2015-10-18 12:25:54 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
# services.opensmtpd = {
|
|
|
|
# enable = true;
|
|
|
|
# serverConfiguration = ''
|
|
|
|
# listen on 0.0.0.0
|
|
|
|
# filter sa spamassassin "-s accept"
|
|
|
|
# accept for any deliver to lmtp localhost:24
|
|
|
|
# '';
|
|
|
|
# procPackages = [ pkgs.opensmtpd-extras ];
|
|
|
|
# };
|
|
|
|
|
|
|
|
services.postfix = {
|
|
|
|
enable = true;
|
|
|
|
postmasterAlias = "gebner";
|
|
|
|
rootAlias = "gebner";
|
|
|
|
extraAliases = ''
|
|
|
|
ge: gebner
|
|
|
|
cutintro: gebner
|
2019-12-09 22:03:32 +00:00
|
|
|
gebne: gebner
|
2015-10-18 12:25:54 +00:00
|
|
|
'';
|
2015-10-18 13:17:38 +00:00
|
|
|
hostname = "mastus.gebner.org";
|
2016-06-17 05:48:07 +00:00
|
|
|
sslCert = "/var/lib/acme/gebner.org/fullchain.pem";
|
|
|
|
sslKey = "/var/lib/acme/gebner.org/key.pem";
|
2015-10-18 12:25:54 +00:00
|
|
|
|
2015-10-18 13:17:38 +00:00
|
|
|
destination = [ "gebner.org" "gabrielebner.at" "2b7e.org"
|
2015-11-06 07:28:19 +00:00
|
|
|
"mastus.gebner.org" "localhost" ];
|
2015-10-18 13:17:38 +00:00
|
|
|
|
2015-10-18 12:25:54 +00:00
|
|
|
extraConfig = ''
|
|
|
|
mailbox_command = ${pkgs.procmail}/bin/procmail
|
2015-10-25 08:29:49 +00:00
|
|
|
|
|
|
|
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
|
|
|
|
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
|
|
|
|
smtpd_tls_protocols=!SSLv2,!SSLv3
|
|
|
|
smtp_tls_protocols=!SSLv2,!SSLv3
|
2015-10-25 12:56:35 +00:00
|
|
|
|
|
|
|
smtpd_sasl_type = dovecot
|
|
|
|
smtpd_sasl_path = private/auth
|
|
|
|
smtpd_sasl_auth_enable = yes
|
|
|
|
smtpd_tls_auth_only = yes
|
2016-05-31 11:44:21 +00:00
|
|
|
|
2017-06-12 19:33:42 +00:00
|
|
|
# Google sucks, https://serverfault.com/questions/832945/how-to-contact-gmail-team-regarding-block
|
|
|
|
smtp_address_preference = ipv4
|
|
|
|
|
2017-06-26 07:40:49 +00:00
|
|
|
message_size_limit = 81920000
|
2017-06-26 11:29:54 +00:00
|
|
|
mailbox_size_limit = 81920000
|
2017-06-26 07:40:49 +00:00
|
|
|
|
2016-05-31 11:44:21 +00:00
|
|
|
# Do not send spam bounces
|
|
|
|
# http://www.postfix.org/ADDRESS_VERIFICATION_README.html
|
|
|
|
smtpd_recipient_restrictions =
|
|
|
|
permit_mynetworks permit_sasl_authenticated
|
|
|
|
reject_unauth_destination
|
|
|
|
reject_unknown_recipient_domain
|
|
|
|
reject_unverified_recipient
|
2015-10-18 12:25:54 +00:00
|
|
|
'';
|
2015-10-27 08:08:29 +00:00
|
|
|
|
|
|
|
extraMasterConf = ''
|
|
|
|
submission inet n - n - - smtpd
|
|
|
|
'';
|
2015-10-18 12:25:54 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
services.dovecot2 = {
|
|
|
|
enable = true;
|
|
|
|
enablePop3 = false;
|
|
|
|
mailLocation = "maildir:~/mail";
|
2016-06-17 05:48:07 +00:00
|
|
|
sslCACert = "/var/lib/acme/gebner.org/fullchain.pem";
|
|
|
|
sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem";
|
|
|
|
sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem";
|
2015-10-25 08:29:49 +00:00
|
|
|
extraConfig = ''
|
|
|
|
ssl_protocols = !SSLv2 !SSLv3
|
2015-10-25 12:56:35 +00:00
|
|
|
|
|
|
|
service auth {
|
2016-01-24 18:38:16 +00:00
|
|
|
unix_listener /var/lib/postfix/queue/private/auth {
|
2015-10-25 12:56:35 +00:00
|
|
|
mode = 0660
|
|
|
|
user = postfix
|
|
|
|
group = postfix
|
|
|
|
}
|
|
|
|
}
|
2015-10-25 08:29:49 +00:00
|
|
|
'';
|
2015-10-18 12:25:54 +00:00
|
|
|
};
|
2016-06-17 05:48:07 +00:00
|
|
|
systemd.services.dovecotSslKey = rec {
|
|
|
|
wantedBy = [ "dovecot2.service" ];
|
|
|
|
before = wantedBy;
|
|
|
|
after = [ "acme-gebner.org.service" ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
RemainAfterExit = "yes";
|
|
|
|
};
|
|
|
|
script = ''
|
|
|
|
cd /var/lib/acme
|
2016-06-17 05:53:13 +00:00
|
|
|
mkdir -p gebner.org-dovecot
|
2016-06-17 05:48:07 +00:00
|
|
|
cp gebner.org/key.pem gebner.org-dovecot/key.pem
|
|
|
|
chown dovecot2 gebner.org-dovecot/key.pem
|
|
|
|
'';
|
|
|
|
};
|
2015-10-18 12:25:54 +00:00
|
|
|
|
|
|
|
services.spamassassin.enable = true;
|
|
|
|
systemd.services.setupSpamassassin = {
|
|
|
|
wantedBy = [ "spamd.service" ];
|
|
|
|
after = [ "network.target" ];
|
|
|
|
path = [ pkgs.spamassassin ];
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
RemainAfterExit = "yes";
|
|
|
|
};
|
|
|
|
script = ''
|
|
|
|
if [ ! -d /etc/spamassassin ]; then
|
|
|
|
cp -rv ${pkgs.spamassassin}/share/spamassassin /etc/
|
|
|
|
sa-update
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
};
|
2015-10-18 20:17:56 +00:00
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
spamassassin
|
|
|
|
procmail
|
2016-07-22 11:54:50 +00:00
|
|
|
mailutils
|
2015-10-18 20:17:56 +00:00
|
|
|
];
|
2015-10-18 12:25:54 +00:00
|
|
|
}
|