Add send-only accounts

This commit is contained in:
Galen Abell 2019-10-16 21:51:45 +02:00 committed by Antoine Eiche
parent b7c49fa26a
commit d47e4ead88
2 changed files with 29 additions and 0 deletions

View file

@ -137,6 +137,26 @@ in
Per-user sieve script.
'';
};
sendOnly = mkOption {
type = types.bool;
default = false;
description = ''
Specifies if the account should be a send-only account.
Emails sent to send-only accounts will be rejected with the
rejectMessage stating the reason.
'';
};
rejectMessage = mkOption {
type = types.str;
default = "This account cannot receive emails.";
description = ''
The message that will be returned to the sender when an email is
sent to a send-only account. Only used if the account is marked
as send-only.
'';
};
};
config.name = mkDefault name;

View file

@ -50,6 +50,13 @@ let
# all_valiases_postfix :: [ String ]
all_valiases_postfix = valiases_postfix ++ extra_valiases_postfix;
# denied_recipients_postfix :: [ String ]
denied_recipients_postfix = (map
(acct: "${acct.name} REJECT ${acct.rejectMessage}")
(lib.filter (acct: acct.sendOnly) (lib.attrValues cfg.loginAccounts)));
denied_recipients_file = builtins.toFile "denied_recipients" (lib.concatStringsSep "\n" denied_recipients_postfix);
# valiases_file :: Path
valiases_file = builtins.toFile "valias"
(lib.concatStringsSep "\n" (all_valiases_postfix ++
@ -122,6 +129,7 @@ in
networksStyle = "host";
mapFiles."valias" = valiases_file;
mapFiles."vaccounts" = vaccounts_file;
mapFiles."denied_recipients" = denied_recipients_file;
mapFiles."reject_senders" = reject_senders_file;
mapFiles."reject_recipients" = reject_recipients_file;
sslCert = certificatePath;
@ -160,6 +168,7 @@ in
# quota and spf checking
smtpd_recipient_restrictions =
check_recipient_access ${mappedFile "denied_recipients"},
check_recipient_access ${mappedFile "reject_recipients"},
check_policy_service inet:localhost:12340,
check_policy_service unix:private/policy-spf