From aeb4a96dd9368c7f199b3755e4652d67cd1354d8 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Tue, 9 Aug 2022 18:43:15 +0900 Subject: Throw in Dovecot-Postfix integration --- mail.nix | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/mail.nix b/mail.nix index d497f8e..fc10aa6 100644 --- a/mail.nix +++ b/mail.nix @@ -20,10 +20,10 @@ let certDir = config.security.acme.certs.${domain}.directory; domain = config.networking.domain; + lmtp = "private/lmtp"; in { networking.firewall.allowedTCPPorts = [ 25 # SMTP-MTA - 110 # POP3 465 # SMTP-MSA 993 # IMAPS ]; @@ -31,6 +31,25 @@ in { services = { dovecot2 = { enable = true; + extraConfig = let + postfix = config.services.postfix; + queue = postfix.config.queue_directory; + in '' + service auth { + unix_listener ${queue}/${postfix.submissionsOptions.smtpd_sasl_path} { + group = ${postfix.group} + mode = 0660 + user = ${postfix.user} + } + } + service lmtp { + unix_listener ${queue}/${lmtp} { + group = ${postfix.group} + mode = 0600 + user = ${postfix.user} + } + } + ''; mailboxes = { Archive.specialUse = "Archive"; Drafts.specialUse = "Drafts"; @@ -44,6 +63,10 @@ in { }; postfix = { + config = { + virtual_transport = "lmtp:unix:${lmtp}"; + mailbox_transport = "lmtp:unix:${lmtp}"; + }; enable = true; enableSubmissions = true; domain = domain; @@ -52,6 +75,7 @@ in { cleanup_service_name = "ascleanup"; milter_macro_daemon_name = "ORIGINATING"; smtpd_client_restrictions = "permit_sasl_authenticated,reject"; + smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"; smtpd_sasl_auth_enable = "yes"; smtpd_sasl_local_domain = domain; smtpd_sasl_path = "private/auth"; @@ -60,6 +84,7 @@ in { smtpd_tls_security_level = "encrypt"; }; sslCert = "${certDir}/cert.pem"; - sslKey = "${certDir}/key.pem"; }; + sslKey = "${certDir}/key.pem"; + }; }; } -- cgit 1.4.1