Add send-only accounts
This commit is contained in:
parent
b7c49fa26a
commit
d47e4ead88
2 changed files with 29 additions and 0 deletions
20
default.nix
20
default.nix
|
@ -137,6 +137,26 @@ in
|
||||||
Per-user sieve script.
|
Per-user sieve script.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sendOnly = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Specifies if the account should be a send-only account.
|
||||||
|
Emails sent to send-only accounts will be rejected with the
|
||||||
|
rejectMessage stating the reason.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
rejectMessage = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "This account cannot receive emails.";
|
||||||
|
description = ''
|
||||||
|
The message that will be returned to the sender when an email is
|
||||||
|
sent to a send-only account. Only used if the account is marked
|
||||||
|
as send-only.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config.name = mkDefault name;
|
config.name = mkDefault name;
|
||||||
|
|
|
@ -50,6 +50,13 @@ let
|
||||||
# all_valiases_postfix :: [ String ]
|
# all_valiases_postfix :: [ String ]
|
||||||
all_valiases_postfix = valiases_postfix ++ extra_valiases_postfix;
|
all_valiases_postfix = valiases_postfix ++ extra_valiases_postfix;
|
||||||
|
|
||||||
|
# denied_recipients_postfix :: [ String ]
|
||||||
|
denied_recipients_postfix = (map
|
||||||
|
(acct: "${acct.name} REJECT ${acct.rejectMessage}")
|
||||||
|
(lib.filter (acct: acct.sendOnly) (lib.attrValues cfg.loginAccounts)));
|
||||||
|
denied_recipients_file = builtins.toFile "denied_recipients" (lib.concatStringsSep "\n" denied_recipients_postfix);
|
||||||
|
|
||||||
|
|
||||||
# valiases_file :: Path
|
# valiases_file :: Path
|
||||||
valiases_file = builtins.toFile "valias"
|
valiases_file = builtins.toFile "valias"
|
||||||
(lib.concatStringsSep "\n" (all_valiases_postfix ++
|
(lib.concatStringsSep "\n" (all_valiases_postfix ++
|
||||||
|
@ -122,6 +129,7 @@ in
|
||||||
networksStyle = "host";
|
networksStyle = "host";
|
||||||
mapFiles."valias" = valiases_file;
|
mapFiles."valias" = valiases_file;
|
||||||
mapFiles."vaccounts" = vaccounts_file;
|
mapFiles."vaccounts" = vaccounts_file;
|
||||||
|
mapFiles."denied_recipients" = denied_recipients_file;
|
||||||
mapFiles."reject_senders" = reject_senders_file;
|
mapFiles."reject_senders" = reject_senders_file;
|
||||||
mapFiles."reject_recipients" = reject_recipients_file;
|
mapFiles."reject_recipients" = reject_recipients_file;
|
||||||
sslCert = certificatePath;
|
sslCert = certificatePath;
|
||||||
|
@ -160,6 +168,7 @@ in
|
||||||
|
|
||||||
# quota and spf checking
|
# quota and spf checking
|
||||||
smtpd_recipient_restrictions =
|
smtpd_recipient_restrictions =
|
||||||
|
check_recipient_access ${mappedFile "denied_recipients"},
|
||||||
check_recipient_access ${mappedFile "reject_recipients"},
|
check_recipient_access ${mappedFile "reject_recipients"},
|
||||||
check_policy_service inet:localhost:12340,
|
check_policy_service inet:localhost:12340,
|
||||||
check_policy_service unix:private/policy-spf
|
check_policy_service unix:private/policy-spf
|
||||||
|
|
Loading…
Reference in a new issue