commit b6ce8c406346cd3dccc6733f33bf1c553cbf1587
parent 0a405ffb3e7d7f3928de0aba7da0f1d40a526ff6
Author: William Casarin <bill@casarin.me>
Date: Mon, 2 Nov 2020 11:43:15 -0800
mailz: updates
Diffstat:
2 files changed, 21 insertions(+), 23 deletions(-)
diff --git a/nix-config/services/mailz/default.nix b/nix-config/services/mailz/default.nix
@@ -5,6 +5,7 @@ with lib;
let
cfg = config.services.mailz;
+
mailbox = name: ''
mailbox ${name} {
auto = subscribe
@@ -154,15 +155,8 @@ in
};
};
- config = mkIf (cfg.enable && cfg.users != { }) {
- nixpkgs.config.packageOverrides = pkgs: {
- opensmtpd = pkgs.callPackage ./opensmtpd.nix { };
- opensmtpd-extras = pkgs.opensmtpd-extras.override {
- # Needed to have PRNG working in chroot (for dkim-signer)
- openssl = pkgs.libressl;
- };
- };
-
+ config = mkIf (cfg.enable && cfg.users != { })
+ {
system.activationScripts.mailz = ''
# Make sure SpamAssassin database is present
if ! [ -d /etc/spamassassin ]; then
@@ -182,25 +176,24 @@ in
services.opensmtpd = {
enable = true;
serverConfiguration = ''
- filter filter-pause pause
- filter filter-regex regex "${files.regex}"
- filter filter-spamassassin spamassassin "-s accept"
- filter filter-dkim-signer dkim-signer "-d ${cfg.domain}" "-p${cfg.dkimDirectory}/${cfg.domain}/default.private"
- filter in chain filter-regex filter-spamassassin
- filter out chain filter-dkim-signer
-
- pki ${cfg.domain} certificate "/var/lib/acme/${cfg.domain}/fullchain.pem"
+ pki ${cfg.domain} cert "/var/lib/acme/${cfg.domain}/fullchain.pem"
pki ${cfg.domain} key "/var/lib/acme/${cfg.domain}/key.pem"
table credentials file:${files.credentials}
table recipients file:${files.recipients}
table aliases file:${files.aliases}
- listen on 0.0.0.0 port 25 hostname ${cfg.domain} filter in tls pki ${cfg.domain}
- listen on 0.0.0.0 port 12566 hostname ${cfg.domain} filter out tls-require pki ${cfg.domain} auth <credentials>
+ listen on 0.0.0.0 port 25 hostname ${cfg.domain} tls pki ${cfg.domain}
+ listen on 0.0.0.0 port 12566 hostname ${cfg.domain} tls-require pki ${cfg.domain} auth <credentials>
- accept from any for domain "${cfg.domain}" recipient <recipients> alias <aliases> deliver to lmtp localhost:24
- accept from local for any relay
+ action "local_mail" lmtp localhost:24 alias <aliases>
+ action "outbound" relay helo "${cfg.domain}"
+
+ match from any for domain "${cfg.domain}" action "local_mail"
+ match for local action "local_mail"
+
+ match from any auth for any action "outbound"
+ match for any action "outbound"
'';
procPackages = [ pkgs.opensmtpd-extras ];
};
@@ -230,6 +223,10 @@ in
port = 24
}
}
+
+ service imap {
+ vsz_limit = 1024 M
+ }
service imap-login {
inet_listener imaps {
diff --git a/nix-config/services/mailz/opensmtpd.nix b/nix-config/services/mailz/opensmtpd.nix
@@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
version = "5.7.3p2";
nativeBuildInputs = [ autoconf automake libtool bison ];
- buildInputs = [ libasr libevent zlib openssl db pam ];
+ buildInputs = [ libasr libevent zlib openssl db ];
src = fetchurl {
url = "http://www.opensmtpd.org/archives/${name}.tar.gz";
@@ -16,6 +16,7 @@ stdenv.mkDerivation rec {
patches = [ ./proc_path.diff ];
+
configureFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
@@ -39,7 +40,7 @@ stdenv.mkDerivation rec {
homepage = https://www.opensmtpd.org/;
description = ''
A free implementation of the server-side SMTP protocol as defined by
- RFC 5321, with some additional standard extensions
+ RFC 5321, with some additional standard extensions. what
'';
license = stdenv.lib.licenses.isc;
platforms = stdenv.lib.platforms.linux;
