{ lib, pkgs, config, name, ... }:
{
config = lib.mkIf config.myServices.mailRelay.enable {
- secrets.keys = [
- {
- dest = "opensmtpd/creds";
- user = "smtpd";
- group = "smtpd";
- permissions = "0400";
- text = ''
- eldiron ${name}:${config.myEnv.servers."${name}".ldap.password}
- '';
- }
- ];
+ secrets.keys."opensmtpd/creds" = {
+ user = "smtpd";
+ group = "smtpd";
+ permissions = "0400";
+ text = ''
+ eldiron ${name}:${config.hostEnv.ldap.password}
+ '';
+ };
users.users.smtpd.extraGroups = [ "keys" ];
services.opensmtpd = {
enable = true;
- serverConfiguration = ''
+ serverConfiguration = let
+ filter-rewrite-from = pkgs.runCommand "filter-rewrite-from.py" {
+ buildInputs = [ pkgs.python3 ];
+ } ''
+ cp ${./filter-rewrite-from.py} $out
+ patchShebangs $out
+ '';
+ in ''
table creds \
"${config.secrets.fullPaths."opensmtpd/creds"}"
- # FIXME: filtering requires 6.6
+ # FIXME: filtering requires 6.6, uncomment following lines when
+ # upgrading
# filter "fixfrom" \
- # proc-exec "${pkgs.procmail}/bin/formail -i 'From: ${name}@immae.eu'"
+ # proc-exec "${filter-rewrite-from} ${name}@immae.eu"
+ # listen on socket filter "fixfrom"
action "relay-rewrite-from" relay \
- helo ${config.hostEnv.FQDN} \
+ helo ${config.hostEnv.fqdn} \
host smtp+tls://eldiron@eldiron.immae.eu:587 \
auth <creds> \
mail-from ${name}@immae.eu
action "relay" relay \
- helo ${config.hostEnv.FQDN} \
+ helo ${config.hostEnv.fqdn} \
host smtp+tls://eldiron@eldiron.immae.eu:587 \
auth <creds>
match for any !mail-from "@immae.eu" action "relay-rewrite-from"
projects / perso / Immae / Config / Nix.git / blobdiff