From 915e56fb4453b0701a423b0c96fb145318162ffd Mon Sep 17 00:00:00 2001 From: aszlig Date: Wed, 18 Mar 2015 20:58:26 +0100 Subject: Move last machine from labernix to vuizvui. I've moved the restrictions config of Postfix into the default module for now and actually fixed it so that it's actually working (the config value wasn't set before). Also, the option type was incorrectly set to types.list, which aliases to types.listOf and expects another function (kind) as its argument. This marks the end of LaberNix and the beginning of a new Vuizvui! Signed-off-by: aszlig --- labernix/machines/mailserver.nix | 119 --------------------------------------- 1 file changed, 119 deletions(-) delete mode 100644 labernix/machines/mailserver.nix (limited to 'labernix/machines/mailserver.nix') diff --git a/labernix/machines/mailserver.nix b/labernix/machines/mailserver.nix deleted file mode 100644 index 7d4bd397..00000000 --- a/labernix/machines/mailserver.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ config, pkgs, lib, ... }: let - vhostMap = { - smtpd_sender_login_maps = [ - "SELECT username AS allowedUser" - "FROM mailbox" - "WHERE username='%s' AND active = 1" - "UNION SELECT goto FROM alias" - "WHERE address='%s' AND active = 1" - ]; - - virtual_alias_maps = [ - "SELECT goto" - "FROM alias" - "WHERE address='%s' AND active = '1'" - ]; - - virtual_mailbox_domains = [ - "SELECT domain" - "FROM domain" - "WHERE domain='%s' AND active = '1'" - ]; - - virtual_mailbox_maps = [ - "SELECT maildir" - "FROM mailbox" - "WHERE username='%s' AND active = '1'" - ]; - }; - - mkDbMap = query: "proxy:pgsql:${pkgs.writeText "database.cf" '' - hosts = localhost - user = postfix - dbname = postfix - query = ${query} - ''}"; - -in { - imports = [ ../common.nix ]; - - services.spamassassin.enable = true; - - services.postfix.enable = true; - services.postfix.hostname = "mailtest.lan"; - - # TODO: This is a dummy, replace it once we know about the real root fs. - fileSystems."/".label = "root"; - boot.loader.grub.device = "nodev"; - - labernix.postfix.restrictions = { - sender = [ - "reject_authenticated_sender_login_mismatch" - "reject_unknown_sender_domain" - ]; - recipient = [ - "permit_sasl_authenticated" - "permit_mynetworks" - "reject_unauth_destination" - "reject_invalid_hostname" - "reject_non_fqdn_hostname" - "reject_non_fqdn_sender" - "reject_non_fqdn_recipient" - "reject_unknown_reverse_client_hostname" - ]; - helo = [ - "permit_sasl_authenticated" - "permit_mynetworks" - "reject_invalid_hostname" - "reject_unauth_pipelining" - "reject_non_fqdn_hostname" - ]; - }; - - services.postfix.extraConfig = '' - ${lib.concatStrings (lib.mapAttrsToList (cfgvar: query: '' - ${cfgvar} = ${mkDbMap (lib.concatStringsSep " " query)} - '') vhostMap)} - - # a bit more spam protection - disable_vrfy_command = yes - - smtpd_sasl_type=dovecot - smtpd_sasl_path=private/auth_dovecot XXXXXXXXXXXXXXX - smtpd_sasl_auth_enable = yes - smtpd_sasl_authenticated_header = yes - broken_sasl_auth_clients = yes - - proxy_read_maps = ${lib.concatStringsSep " " (map (s: "\$${s}") [ - "local_recipient_maps" "mydestination" "virtual_alias_maps" - "virtual_alias_domains" "virtual_mailbox_maps" "virtual_mailbox_domains" - "relay_recipient_maps" "relay_domains" "canonical_maps" - "sender_canonical_maps" "recipient_canonical_maps" "relocated_maps" - "transport_maps" "mynetworks" "smtpd_sender_login_maps" - ])} - - local_transport = virtual - virtual_transport = dovecot - - virtual_uid_maps = static:5000 XXXXXXXXXXXX - virtual_gid_maps = static:5000 XXXXXXXXXXXX - - smtpd_tls_cert_file=/etc/ssl/mail.crt XXXX: KEYS - smtpd_tls_key_file=/etc/ssl/mail.key XXXX: KEYS - smtpd_use_tls=yes - ''; - - services.postfix.extraMasterConf = '' - mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ''${nexthop} ''${user} - # ^^^ FIXME: maybe not needed! - - dovecot unix - n n - - pipe - flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ''${recipient} - # ^^^ FIXME: maybe not needed! - - spamassassin unix - n n - - pipe - user=${toString config.ids.uids.spamd} argv=${pkgs.spamassassin}/bin/spamc -f -e /var/setuid-wrappers/sendmail -oi -f ''${sender} ''${recipient} - # ^^^ FIXME: maybe not needed! - ''; -} -- cgit 1.4.1