+{ lib, pkgs, config, name, ... }:
+{
+ config = lib.mkIf config.myServices.mailRelay.enable {
+ secrets.keys = [
+ {
+ dest = "opensmtpd/creds";
+ user = "smtpd";
+ group = "smtpd";
+ permissions = "0400";
+ text = ''
+ eldiron ${name}:${config.myEnv.servers."${name}".ldap.password}
+ '';
+ }
+ ];
+ users.users.smtpd.extraGroups = [ "keys" ];
+ services.opensmtpd = {
+ enable = true;
+ serverConfiguration = ''
+ table creds \
+ "${config.secrets.fullPaths."opensmtpd/creds"}"
+ # FIXME: filtering requires 6.6
+ # filter "fixfrom" \
+ # proc-exec "${pkgs.procmail}/bin/formail -i 'From: ${name}@immae.eu'"
+ action "relay-rewrite-from" relay \
+ helo ${config.hostEnv.FQDN} \
+ host smtp+tls://eldiron@eldiron.immae.eu:587 \
+ auth <creds> \
+ mail-from ${name}@immae.eu
+ action "relay" relay \
+ helo ${config.hostEnv.FQDN} \
+ host smtp+tls://eldiron@eldiron.immae.eu:587 \
+ auth <creds>
+ match for any !mail-from "@immae.eu" action "relay-rewrite-from"
+ match for any mail-from "@immae.eu" action "relay"
+ '';
+ };
+ environment.systemPackages = [ config.services.opensmtpd.package ];
+ services.mail.sendmailSetuidWrapper = {
+ program = "sendmail";
+ source = "${config.services.opensmtpd.package}/bin/smtpctl";
+ setuid = false;
+ setgid = false;
+ };
+ security.wrappers.mailq = {
+ program = "mailq";
+ source = "${config.services.opensmtpd.package}/bin/smtpctl";
+ setuid = false;
+ setgid = false;
+ };
+ };
+}