{ config, pkgs, ... }: { # services.opensmtpd = { # enable = true; # serverConfiguration = '' # listen on 0.0.0.0 # filter sa spamassassin "-s accept" # accept for any deliver to lmtp localhost:24 # ''; # procPackages = [ pkgs.opensmtpd-extras ]; # }; services.postfix = { enable = true; postmasterAlias = "gebner"; rootAlias = "gebner"; extraAliases = '' ge: gebner cutintro: gebner ''; hostname = "mastus.gebner.org"; sslCert = "/etc/sslcerts/fullchain.pem"; sslKey = "/etc/sslcerts/key.pem"; destination = [ "gebner.org" "gabrielebner.at" "2b7e.org" "mastus.gebner.org" "localhost" ]; extraConfig = '' mailbox_command = ${pkgs.procmail}/bin/procmail smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 smtp_tls_mandatory_protocols=!SSLv2,!SSLv3 smtpd_tls_protocols=!SSLv2,!SSLv3 smtp_tls_protocols=!SSLv2,!SSLv3 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = yes # Do not send spam bounces # http://www.postfix.org/ADDRESS_VERIFICATION_README.html smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_recipient_domain reject_unverified_recipient ''; extraMasterConf = '' submission inet n - n - - smtpd ''; }; services.dovecot2 = { enable = true; enablePop3 = false; mailLocation = "maildir:~/mail"; sslCACert = "/etc/sslcerts/fullchain.pem"; sslServerCert = "/etc/sslcerts/fullchain.pem"; sslServerKey = "/etc/sslcerts/key-dovecot.pem"; extraConfig = '' ssl_protocols = !SSLv2 !SSLv3 service auth { unix_listener /var/lib/postfix/queue/private/auth { mode = 0660 user = postfix group = postfix } } ''; }; services.spamassassin.enable = true; systemd.services.setupSpamassassin = { wantedBy = [ "spamd.service" ]; after = [ "network.target" ]; path = [ pkgs.spamassassin ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; }; script = '' if [ ! -d /etc/spamassassin ]; then cp -rv ${pkgs.spamassassin}/share/spamassassin /etc/ sa-update fi ''; }; environment.systemPackages = with pkgs; [ spamassassin procmail (mailutils.override { stdenv = overrideCC stdenv gcc49; }) ]; }