aboutsummaryrefslogtreecommitdiff
path: root/modules/private/dns.nix
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-07-01 22:07:52 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-07-01 22:07:52 +0200
commitafcc5de071dfffdc507995d1845372ba40dc1dc2 (patch)
treec96fe6b4d915e7382316a57d0d626760a7fd2876 /modules/private/dns.nix
parent2f16a987d306cdb7bf9b4e80fa4af173373719bd (diff)
downloadNix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.gz
Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.tar.zst
Nix-afcc5de071dfffdc507995d1845372ba40dc1dc2.zip
Implement mta-sts and move mail services to specific domain
Diffstat (limited to 'modules/private/dns.nix')
-rw-r--r--modules/private/dns.nix16
1 files changed, 12 insertions, 4 deletions
diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index 6647c14..01a3cbb 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -94,10 +94,10 @@
94 ${conf.entries} 94 ${conf.entries}
95 95
96 ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then '' 96 ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then ''
97 mail IN A ${myconfig.env.servers.immaeEu.ips.main.ip4}
98 mx-1 IN A ${myconfig.env.servers.eldiron.ips.main.ip4} 97 mx-1 IN A ${myconfig.env.servers.eldiron.ips.main.ip4}
99 ${builtins.concatStringsSep "\n" (map (i: "mail IN AAAA ${i}") myconfig.env.servers.immaeEu.ips.main.ip6)} 98 mx-2 IN A ${myconfig.env.servers.immaeEu.ips.main.ip4}
100 ${builtins.concatStringsSep "\n" (map (i: "mx-1 IN AAAA ${i}") myconfig.env.servers.eldiron.ips.main.ip6)} 99 ${builtins.concatStringsSep "\n" (map (i: "mx-1 IN AAAA ${i}") myconfig.env.servers.eldiron.ips.main.ip6)}
100 ${builtins.concatStringsSep "\n" (map (i: "mx-2 IN AAAA ${i}") myconfig.env.servers.immaeEu.ips.main.ip6)}
101 ${lib.concatStringsSep "\n\n" (map (e: 101 ${lib.concatStringsSep "\n\n" (map (e:
102 let 102 let
103 n = if e.domain == "" then "@" else "${e.domain} "; 103 n = if e.domain == "" then "@" else "${e.domain} ";
@@ -105,8 +105,8 @@
105 in 105 in
106 '' 106 ''
107 ; ------------------ mail: ${n} --------------------------- 107 ; ------------------ mail: ${n} ---------------------------
108 ${n} IN MX 10 mail.${conf.name}. 108 ${n} IN MX 10 mx-1.${conf.name}.
109 ${n} IN MX 50 mx-1.${conf.name}. 109 ${n} IN MX 20 mx-2.${conf.name}.
110 110
111 ; https://tools.ietf.org/html/rfc6186 111 ; https://tools.ietf.org/html/rfc6186
112 _submission._tcp${suffix} SRV 0 1 587 smtp.immae.eu. 112 _submission._tcp${suffix} SRV 0 1 587 smtp.immae.eu.
@@ -116,6 +116,14 @@
116 _pop3s._tcp${suffix} SRV 10 1 995 pop3.immae.eu. 116 _pop3s._tcp${suffix} SRV 10 1 995 pop3.immae.eu.
117 _sieve._tcp${suffix} SRV 0 1 4190 imap.immae.eu. 117 _sieve._tcp${suffix} SRV 0 1 4190 imap.immae.eu.
118 118
119 ; MTA-STS
120 ; https://blog.delouw.ch/2018/12/16/using-mta-sts-to-enhance-email-transport-security-and-privacy/
121 ; https://support.google.com/a/answer/9261504
122 _mta-sts${suffix} IN TXT "v=STSv1;id=20190630054629Z"
123 _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu"
124 mta-sts${suffix} IN A ${myconfig.env.servers.eldiron.ips.main.ip4}
125 ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") myconfig.env.servers.eldiron.ips.main.ip6)}
126
119 ; Mail sender authentications 127 ; Mail sender authentications
120 ${n} IN TXT "v=spf1 mx ~all" 128 ${n} IN TXT "v=spf1 mx ~all"
121 _dmarc${suffix} IN TXT "v=DMARC1; p=none; adkim=r; aspf=r; fo=1; rua=mailto:postmaster+rua@immae.eu; ruf=mailto:postmaster+ruf@immae.eu;" 129 _dmarc${suffix} IN TXT "v=DMARC1; p=none; adkim=r; aspf=r; fo=1; rua=mailto:postmaster+rua@immae.eu; ruf=mailto:postmaster+ruf@immae.eu;"
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 22:53:22 +0000