Add milter to verify from

[perso/Immae/Config/Nix.git] / modules / private / mail / postfix.nix

diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index d8640f8d57c66370266c48471d59446ceb9f3d67..e0347ec11a975d01e67d3da796f63bc2718c476e 100644 (file)
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -274,7 +274,7 @@
           in pkgs.writeText "host-sender-login"
             (builtins.concatStringsSep "\n" (mapAttrsToList (n: v: "${n} ${joined v}") addresses));
           host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox"
-            (builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu  dummy") nodes));
+            (builtins.concatStringsSep "\n" (["immae-eu@immae.eu dummy"] ++ lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu  dummy") nodes));
         };
       in
         recipient_maps // relay_restrictions // virtual_map // sasl_access;
@@ -377,7 +377,12 @@
         ];
         smtpd_recipient_restrictions = "permit_sasl_authenticated,reject";
         milter_macro_daemon_name = "ORIGINATING";
-        smtpd_milters = "unix:${config.myServices.mail.milters.sockets.opendkim}";
+        smtpd_milters = builtins.concatStringsSep "," [
+          # FIXME: put it back when opensmtpd is upgraded and able to
+          # rewrite the from header
+          #"unix:/run/milter_verify_from/verify_from.sock"
+          "unix:${config.myServices.mail.milters.sockets.opendkim}"
+        ];
       };
       destination = ["localhost"];
       # This needs to reverse DNS