aboutsummaryrefslogtreecommitdiff
path: root/modules/private/mail/postfix.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/mail/postfix.nix')
-rw-r--r--modules/private/mail/postfix.nix15
1 files changed, 11 insertions, 4 deletions
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index 9c4b87c..a31841f 100644
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, ... }: 1{ lib, pkgs, config, nodes, ... }:
2{ 2{
3 config = lib.mkIf config.myServices.mail.enable { 3 config = lib.mkIf config.myServices.mail.enable {
4 services.duplyBackup.profiles.mail.excludeFile = '' 4 services.duplyBackup.profiles.mail.excludeFile = ''
@@ -186,8 +186,15 @@
186 ) 186 )
187 ); 187 );
188 }; 188 };
189 sasl_access = {
190 host_sender_login = pkgs.writeText "host-sender-login"
191 (builtins.concatStringsSep "\n" (lib.flatten (lib.attrsets.mapAttrsToList
192 (n: v: (map (e: "${e} ${n}@immae.eu") v.emails)) config.myEnv.servers)));
193 host_dummy_mailboxes = pkgs.writeText "host-virtual-mailbox"
194 (builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "${n}@immae.eu dummy") nodes));
195 };
189 in 196 in
190 recipient_maps // relay_restrictions // virtual_map; 197 recipient_maps // relay_restrictions // virtual_map // sasl_access;
191 config = { 198 config = {
192 ### postfix module overrides 199 ### postfix module overrides
193 readme_directory = "${pkgs.postfix}/share/postfix/doc"; 200 readme_directory = "${pkgs.postfix}/share/postfix/doc";
@@ -212,7 +219,7 @@
212 ) 219 )
213 config.myEnv.dns.masterZones 220 config.myEnv.dns.masterZones
214 ))); 221 )));
215 virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; 222 virtual_mailbox_maps = "hash:/etc/postfix/host_dummy_mailboxes mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}";
216 dovecot_destination_recipient_limit = "1"; 223 dovecot_destination_recipient_limit = "1";
217 virtual_transport = "dovecot"; 224 virtual_transport = "dovecot";
218 225
@@ -277,7 +284,7 @@
277 # Refuse to send e-mails with a From that is not handled 284 # Refuse to send e-mails with a From that is not handled
278 smtpd_sender_restrictions = 285 smtpd_sender_restrictions =
279 "reject_sender_login_mismatch,reject_unlisted_sender,permit_sasl_authenticated,reject"; 286 "reject_sender_login_mismatch,reject_unlisted_sender,permit_sasl_authenticated,reject";
280 smtpd_sender_login_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_sender_login_maps"}"; 287 smtpd_sender_login_maps = "hash:/etc/postfix/host_sender_login,mysql:${config.secrets.fullPaths."postfix/mysql_sender_login_maps"}";
281 smtpd_recipient_restrictions = "permit_sasl_authenticated,reject"; 288 smtpd_recipient_restrictions = "permit_sasl_authenticated,reject";
282 milter_macro_daemon_name = "ORIGINATING"; 289 milter_macro_daemon_name = "ORIGINATING";
283 smtpd_milters = "unix:${config.myServices.mail.milters.sockets.opendkim}"; 290 smtpd_milters = "unix:${config.myServices.mail.milters.sockets.opendkim}";
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-25 16:06:01 +0000