fix submission port
This commit is contained in:
parent
c2e89ff1ed
commit
72f45af1ca
2 changed files with 27 additions and 17 deletions
|
@ -7,7 +7,7 @@
|
||||||
* Postfix
|
* Postfix
|
||||||
- [x] starts
|
- [x] starts
|
||||||
- [x] receive email on port 25
|
- [x] receive email on port 25
|
||||||
- [ ] receive email on submission port 587 (to check)
|
- [x] receive email on submission port 587
|
||||||
- [x] lmtp with dovecot
|
- [x] lmtp with dovecot
|
||||||
* Dovecot
|
* Dovecot
|
||||||
- [x] lmpto with postfix
|
- [x] lmpto with postfix
|
||||||
|
@ -73,3 +73,7 @@ nixops ssh -d mail mailserver
|
||||||
* configurations that need to be made after `nixos-rebuild switch`
|
* configurations that need to be made after `nixos-rebuild switch`
|
||||||
* complicated storage schemes
|
* complicated storage schemes
|
||||||
* webclients / http-servers
|
* webclients / http-servers
|
||||||
|
|
||||||
|
## Ideas for future releases
|
||||||
|
* Fine grained control over ownership of aliases
|
||||||
|
* More than one domain
|
||||||
|
|
|
@ -34,14 +34,22 @@ let
|
||||||
# vhosts_file :: Path
|
# vhosts_file :: Path
|
||||||
vhosts_file = builtins.toFile "vhosts" domain;
|
vhosts_file = builtins.toFile "vhosts" domain;
|
||||||
|
|
||||||
|
# vaccounts_file :: Path
|
||||||
|
# see
|
||||||
|
# https://blog.grimneko.de/2011/12/24/a-bunch-of-tips-for-improving-your-postfix-setup/
|
||||||
|
# for details on how this file looks. By using the same file as valiases,
|
||||||
|
# every alias is owned (uniquely) by its user.
|
||||||
|
vaccounts_file = valiases_file;
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
networksStyle = "host";
|
networksStyle = "host";
|
||||||
mapFiles."valias" = valiases_file;
|
mapFiles."valias" = valiases_file;
|
||||||
# mapFiles."vaccounts" = vaccounts_file;
|
mapFiles."vaccounts" = vaccounts_file;
|
||||||
sslCert = cert;
|
sslCert = cert;
|
||||||
sslKey = key;
|
sslKey = key;
|
||||||
|
enableSubmission = true;
|
||||||
|
|
||||||
extraConfig =
|
extraConfig =
|
||||||
''
|
''
|
||||||
|
@ -70,19 +78,17 @@ in
|
||||||
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
||||||
'';
|
'';
|
||||||
|
|
||||||
extraMasterConf =
|
submissionOptions =
|
||||||
''
|
{
|
||||||
# Extra Config
|
smtpd_tls_security_level = "encrypt";
|
||||||
#submission inet n - n - - smtpd
|
smtpd_sasl_auth_enable = "yes";
|
||||||
# -o smtpd_tls_security_level=encrypt
|
smtpd_sasl_type = "dovecot";
|
||||||
# -o smtpd_sasl_auth_enable=yes
|
smtpd_sasl_path = "private/auth";
|
||||||
# -o smtpd_sasl_type=dovecot
|
smtpd_sasl_security_options = "noanonymous";
|
||||||
# -o smtpd_sasl_path=private/auth
|
smtpd_sasl_local_domain = "$myhostname";
|
||||||
# -o smtpd_sasl_security_options=noanonymous
|
smtpd_client_restrictions = "permit_sasl_authenticated,reject";
|
||||||
# -o smtpd_sasl_local_domain=$myhostname
|
smtpd_sender_login_maps = "hash:/etc/postfix/vaccounts";
|
||||||
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
smtpd_sender_restrictions = "reject_sender_login_mismatch";
|
||||||
# -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
|
smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
|
||||||
# -o smtpd_sender_restrictions=reject_sender_login_mismatch
|
};
|
||||||
# -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue