{ config, pkgs, ... }: { # services.opensmtpd = { # enable = true; # serverConfiguration = '' # listen on 0.0.0.0 # filter sa spamassassin "-s accept" # accept for any deliver to lmtp localhost:24 # ''; # procPackages = [ pkgs.opensmtpd-extras ]; # }; services.postfix = { enable = true; postmasterAlias = "gebner"; rootAlias = "gebner"; extraAliases = '' ge: gebner cutintro: gebner ''; hostname = "mastus.gebner.org"; sslCert = "/var/lib/acme/gebner.org/fullchain.pem"; sslKey = "/var/lib/acme/gebner.org/key.pem"; destination = [ "gebner.org" "gabrielebner.at" "2b7e.org" "mastus.gebner.org" "localhost" ]; extraConfig = '' mailbox_command = ${pkgs.procmail}/bin/procmail smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 smtp_tls_mandatory_protocols=!SSLv2,!SSLv3 smtpd_tls_protocols=!SSLv2,!SSLv3 smtp_tls_protocols=!SSLv2,!SSLv3 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = yes # Google sucks, https://serverfault.com/questions/832945/how-to-contact-gmail-team-regarding-block smtp_address_preference = ipv4 message_size_limit = 81920000 # Do not send spam bounces # http://www.postfix.org/ADDRESS_VERIFICATION_README.html smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_recipient_domain reject_unverified_recipient ''; extraMasterConf = '' submission inet n - n - - smtpd ''; }; services.dovecot2 = { enable = true; enablePop3 = false; mailLocation = "maildir:~/mail"; sslCACert = "/var/lib/acme/gebner.org/fullchain.pem"; sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem"; sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem"; extraConfig = '' ssl_protocols = !SSLv2 !SSLv3 service auth { unix_listener /var/lib/postfix/queue/private/auth { mode = 0660 user = postfix group = postfix } } ''; }; systemd.services.dovecotSslKey = rec { wantedBy = [ "dovecot2.service" ]; before = wantedBy; after = [ "acme-gebner.org.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; }; script = '' cd /var/lib/acme mkdir -p gebner.org-dovecot cp gebner.org/key.pem gebner.org-dovecot/key.pem chown dovecot2 gebner.org-dovecot/key.pem ''; }; services.spamassassin.enable = true; systemd.services.setupSpamassassin = { wantedBy = [ "spamd.service" ]; after = [ "network.target" ]; path = [ pkgs.spamassassin ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; }; script = '' if [ ! -d /etc/spamassassin ]; then cp -rv ${pkgs.spamassassin}/share/spamassassin /etc/ sa-update fi ''; }; environment.systemPackages = with pkgs; [ spamassassin procmail mailutils ]; }