+++ /dev/null
-{ lib, pkgs, config, name, ... }:
-{
- config = lib.mkIf config.myServices.mailRelay.enable {
- secrets.keys."opensmtpd/creds" = {
- user = "smtpd";
- group = "smtpd";
- permissions = "0400";
- text = ''
- eldiron ${name}:${config.hostEnv.ldap.password}
- '';
- };
- users.users.smtpd.extraGroups = [ "keys" ];
- services.opensmtpd = {
- enable = true;
- serverConfiguration = let
- filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
- buildInputs = [ pkgs.python3 ];
- } ''
- cp ${./filter-rewrite-from.py} $out
- patchShebangs $out
- '';
- in ''
- table creds \
- "${config.secrets.fullPaths."opensmtpd/creds"}"
- # FIXME: filtering requires 6.6, uncomment following lines when
- # upgrading
- # filter "fixfrom" \
- # proc-exec "${filter-rewrite-from} ${name}@immae.eu"
- # listen on socket filter "fixfrom"
- action "relay-rewrite-from" relay \
- helo ${config.hostEnv.fqdn} \
- host smtp+tls://eldiron@eldiron.immae.eu:587 \
- auth <creds> \
- mail-from ${name}@immae.eu
- action "relay" relay \
- helo ${config.hostEnv.fqdn} \
- host smtp+tls://eldiron@eldiron.immae.eu:587 \
- auth <creds>
- match for any !mail-from "@immae.eu" action "relay-rewrite-from"
- match for any mail-from "@immae.eu" action "relay"
- '';
- };
- environment.systemPackages = [ config.services.opensmtpd.package ];
- services.mail.sendmailSetuidWrapper = {
- program = "sendmail";
- source = "${config.services.opensmtpd.package}/bin/smtpctl";
- setuid = false;
- setgid = false;
- };
- security.wrappers.mailq = {
- program = "mailq";
- source = "${config.services.opensmtpd.package}/bin/smtpctl";
- setuid = false;
- setgid = false;
- };
- };
-}