New Feature >>rejectSender<<

Authored by tokudan
This commit is contained in:
Robin Raymond 2018-11-10 14:29:16 +01:00
parent 28cff2497a
commit acd65c0803
2 changed files with 26 additions and 3 deletions

View file

@ -166,6 +166,16 @@ in
default = {}; default = {};
}; };
rejectSender = mkOption {
type = types.listOf types.str;
example = [ "@example.com" "spammer@example.net" ];
description = ''
Reject emails from these addresses from unauthorized senders.
Use if a spammer is using the same domain or the same sender over and over.
'';
default = [];
};
rejectRecipients = mkOption { rejectRecipients = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
example = [ "sales@example.com" "info@example.com" ]; example = [ "sales@example.com" "info@example.com" ];

View file

@ -55,6 +55,13 @@ let
(lib.concatStringsSep "\n" (all_valiases_postfix ++ (lib.concatStringsSep "\n" (all_valiases_postfix ++
catchAllPostfix)); catchAllPostfix));
reject_senders_postfix = (map
(sender:
"${sender} REJECT")
(cfg.rejectSender));
reject_senders_file = builtins.toFile "reject_senders" (lib.concatStringsSep "\n" (reject_senders_postfix)) ;
reject_recipients_postfix = (map reject_recipients_postfix = (map
(recipient: (recipient:
"${recipient} REJECT") "${recipient} REJECT")
@ -103,6 +110,8 @@ let
+ (lib.optionalString cfg.debug '' + (lib.optionalString cfg.debug ''
debugLevel = 4 debugLevel = 4
'')); ''));
mappedFile = name: "hash:/var/lib/postfix/conf/${name}";
in in
{ {
config = with cfg; lib.mkIf enable { config = with cfg; lib.mkIf enable {
@ -113,6 +122,7 @@ in
networksStyle = "host"; networksStyle = "host";
mapFiles."valias" = valiases_file; mapFiles."valias" = valiases_file;
mapFiles."vaccounts" = vaccounts_file; mapFiles."vaccounts" = vaccounts_file;
mapFiles."reject_senders" = reject_senders_file;
mapFiles."reject_recipients" = reject_recipients_file; mapFiles."reject_recipients" = reject_recipients_file;
sslCert = certificatePath; sslCert = certificatePath;
sslKey = keyPath; sslKey = keyPath;
@ -132,8 +142,8 @@ in
virtual_gid_maps = static:5000 virtual_gid_maps = static:5000
virtual_mailbox_base = ${mailDirectory} virtual_mailbox_base = ${mailDirectory}
virtual_mailbox_domains = ${vhosts_file} virtual_mailbox_domains = ${vhosts_file}
virtual_mailbox_maps = hash:/var/lib/postfix/conf/valias virtual_mailbox_maps = ${mappedFile "valias"}
virtual_alias_maps = hash:/var/lib/postfix/conf/valias virtual_alias_maps = ${mappedFile "valias"}
virtual_transport = lmtp:unix:/run/dovecot2/dovecot-lmtp virtual_transport = lmtp:unix:/run/dovecot2/dovecot-lmtp
# sasl with dovecot # sasl with dovecot
@ -144,9 +154,12 @@ in
policy-spf_time_limit = 3600s policy-spf_time_limit = 3600s
# reject selected senders
smtpd_sender_restrictions = check_sender_access ${mappedFile "reject_senders"}
# quota and spf checking # quota and spf checking
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
check_recipient_access hash:/var/lib/postfix/conf/reject_recipients, check_recipient_access ${mappedFile "reject_recipients"},
check_policy_service inet:localhost:12340, check_policy_service inet:localhost:12340,
check_policy_service unix:private/policy-spf check_policy_service unix:private/policy-spf