aboutsummaryrefslogtreecommitdiff
path: root/modules/private/mail/milters.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/mail/milters.nix')
-rw-r--r--modules/private/mail/milters.nix20
1 files changed, 14 insertions, 6 deletions
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 6b033e8..16c8a7a 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -12,7 +12,7 @@
12 milters sockets 12 milters sockets
13 ''; 13 '';
14 }; 14 };
15 config = lib.mkIf config.myServices.mail.enable { 15 config = lib.mkIf (config.myServices.mail.enable || config.myServices.mailBackup.enable) {
16 secrets.keys = [ 16 secrets.keys = [
17 { 17 {
18 dest = "opendkim/eldiron.private"; 18 dest = "opendkim/eldiron.private";
@@ -34,7 +34,14 @@
34 user = config.services.opendmarc.user; 34 user = config.services.opendmarc.user;
35 group = config.services.opendmarc.group; 35 group = config.services.opendmarc.group;
36 permissions = "0400"; 36 permissions = "0400";
37 text = config.myEnv.mail.dmarc.ignore_hosts; 37 text = let
38 mxes = lib.attrsets.filterAttrs
39 (n: v: v.mx.enable)
40 config.myEnv.servers;
41 in
42 builtins.concatStringsSep "\n" ([
43 config.myEnv.mail.dmarc.ignore_hosts
44 ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes);
38 } 45 }
39 ]; 46 ];
40 users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; 47 users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
@@ -51,8 +58,9 @@
51 keyPath = "${config.secrets.location}/opendkim"; 58 keyPath = "${config.secrets.location}/opendkim";
52 selector = "eldiron"; 59 selector = "eldiron";
53 configFile = pkgs.writeText "opendkim.conf" '' 60 configFile = pkgs.writeText "opendkim.conf" ''
54 SubDomains yes 61 SubDomains yes
55 UMask 002 62 UMask 002
63 AlwaysAddARHeader yes
56 ''; 64 '';
57 group = config.services.postfix.group; 65 group = config.services.postfix.group;
58 }; 66 };
@@ -74,14 +82,14 @@
74 configFile = pkgs.writeText "opendmarc.conf" '' 82 configFile = pkgs.writeText "opendmarc.conf" ''
75 AuthservID HOSTNAME 83 AuthservID HOSTNAME
76 FailureReports false 84 FailureReports false
77 FailureReportsBcc postmaster@localhost.immae.eu 85 FailureReportsBcc postmaster@immae.eu
78 FailureReportsOnNone true 86 FailureReportsOnNone true
79 FailureReportsSentBy postmaster@immae.eu 87 FailureReportsSentBy postmaster@immae.eu
80 IgnoreAuthenticatedClients true 88 IgnoreAuthenticatedClients true
81 IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} 89 IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"}
82 SoftwareHeader true 90 SoftwareHeader true
91 SPFIgnoreResults true
83 SPFSelfValidate true 92 SPFSelfValidate true
84 TrustedAuthservIDs HOSTNAME, immae.eu, nef2.ens.fr
85 UMask 002 93 UMask 002
86 ''; 94 '';
87 group = config.services.postfix.group; 95 group = config.services.postfix.group;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-25 12:27:50 +0000