fix submission port

This commit is contained in:
Robin Raymond 2017-08-13 14:05:40 +02:00
parent c2e89ff1ed
commit 72f45af1ca
2 changed files with 27 additions and 17 deletions

View file

@ -7,7 +7,7 @@
* Postfix * Postfix
- [x] starts - [x] starts
- [x] receive email on port 25 - [x] receive email on port 25
- [ ] receive email on submission port 587 (to check) - [x] receive email on submission port 587
- [x] lmtp with dovecot - [x] lmtp with dovecot
* Dovecot * Dovecot
- [x] lmpto with postfix - [x] lmpto with postfix
@ -73,3 +73,7 @@ nixops ssh -d mail mailserver
* configurations that need to be made after `nixos-rebuild switch` * configurations that need to be made after `nixos-rebuild switch`
* complicated storage schemes * complicated storage schemes
* webclients / http-servers * webclients / http-servers
## Ideas for future releases
* Fine grained control over ownership of aliases
* More than one domain

View file

@ -34,14 +34,22 @@ let
# vhosts_file :: Path # vhosts_file :: Path
vhosts_file = builtins.toFile "vhosts" domain; vhosts_file = builtins.toFile "vhosts" domain;
# vaccounts_file :: Path
# see
# https://blog.grimneko.de/2011/12/24/a-bunch-of-tips-for-improving-your-postfix-setup/
# for details on how this file looks. By using the same file as valiases,
# every alias is owned (uniquely) by its user.
vaccounts_file = valiases_file;
in in
{ {
enable = true; enable = true;
networksStyle = "host"; networksStyle = "host";
mapFiles."valias" = valiases_file; mapFiles."valias" = valiases_file;
# mapFiles."vaccounts" = vaccounts_file; mapFiles."vaccounts" = vaccounts_file;
sslCert = cert; sslCert = cert;
sslKey = key; sslKey = key;
enableSubmission = true;
extraConfig = extraConfig =
'' ''
@ -70,19 +78,17 @@ in
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
''; '';
extraMasterConf = submissionOptions =
'' {
# Extra Config smtpd_tls_security_level = "encrypt";
#submission inet n - n - - smtpd smtpd_sasl_auth_enable = "yes";
# -o smtpd_tls_security_level=encrypt smtpd_sasl_type = "dovecot";
# -o smtpd_sasl_auth_enable=yes smtpd_sasl_path = "private/auth";
# -o smtpd_sasl_type=dovecot smtpd_sasl_security_options = "noanonymous";
# -o smtpd_sasl_path=private/auth smtpd_sasl_local_domain = "$myhostname";
# -o smtpd_sasl_security_options=noanonymous smtpd_client_restrictions = "permit_sasl_authenticated,reject";
# -o smtpd_sasl_local_domain=$myhostname smtpd_sender_login_maps = "hash:/etc/postfix/vaccounts";
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject smtpd_sender_restrictions = "reject_sender_login_mismatch";
# -o smtpd_sender_login_maps=hash:/etc/postfix/virtual smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
# -o smtpd_sender_restrictions=reject_sender_login_mismatch };
# -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
'';
} }