diff options
-rw-r--r-- | mail.nix | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/mail.nix b/mail.nix index d497f8e..fc10aa6 100644 --- a/mail.nix +++ b/mail.nix @@ -20,10 +20,10 @@ let certDir = config.security.acme.certs.${domain}.directory; domain = config.networking.domain; + lmtp = "private/lmtp"; in { networking.firewall.allowedTCPPorts = [ 25 # SMTP-MTA - 110 # POP3 465 # SMTP-MSA 993 # IMAPS ]; @@ -31,6 +31,25 @@ in { services = { dovecot2 = { enable = true; + extraConfig = let + postfix = config.services.postfix; + queue = postfix.config.queue_directory; + in '' + service auth { + unix_listener ${queue}/${postfix.submissionsOptions.smtpd_sasl_path} { + group = ${postfix.group} + mode = 0660 + user = ${postfix.user} + } + } + service lmtp { + unix_listener ${queue}/${lmtp} { + group = ${postfix.group} + mode = 0600 + user = ${postfix.user} + } + } + ''; mailboxes = { Archive.specialUse = "Archive"; Drafts.specialUse = "Drafts"; @@ -44,6 +63,10 @@ in { }; postfix = { + config = { + virtual_transport = "lmtp:unix:${lmtp}"; + mailbox_transport = "lmtp:unix:${lmtp}"; + }; enable = true; enableSubmissions = true; domain = domain; @@ -52,6 +75,7 @@ in { cleanup_service_name = "ascleanup"; milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; + smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; smtpd_sasl_local_domain = domain; smtpd_sasl_path = "private/auth"; @@ -60,6 +84,7 @@ in { smtpd_tls_security_level = "encrypt"; }; sslCert = "${certDir}/cert.pem"; - sslKey = "${certDir}/key.pem"; }; + sslKey = "${certDir}/key.pem"; + }; }; } |