lib.attrsets.listToAttrs (lib.flatten ( | |
235 | lib.attrsets.mapAttrsToList pairs config.myEnv.mail.postfix.backup_domains | |
236 | )) | |
237 | ); | |
238 | relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( | |
239 | lib.attrsets.mapAttrs' (n: v: | |
240 | lib.attrsets.nameValuePair "recipient_access_${n}" ( | |
241 | if lib.attrsets.hasAttr "relay_restrictions" v | |
242 | then pkgs.writeText "recipient_access_${n}" v.relay_restrictions | |
243 | else null | |
244 | ) | |
245 | ) config.myEnv.mail.postfix.backup_domains | |
246 | ); | |
247 | virtual_map = { | |
248 | virtual = let | |
249 | cfg = config.myEnv.monitoring.email_check.eldiron; | |
250 | address = "${cfg.mail_address}@${cfg.mail_domain}"; | |
251 | in pkgs.writeText "postfix-virtual" ( | |
252 | builtins.concatStringsSep "\n" ( | |
253 | ["${address} testmail@localhost"] ++ | |
254 | lib.attrsets.mapAttrsToList ( | |
255 | n: v: lib.optionalString v.external '' | |
256 | script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu | |
257 | '' | |
258 | ) config.myEnv.mail.scripts | |
259 | ) | |
260 | ); | |
261 | }; | |
262 | sasl_access = { | |
263 | host_sender_login = with lib.attrsets; let | |
264 | addresses = zipAttrs (lib.flatten (mapAttrsToList | |
265 | (n: v: (map (e: { "${e}" = "${n}@immae.eu"; }) v.emails)) config.myEnv.servers)); | |
266 | joined = builtins.concatStringsSep ","; | |
267 | in pkgs.writeText "host-sender-login" | |
268 | (builtins.concatStringsSep "\n" (mapAttrsToList (n: v: "${n} ${joined v}") addresses)); | |
269 | }; | |
270 | in | |
271 | recipient_maps // relay_restrictions // virtual_map // sasl_access; | |
272 | config = { | |
273 | ### postfix module overrides | |
274 | readme_directory = "${pkgs.postfix}/share/postfix/doc"; | |
275 | smtp_tls_CAfile = lib.mkForce ""; | |
276 | smtp_tls_cert_file = lib.mkForce ""; | |
277 | smtp_tls_key_file = lib.mkForce ""; | |
278 | ||
279 | message_size_limit = "1073741824"; # Don't put 0 here, it's not equivalent to "unlimited" | |
280 | mailbox_size_limit = "1073741825"; # Workaround, local delivered mails should all go through scripts | |
281 | alias_database = "\$alias_maps"; | |
282 | ||
283 | ### Aliases scripts user | |
284 | default_privs = "postfixscripts"; | |
285 | ||
286 | ### Virtual mailboxes config | |
287 | virtual_alias_maps = [ | |
288 | "hash:/etc/postfix/virtual" | |
289 | "mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}" | |
290 | "ldap:${config.secrets.fullPaths."postfix/ldap_ejabberd_users_immae_fr"}" | |
291 | ]; | |
292 | virtual_mailbox_domains = config.myEnv.mail.postfix.additional_mailbox_domains | |
293 | ++ lib.remove null (lib.flatten (map | |
294 | (zone: map | |
295 | (e: if e.receive | |
296 | then "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}" | |
297 | else null | |
298 | ) | |
299 | (zone.withEmail or []) | |
300 | ) | |
301 | config.myEnv.dns.masterZones | |
302 | )); | |
303 | virtual_mailbox_maps = [ | |
304 | "ldap:${config.secrets.fullPaths."postfix/ldap_mailboxes"}" | |
305 | ]; | |
306 | dovecot_destination_recipient_limit = "1"; | |
307 | virtual_transport = "dovecot"; | |
308 | ||
309 | ### Relay domains | |
310 | relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) config.myEnv.mail.postfix.backup_domains); | |
311 | relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v: | |
312 | lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps | |
313 | ) config.myEnv.mail.postfix.backup_domains); | |
314 | smtpd_relay_restrictions = [ | |
315 | "defer_unauth_destination" | |
316 | ] ++ lib.flatten (lib.attrsets.mapAttrsToList (n: v: | |
317 | if lib.attrsets.hasAttr "relay_restrictions" v | |
318 | then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] | |
319 | else [] | |
320 | ) config.myEnv.mail.postfix.backup_domains); | |
321 | ||
322 | ### Additional smtpd configuration | |
323 | smtpd_tls_received_header = "yes"; | |
324 | smtpd_tls_loglevel = "1"; | |
325 | ||
326 | ### Email sending configuration | |
327 | smtp_tls_security_level = "may"; | |
328 | smtp_tls_loglevel = "1"; | |
329 | ||
330 | ### Force ip bind for smtp | |
331 | smtp_bind_address = config.hostEnv.ips.main.ip4; | |
332 | smtp_bind_address6 = builtins.head config.hostEnv.ips.main.ip6; | |
333 | ||
334 | # Use some relays when authorized senders are not myself | |
335 | smtp_sasl_mechanism_filter = "plain,login"; # GSSAPI Not correctly supported by postfix | |
336 | smtp_sasl_auth_enable = "yes"; | |
337 | smtp_sasl_password_maps = | |
338 | "mysql:${config.secrets.fullPaths."postfix/mysql_sender_relays_creds"}"; | |
339 | smtp_sasl_security_options = "noanonymous"; | |
340 | smtp_sender_dependent_authentication = "yes"; | |
341 | sender_dependent_relayhost_maps = | |
342 | "mysql:${config.secrets.fullPaths."postfix/mysql_sender_relays_hosts"}"; | |
343 | ||
344 | ### opendkim, opendmarc, openarc milters | |
345 | non_smtpd_milters = [ | |
346 | "unix:${config.myServices.mail.milters.sockets.opendkim}" | |
347 | ]; | |
348 | smtpd_milters = [ | |
349 | "unix:${config.myServices.mail.milters.sockets.opendkim}" | |
350 | "unix:${config.myServices.mail.milters.sockets.openarc}" | |
351 | "unix:${config.myServices.mail.milters.sockets.opendmarc}" | |
352 | ]; | |
353 | ||
354 | smtp_use_tls = true; | |
355 | smtpd_use_tls = true; | |
356 | smtpd_tls_chain_files = builtins.concatStringsSep "," [ "/var/lib/acme/mail/full.pem" "/var/lib/acme/mail-rsa/full.pem" ]; | |
357 | ||
358 | maximal_queue_lifetime = "6w"; | |
359 | bounce_queue_lifetime = "6w"; | |
360 | }; | |
361 | enable = true; | |
362 | enableSmtp = true; | |
363 | enableSubmission = true; | |
364 | submissionOptions = { | |
365 | # Don’t use "long form", only commas (cf | |
366 | # http://www.postfix.org/master.5.html long form is not handled | |
367 | # well by the submission function) | |
368 | smtpd_tls_security_level = "encrypt"; | |
369 | smtpd_sasl_auth_enable = "yes"; | |
370 | smtpd_tls_auth_only = "yes"; | |
371 | smtpd_sasl_tls_security_options = "noanonymous"; | |
372 | smtpd_sasl_type = "dovecot"; | |
373 | smtpd_sasl_path = "private/auth"; | |
374 | smtpd_reject_unlisted_recipient = "no"; | |
375 | smtpd_client_restrictions = "permit_sasl_authenticated,reject"; | |
376 | smtpd_relay_restrictions = "permit_sasl_authenticated,reject"; | |
377 | # Refuse to send e-mails with a From that is not handled | |
378 | smtpd_sender_restrictions = | |
379 | "reject_sender_login_mismatch,reject_unlisted_sender,permit_sasl_authenticated,reject"; | |
380 | smtpd_sender_login_maps = builtins.concatStringsSep "," [ | |
381 | "hash:/etc/postfix/host_sender_login" | |
382 | "mysql:${config.secrets.fullPaths."postfix/mysql_sender_relays_maps"}" | |
383 | "mysql:${config.secrets.fullPaths."postfix/mysql_sender_login_maps"}" | |
384 | ]; | |
385 | smtpd_recipient_restrictions = "permit_sasl_authenticated,reject"; | |
386 | milter_macro_daemon_name = "ORIGINATING"; | |
387 | smtpd_milters = builtins.concatStringsSep "," [ | |
388 | # FIXME: put it back when opensmtpd is upgraded and able to | |
389 | # rewrite the from header | |
390 | #"unix:/run/milter_verify_from/verify_from.sock" | |
391 | "unix:${config.myServices.mail.milters.sockets.opendkim}" | |
392 | ]; | |
393 | }; | |
394 | destination = ["localhost"]; | |
395 | # This needs to reverse DNS | |
396 | hostname = config.hostEnv.fqdn; | |
397 | setSendmail = true; | |
398 | recipientDelimiter = "+"; | |
399 | masterConfig = { | |
400 | submissions = { | |
401 | type = "inet"; | |
402 | private = false; | |
403 | command = "smtpd"; | |
404 | args = ["-o" "smtpd_tls_wrappermode=yes" ] ++ (let | |
405 | mkKeyVal = opt: val: [ "-o" (opt + "=" + val) ]; | |
406 | in lib.concatLists (lib.mapAttrsToList mkKeyVal config.services.postfix.submissionOptions) | |
407 | ); | |
408 | }; | |
409 | dovecot = { | |
410 | type = "unix"; | |
411 | privileged = true; | |
412 | chroot = false; | |
413 | command = "pipe"; | |
414 | args = let | |
415 | # rspamd could be used as a milter, but then it cannot apply | |
416 | # its checks "per user" (milter is not yet dispatched to | |
417 | # users), so we wrap dovecot-lda inside rspamc per recipient | |
418 | # here. | |
419 | rspamc_dovecot = pkgs.writeScriptBin "rspamc_dovecot" '' | |
420 | #! ${pkgs.stdenv.shell} | |
421 | sender="$1" | |
422 | original_recipient="$2" | |
423 | user="$3" | |
424 | ||
425 | ${pkgs.coreutils}/bin/cat - | \ | |
426 | (${pkgs.rspamd}/bin/rspamc -h ${config.myServices.mail.rspamd.sockets.worker-controller} -c bayes -d "$user" --mime || true) | \ | |
427 | ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$sender" -a "$original_recipient" -d "$user" | |
428 | ''; | |
429 | in [ | |
430 | "flags=ODRhu" "user=vhost:vhost" | |
431 | "argv=${rspamc_dovecot}/bin/rspamc_dovecot \${sender} \${original_recipient} \${user}@\${nexthop}" | |
432 | ]; | |
433 | }; | |
434 | }; | |
435 | }; | |
436 | security.acme.certs."mail" = { | |
437 | postRun = '' | |
438 | systemctl restart postfix.service | |
439 | ''; | |
440 | extraDomains = { | |
441 | "smtp.immae.eu" = null; | |
442 | }; | |
443 | }; | |
444 | security.acme.certs."mail-rsa" = { | |
445 | postRun = '' | |
446 | systemctl restart postfix.service | |
447 | ''; | |
448 | extraDomains = { | |
449 | "smtp.immae.eu" = null; | |
450 | }; | |
451 | }; | |
452 | system.activationScripts.testmail = { | |
453 | deps = [ "users" ]; | |
454 | text = let | |
455 | allCfg = config.myEnv.monitoring.email_check; | |
456 | cfg = allCfg.eldiron; | |
457 | reverseTargets = builtins.attrNames (lib.attrsets.filterAttrs (k: v: builtins.elem "eldiron" v.targets) allCfg); | |
458 | to_email = cfg': host': | |
459 | let sep = if lib.strings.hasInfix "+" cfg'.mail_address then "_" else "+"; | |
460 | in "${cfg'.mail_address}${sep}${host'}@${cfg'.mail_domain}"; | |
461 | mails_to_receive = builtins.concatStringsSep " " (map (to_email cfg) reverseTargets); | |
462 | in '' | |
463 | install -m 0555 -o postfixscripts -g keys -d /var/lib/naemon/checks/email | |
464 | for f in ${mails_to_receive}; do | |
465 | if [ ! -f /var/lib/naemon/checks/email/$f ]; then | |
466 | install -m 0644 -o postfixscripts -g keys /dev/null -T /var/lib/naemon/checks/email/$f | |
467 | touch -m -d @0 /var/lib/naemon/checks/email/$f | |
468 | fi | |
469 | done | |
470 | ''; | |
471 | }; | |
472 | systemd.services.postfix.serviceConfig.Slice = "mail.slice"; | |
473 | }; | |
474 | } |