diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-01-05 17:29:17 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-01-05 17:29:17 +0100 |
commit | deca5e9bf0cfd02c52c39e051753aeb9640a66f3 (patch) | |
tree | f95a7a75917e097166f7db4d6ca67caea7f2e687 /modules/private/mail/postfix.nix | |
parent | 6e9f30f4c63fddc5ce886b26b7e4e9ca23a93111 (diff) | |
download | Nix-deca5e9bf0cfd02c52c39e051753aeb9640a66f3.tar.gz Nix-deca5e9bf0cfd02c52c39e051753aeb9640a66f3.tar.zst Nix-deca5e9bf0cfd02c52c39e051753aeb9640a66f3.zip |
Change mail relay to opensmtpd
Diffstat (limited to 'modules/private/mail/postfix.nix')
-rw-r--r-- | modules/private/mail/postfix.nix | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix index 9c4b87c..a31841f 100644 --- a/modules/private/mail/postfix.nix +++ b/modules/private/mail/postfix.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, nodes, ... }: |
2 | { | 2 | { |
3 | config = lib.mkIf config.myServices.mail.enable { | 3 | config = lib.mkIf config.myServices.mail.enable { |
4 | services.duplyBackup.profiles.mail.excludeFile = '' | 4 | services.duplyBackup.profiles.mail.excludeFile = '' |
@@ -186,8 +186,15 @@ | |||
186 | ) | 186 | ) |
187 | ); | 187 | ); |
188 | }; | 188 | }; |
189 | sasl_access = { | ||
190 | host_sender_login = pkgs.writeText "host-sender-login" | ||
191 | (builtins.concatStringsSep "\n" (lib.flatten (lib.attrsets.mapAttrsToList | ||
192 | (n: v: (map (e: "${e} ${n}@immae.eu") v.emails)) config.myEnv.servers))); | ||
193 | host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox" | ||
194 | (builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu dummy") nodes)); | ||
195 | }; | ||
189 | in | 196 | in |
190 | recipient_maps // relay_restrictions // virtual_map; | 197 | recipient_maps // relay_restrictions // virtual_map // sasl_access; |
191 | config = { | 198 | config = { |
192 | ### postfix module overrides | 199 | ### postfix module overrides |
193 | readme_directory = "${pkgs.postfix}/share/postfix/doc"; | 200 | readme_directory = "${pkgs.postfix}/share/postfix/doc"; |
@@ -212,7 +219,7 @@ | |||
212 | ) | 219 | ) |
213 | config.myEnv.dns.masterZones | 220 | config.myEnv.dns.masterZones |
214 | ))); | 221 | ))); |
215 | virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; | 222 | virtual_mailbox_maps = "hash:/etc/postfix/host_dummy_mailboxes mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; |
216 | dovecot_destination_recipient_limit = "1"; | 223 | dovecot_destination_recipient_limit = "1"; |
217 | virtual_transport = "dovecot"; | 224 | virtual_transport = "dovecot"; |
218 | 225 | ||
@@ -277,7 +284,7 @@ | |||
277 | # Refuse to send e-mails with a From that is not handled | 284 | # Refuse to send e-mails with a From that is not handled |
278 | smtpd_sender_restrictions = | 285 | smtpd_sender_restrictions = |
279 | "reject_sender_login_mismatch,reject_unlisted_sender,permit_sasl_authenticated,reject"; | 286 | "reject_sender_login_mismatch,reject_unlisted_sender,permit_sasl_authenticated,reject"; |
280 | smtpd_sender_login_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_sender_login_maps"}"; | 287 | smtpd_sender_login_maps = "hash:/etc/postfix/host_sender_login,mysql:${config.secrets.fullPaths."postfix/mysql_sender_login_maps"}"; |
281 | smtpd_recipient_restrictions = "permit_sasl_authenticated,reject"; | 288 | smtpd_recipient_restrictions = "permit_sasl_authenticated,reject"; |
282 | milter_macro_daemon_name = "ORIGINATING"; | 289 | milter_macro_daemon_name = "ORIGINATING"; |
283 | smtpd_milters = "unix:${config.myServices.mail.milters.sockets.opendkim}"; | 290 | smtpd_milters = "unix:${config.myServices.mail.milters.sockets.opendkim}"; |