nixos-config/mastus/mail.nix

{ config, pkgs, ... }:

{
  # services.opensmtpd = {
  #   enable = true;
  #   serverConfiguration = ''
  #     listen on 0.0.0.0
  #     filter sa spamassassin "-s accept"
  #     accept for any deliver to lmtp localhost:24
  #   '';
  #   procPackages = [ pkgs.opensmtpd-extras ];
  # };

  services.postfix = {
    enable = true;
    postmasterAlias = "gebner";
    rootAlias = "gebner";
    extraAliases = ''
      ge: gebner
      cutintro: gebner
    '';
    hostname = "mastus.gebner.org";
    sslCert = "/etc/sslcerts/fullchain.pem";
    sslKey = "/etc/sslcerts/key.pem";

    destination = [ "gebner.org" "gabrielebner.at" "2b7e.org"
      "mastus.gebner.org" "localhost" ];

    extraConfig = ''
      mailbox_command = ${pkgs.procmail}/bin/procmail

      smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
      smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
      smtpd_tls_protocols=!SSLv2,!SSLv3
      smtp_tls_protocols=!SSLv2,!SSLv3

      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
      smtpd_sasl_auth_enable = yes
      smtpd_tls_auth_only = yes
    '';

    extraMasterConf = ''
      submission inet n - n - - smtpd
    '';
  };

  services.dovecot2 = {
    enable = true;
    enablePop3 = false;
    mailLocation = "maildir:~/mail";
    sslCACert = "/etc/sslcerts/fullchain.pem";
    sslServerCert = "/etc/sslcerts/fullchain.pem";
    sslServerKey = "/etc/sslcerts/key-dovecot.pem";
    extraConfig = ''
      ssl_protocols = !SSLv2 !SSLv3

      service auth {
        unix_listener /var/postfix/queue/private/auth {
          mode = 0660
          user = postfix
          group = postfix
        }
      }
    '';
  };

  services.spamassassin.enable = true;
  systemd.services.setupSpamassassin = {
    wantedBy = [ "spamd.service" ];
    after = [ "network.target" ];
    path = [ pkgs.spamassassin ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = "yes";
    };
    script = ''
      if [ ! -d /etc/spamassassin ]; then
        cp -rv ${pkgs.spamassassin}/share/spamassassin /etc/
        sa-update
      fi
    '';
  };

  environment.systemPackages = with pkgs; [
    spamassassin
    procmail
    mailutils
  ];
}
mastus: mail & git 2015-10-18 14:25:54 +02:00			`{ config, pkgs, ... }:`

			`{`
			`# services.opensmtpd = {`
			`# enable = true;`
			`# serverConfiguration = ''`
			`# listen on 0.0.0.0`
			`# filter sa spamassassin "-s accept"`
			`# accept for any deliver to lmtp localhost:24`
			`# '';`
			`# procPackages = [ pkgs.opensmtpd-extras ];`
			`# };`

			`services.postfix = {`
			`enable = true;`
			`postmasterAlias = "gebner";`
			`rootAlias = "gebner";`
			`extraAliases = ''`
			`ge: gebner`
			`cutintro: gebner`
			`'';`
mastus: mail: set domains 2015-10-18 15:17:38 +02:00			`hostname = "mastus.gebner.org";`
mastus: switch to letsencrypt certificates 2015-12-05 14:14:55 +01:00			`sslCert = "/etc/sslcerts/fullchain.pem";`
			`sslKey = "/etc/sslcerts/key.pem";`
mastus: mail & git 2015-10-18 14:25:54 +02:00
mastus: mail: set domains 2015-10-18 15:17:38 +02:00			`destination = [ "gebner.org" "gabrielebner.at" "2b7e.org"`
mail.gebner.org -> imap.gebner.org 2015-11-06 08:28:19 +01:00			`"mastus.gebner.org" "localhost" ];`
mastus: mail: set domains 2015-10-18 15:17:38 +02:00
mastus: mail & git 2015-10-18 14:25:54 +02:00			`extraConfig = ''`
			`mailbox_command = ${pkgs.procmail}/bin/procmail`
mastus: harden SSL config. 2015-10-25 09:29:49 +01:00
			`smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3`
			`smtp_tls_mandatory_protocols=!SSLv2,!SSLv3`
			`smtpd_tls_protocols=!SSLv2,!SSLv3`
			`smtp_tls_protocols=!SSLv2,!SSLv3`
mastus: enable smtp auth 2015-10-25 13:56:35 +01:00
			`smtpd_sasl_type = dovecot`
			`smtpd_sasl_path = private/auth`
			`smtpd_sasl_auth_enable = yes`
			`smtpd_tls_auth_only = yes`
mastus: mail & git 2015-10-18 14:25:54 +02:00			`'';`
mastus: postfix: listen on port 587 2015-10-27 09:08:29 +01:00
			`extraMasterConf = ''`
			`submission inet n - n - - smtpd`
			`'';`
mastus: mail & git 2015-10-18 14:25:54 +02:00			`};`

			`services.dovecot2 = {`
			`enable = true;`
			`enablePop3 = false;`
			`mailLocation = "maildir:~/mail";`
mastus: switch to letsencrypt certificates 2015-12-05 14:14:55 +01:00			`sslCACert = "/etc/sslcerts/fullchain.pem";`
			`sslServerCert = "/etc/sslcerts/fullchain.pem";`
			`sslServerKey = "/etc/sslcerts/key-dovecot.pem";`
mastus: harden SSL config. 2015-10-25 09:29:49 +01:00			`extraConfig = ''`
			`ssl_protocols = !SSLv2 !SSLv3`
mastus: enable smtp auth 2015-10-25 13:56:35 +01:00
			`service auth {`
			`unix_listener /var/postfix/queue/private/auth {`
			`mode = 0660`
			`user = postfix`
			`group = postfix`
			`}`
			`}`
mastus: harden SSL config. 2015-10-25 09:29:49 +01:00			`'';`
mastus: mail & git 2015-10-18 14:25:54 +02:00			`};`

			`services.spamassassin.enable = true;`
			`systemd.services.setupSpamassassin = {`
			`wantedBy = [ "spamd.service" ];`
			`after = [ "network.target" ];`
			`path = [ pkgs.spamassassin ];`
			`serviceConfig = {`
			`Type = "oneshot";`
			`RemainAfterExit = "yes";`
			`};`
			`script = ''`
			`if [ ! -d /etc/spamassassin ]; then`
			`cp -rv ${pkgs.spamassassin}/share/spamassassin /etc/`
			`sa-update`
			`fi`
			`'';`
			`};`
mastus: add spamassassin and procmail into environment. 2015-10-18 22:17:56 +02:00
			`environment.systemPackages = with pkgs; [`
			`spamassassin`
			`procmail`
mastus: add mailutils 2015-10-19 07:57:22 +02:00			`mailutils`
mastus: add spamassassin and procmail into environment. 2015-10-18 22:17:56 +02:00			`];`
mastus: mail & git 2015-10-18 14:25:54 +02:00			`}`