Robin Raymond
68232ddf87
Merge pull request #116 from phdoerfler/post-upgrade-check
...
Added option for automatic reboot after a kernel upgrade.
2018-05-10 13:06:46 +02:00
Robin Raymond
6d3ab77a5d
Merge pull request #114 from geistesk/message-id
...
Fog user's hostname in the Message-ID
2018-05-10 13:05:32 +02:00
Robin Raymond
02b0e867d2
Merge pull request #124 from nlewo/pr-dh.pem
...
postfix: also create the dh.pem if it is empty
2018-05-10 13:04:35 +02:00
Robin Raymond
e0907f489b
Merge pull request #117 from tokudan/reject_recipients
...
Allow rejecting mails to selected local addresses from remote systems
2018-05-10 13:02:37 +02:00
Antoine Eiche
e9dea6cdb4
postfix: also create the dh.pem if it is empty
...
The dh.pem file is currently created by the postfix prestart
script. If the entropy of the system is to low, the postfix prestart
can timeout. In this case, an empty file is created.
If the user restarts the postfix service, the dh.pem is not created
because the file already exists (but is empty).
When a ssl is established with dovecot, it fails with this message:
imap-login: `Error:Failed to initialize SSL server context: Couldn't parse DH parameters:
error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH
PARAMETERS`
With this patch, the postfix service creates the dh.pem if the dh.pem
doesn't exist or if it is empty. It doesn't fix the entropy or
timeout issue but at least, the user knows something is failing:/
2018-05-10 01:04:02 +02:00
Antoine Eiche
0f75894b4f
dkim: set header canonicalization to relaxed
...
Instead of simple canonicalization which is the default one.
Fixes #120
2018-05-04 19:55:25 +02:00
Daniel Frank
f613779999
Allow rejecting mails to selected local addresses from remote systems
2018-04-15 01:49:26 +02:00
Philipp Dörfler
610a4008dc
Added option for automatic reboot after a kernel upgrade.
2018-04-12 10:31:49 +00:00
geistesk
386faf960c
Fog user's hostname in the Message-ID
2018-04-09 22:14:17 +02:00
Robin Raymond
e4c6682eb9
Merge branch 'master' of github.com:r-raymond/nixos-mailserver
2018-04-08 15:28:58 +02:00
Robin Raymond
c28d7756c1
Merge pull request #101 from tokudan/mydestination
...
Avoid accepting mail to xyz@localhost from remote systems
2018-04-08 15:25:48 +02:00
geistesk
c0df22aaae
Support for multiple extraVirtualAliases
...
Should fix #104 by introducing
```
extraVirtualAliases = {
"single-alias@domain.foobar" = "user1@domain.foobar";
"multi-alias@domain.foobar" = [
"user1@domain.foobar" "user2@domain.foobar" ];
};
```
2018-04-03 11:52:03 +02:00
Philipp Dörfler
4f36b72dd6
Added dovecot option for mail_max_userip_connections defaulting to 100
2018-03-13 10:43:30 +00:00
Robin Raymond
e3a12093b7
Merge pull request #93 from phdoerfler/borgbackup
...
Added basic support for borgbackup
2018-03-10 18:20:19 +01:00
Daniel Frank
f283b6750b
Avoid accepting mail to xyz@localhost. Local email should be aliased to another user anyway.
2018-03-10 17:13:30 +01:00
Robin Raymond
f69081226d
Merge pull request #98 from tokudan/fix_backscatter
...
Avoid backscattering on unknown recipients. Fixes #97
2018-03-06 16:00:54 +01:00
Daniel Frank
330cc73089
Avoid backscattering on unknown recipients. Fixes #97
2018-03-05 20:29:02 +01:00
Robert Schütz
f9820b55ab
Don't include identity twice in vaccounts
...
fixes #94
2018-03-05 16:20:54 +01:00
Philipp Dörfler
b53364715d
Added basic support for borgbackup
2018-03-04 14:36:42 +00:00
Robin Raymond
c1c4706519
remove deprecated virtualAliases
2018-02-23 16:48:13 +01:00
Robin Raymond
d72b975a45
Merge branch 'v2.1-bugfixes'
2018-02-23 15:37:09 +01:00
Robin Raymond
6bdfdca0e3
fix typo
2018-02-23 15:36:29 +01:00
Robin Raymond
22caa012d6
Merge branch 'v2.1-bugfixes'
2018-02-23 14:57:22 +01:00
Robin Raymond
5d169c3ef2
fixes #88
2018-02-23 14:56:28 +01:00
Robin Raymond
a3043b2242
fixes #87
2018-02-23 14:52:11 +01:00
Robin Raymond
ea20d60ec1
possible fix for #86
2018-02-23 14:51:15 +01:00
Robin Raymond
c252ecb869
possible fix for #86
2018-02-22 23:12:39 +01:00
Robin Raymond
df25233fd4
merge 'basic rsnapshot backup'
2018-02-22 22:49:58 +01:00
Robin Raymond
ca9680403e
Merge pull request #56 from phdoerfler/monitoring
...
Added monitoring of disk space via monit
2018-02-22 22:45:02 +01:00
Philipp Dörfler
29cb68a216
Added monitoring of disk space and more with monit.
2018-02-22 20:33:55 +00:00
Philipp Dörfler
59b1fafefc
Added basic rsnapshot backup.
2018-02-22 20:33:27 +00:00
Philipp Dörfler
43d36d9b76
Dovecot: Mailbox config + hierarchy separator + FS layout.
...
- Factored mailbox config into its own option.
- Added hierarchy separator option.
- Added option for using FS layout.
2018-02-22 20:32:21 +00:00
Ruben Maher
929cac8f50
mail-server/users.nix: don't expand variables in sieve script
2018-02-19 09:32:40 +10:30
Robin Raymond
436cf0513b
add vitual mail users
2018-02-18 12:17:32 +01:00
Ruben Maher
5b570ad5a0
dovecot: read dovecot version into nix variable
...
This allows determining whether it's OK to use particular configuration
variables that will throw errors when used in older versions.
2018-02-17 22:24:39 +10:30
Robin Raymond
f6546a1a8e
fix dovecot 2.3 ssl_dh
2018-02-13 13:18:31 +01:00
Robin Raymond
b75575f02e
remove unbound
2018-02-09 15:02:28 +01:00
Robin Raymond
671f447015
Merge pull request #57 from phdoerfler/localnameserver
...
Added kresd as local nameserver so rspamd stops complaining
2018-02-09 15:00:09 +01:00
Robin Raymond
0f6de6ff57
remove clamav from packages, fixes #64
2018-02-01 09:14:21 +01:00
Robin Raymond
aca43875dc
update copywright
2018-01-29 10:34:27 +01:00
Robin Raymond
ba4eaed61d
related to #52
2018-01-29 10:24:53 +01:00
Philipp Dörfler
bc627f180a
Added kresd as local nameserver so rspamd stops complaining
2018-01-13 01:39:21 +00:00
Andrey Golovizin
ee479ae683
Run spam.sieve after user scripts
...
Allows the user to override or disable it, if necessary.
2018-01-07 14:05:16 +01:00
Andrey Golovizin
aeedb25daf
Use sieve_default option for sieveScript
...
https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration#Visible_Default_Script
2018-01-07 14:05:16 +01:00
Andrey Golovizin
a6d9604ea5
Fix Sieve script activation via ManageSieve
2018-01-07 14:05:16 +01:00
Andrey Golovizin
30e4f136fd
Add enableManageSieve option to open port 4190
2018-01-07 14:05:12 +01:00
Robin Raymond
eeb7fd64af
implement qutoas
2017-12-22 16:58:35 +01:00
Robin Raymond
2d0648e0f4
move from real users to passwd file
2017-12-22 16:08:42 +01:00
Ruben Maher
3a333ab71a
mail-server/postfix: add each loginAccount to virtual_alias_maps
2017-12-20 10:54:57 +10:30
Robin Raymond
fc9b63f0e6
add explicit catchAlls #49
2017-12-18 12:26:54 +01:00
geistesk
0091ae1761
Postfix: set hostname to FQDN
...
This should fix #43
2017-11-26 11:56:34 +01:00
Robin Raymond
160f3cbc9b
open port 80 when using LE certs. fixes #42
2017-11-26 07:59:31 +01:00
Robin Raymond
8ce3d42c13
implement extraVirtualAliases
2017-11-21 11:52:16 +01:00
Robin Raymond
67c29a561c
concat all valiases
2017-11-21 11:35:52 +01:00
Robin Raymond
d94b8acd78
implement alias list
2017-11-21 11:18:07 +01:00
Ruben Maher
d3fc1cccbd
mail-server/dovecot.nix: automatically subscribe to new mailboxes
...
When a mailbox is created by sieve or is delivered to directly by IMAP commands,
created IMAP folders are not subscribed to by dovecot. These configuration
options change that.
Acked-by: Ruben Maher <ruben@maher.fyi>
2017-11-21 08:32:55 +10:30
Ruben Maher
c2495e69f3
default.nix, mail-server/users.nix: add per-user sieve script
2017-11-20 09:04:32 +10:30
Robin Raymond
8b144b44b0
Merge pull request #39 from eqyiel/delete-comment
...
mail-server/nginx.nix: delete dangling comment
2017-11-19 08:37:32 +01:00
Ruben Maher
5f3c44b60f
mail-server/nginx.nix: delete dangling comment
2017-11-19 08:14:04 +10:30
Ruben Maher
cd85fd9d2f
s/vmailUIDStart/vmailUID/g
...
The name vmailUIDStart is not consistent with how it is being used (as the UID
of the vmail user).
2017-11-19 07:10:49 +10:30
Robin Raymond
5a851d837c
Merge pull request #31 from eqyiel/debug-option
...
Add debug option for verbose logging
2017-11-15 07:52:16 +01:00
Ruben Maher
f928924049
Add debug option for verbose logging
2017-11-15 08:22:46 +10:30
Robin Raymond
1d7e70c613
Merge pull request #33 from eqyiel/set-mydestination
...
mail-server/postfix.nix: set mydestination to localhost
2017-11-14 08:11:20 +01:00
Ruben Maher
f076a0af65
mail-server/postfix.nix: set mydestination to localhost
...
In the event that your `cfg.fqdn` is the same as a domain in `cfg.domains`, you
will not be able to receive mail for users like `user1@fqdn` because postfix
will try to deliver the mail locally.
2017-11-14 09:16:53 +10:30
Ruben Maher
43bd883cf6
mail-server/dovecot.nix: fix path to dovecot_maildir
2017-11-14 08:18:55 +10:30
Robin Raymond
b7c8c4ec3c
Merge pull request #30 from eqyiel/dovecot-indentation
...
mail-server/dovecot.nix: fix indentation
2017-11-13 15:07:08 +01:00
Ruben Maher
717dc36048
mail-server/dovecot.nix: fix indentation
2017-11-13 20:20:38 +10:30
Ruben Maher
7b3e33c49c
mail-server/networking.nix: make use of use lib.optional
2017-11-13 20:10:33 +10:30
Ruben Maher
5047c2982f
default.nix: add options to open ports 993 (IMAPS) and 995 (POP3S)
...
Dovecot is already configured to serve IMAPS on port 993 and POP3S on port 995.
2017-11-13 20:10:30 +10:30
Robin Raymond
d905be86d5
fix multidomain dkim signing fixes #24
2017-11-11 16:06:28 +01:00
Robin Raymond
b89d6e7b27
fix fqdn in smtp banner
2017-11-11 14:19:05 +01:00
John Boehr
16fb41de01
Change domain to fqdn and extraDomains to domains
2017-11-11 09:45:06 +00:00
John Boehr
a745abaa8e
Reload postfix and dovecot2
2017-11-09 14:32:33 -08:00
John Boehr
f372754052
Qualify user names
2017-11-09 14:17:03 -08:00
John Boehr
bbca0bd678
Fix a few issues with ACME certs
2017-11-09 13:16:06 -08:00
John Boehr
ebd0f656ed
Preliminary multi-domain support
2017-11-09 13:13:27 -08:00
Robin Raymond
3d2f41dedc
jbboehr's fix for #21
2017-11-09 08:23:13 +01:00
Robin Raymond
431dcc3b0a
Merge pull request #20 from eqyiel/fix-gid-start
...
users.nix: ensure the group getting its gid set is vmailGroupName
2017-11-05 10:47:56 +01:00
Ruben Maher
8372b85369
users.nix: ensure the group getting its gid set is vmailGroupName
2017-11-05 19:15:56 +10:30
Ruben Maher
e91d237d81
Fix r-raymond/nixos-mailserver#18
2017-11-05 19:12:39 +10:30
Robin Raymond
bbdcdfc0a7
fix vmail bug
2017-10-18 09:20:44 +02:00
Robin Raymond
6ac36a1092
changing names
2017-10-18 09:10:51 +02:00
Robin Raymond
9f40c38bc6
remove variables from vmail user
2017-10-18 09:09:04 +02:00
Robin Raymond
2f7e3a9f0c
initial acme support; needs testing
2017-09-23 09:56:09 +02:00
Robin Raymond
b06775cef7
add vmail user name again - otherwise postfix errors on startup
2017-09-22 18:57:14 +02:00
Robin Raymond
c574d0ea03
remove name from vmail user
2017-09-21 16:14:15 +02:00
Robin Raymond
5915f4412d
trying to fix travisci bug
2017-09-21 16:11:46 +02:00
Robin Raymond
12f16b2239
remove hostname from config, it breaks tests
2017-09-21 10:59:56 +02:00
r-raymond
bc48b701c8
Merge pull request #15 from phdoerfler/patch-3
...
Added header filtering for removing sensitive information.
2017-09-20 15:31:06 +02:00
Robin Raymond
875db33579
comments on extra lines
2017-09-20 09:26:42 +02:00
Philipp Dörfler
4e5dd5db95
Removed superflous tls_auth_only = yes
2017-09-20 09:00:17 +02:00
Philipp Dörfler
893c6db5cd
Now using pkgs.writeText
...
this places header cleanup rules into /store out of /etc and avoids the name clash.
2017-09-20 08:38:40 +02:00
Philipp Dörfler
16e31c6a0d
Added header filtering for removing sensitive information.
2017-09-20 00:05:01 +02:00
Philipp Dörfler
46d14bcdf0
Increased security of TLS encryption
2017-09-19 23:54:40 +02:00
Robin Raymond
b98654f99a
fixes #9
2017-09-14 10:56:22 +02:00
Robin Raymond
e226ed7fea
remove obsolete comment
2017-09-13 15:24:11 +02:00
Robin Raymond
4b8669b2fe
include junk sieve script
2017-09-13 13:06:44 +02:00
Robin Raymond
303448376b
add sieve support to dovecot
2017-09-13 12:36:35 +02:00
Robin Raymond
ba9db7cb3a
fix missing rspamd service and activate extended xspam headers
2017-09-13 12:22:50 +02:00
Robin Raymond
73be826cca
add redis and max_size to rmilter config to silence warning
2017-09-13 11:55:30 +02:00
Robin Raymond
bf7099d389
fix issue #8
...
turns out this is a upstream bug. The fix should probably be pushed to nixpkgs.
2017-09-13 11:49:33 +02:00
Philipp Dörfler
71d6d41f9b
Fixed issue #6
2017-09-12 22:47:13 +02:00
Robin Raymond
d974be81e0
revert script exctraction
2017-09-03 16:20:47 +02:00
Robin Raymond
0c20bb3a85
move scripts to external files
2017-09-03 16:00:10 +02:00
Robin Raymond
0c414738e1
fix merge bug in systemd
2017-09-03 15:56:36 +02:00
Robin Raymond
1e0c203bf8
Merge branch 'module-rewrite'
2017-09-03 15:31:37 +02:00
Robin Raymond
aa31e8fda6
add file missing in last commit
2017-09-03 11:15:18 +02:00
Robin Raymond
e5d3786ff5
tyding up code
2017-09-03 11:15:01 +02:00
Robin Raymond
28225fb1d6
complete module rewrite
2017-09-03 11:13:34 +02:00
Robin Raymond
3eb363fc71
systemd to module
2017-09-02 15:08:50 +02:00
Robin Raymond
9ac491f87d
networking to module
2017-09-02 14:58:33 +02:00
Robin Raymond
201c532a67
environment to module
2017-09-02 14:04:07 +02:00
Robin Raymond
26ac134660
make users into module
2017-09-02 13:58:42 +02:00
Robin Raymond
ebb2a5caf7
camelCase 2
2017-09-02 13:29:49 +02:00
Robin Raymond
b5fccc7e39
camelCase
2017-09-02 13:23:37 +02:00
Robin Raymond
061054926d
make clamav a module
2017-09-02 12:59:07 +02:00
Robin Raymond
256d2c75a6
update comments
2017-09-02 12:15:22 +02:00
Danylo Hlynskyi
c6e2de7180
don't enable firewall by default
...
It is default ON in NixOS and will conflict with `firewall.enable = false`, which some user may intentionally set.
In my opinion it is very high-level option to be set automatically.
Also, people who really don't want firewall, just do `lib.mkForce false` and won't even notice that this module requires it.
2017-08-31 14:42:14 +03:00
Robin Raymond
b0ae2de5f4
Merge branch 'master' of https://github.com/Infinisil/nixos-mailserver into module-rewrite
2017-08-31 10:49:01 +02:00
Robin Raymond
42c4e18438
remove unnecessary after field in systemd
2017-08-30 15:56:24 +02:00
Silvan Mosberger
692a677194
make configuration a nixos module
2017-08-30 15:09:38 +02:00
Robin Raymond
bb4717bf0b
fix typo in opendkim key generation
2017-08-30 14:29:06 +02:00
Robin Raymond
d05bd24040
make dovecot wait for postfix instead of other way around
2017-08-23 17:34:34 +02:00
Robin Raymond
dbd8b88aca
remove obsolete opendkim service
2017-08-23 17:29:51 +02:00
Robin Raymond
8551dcffff
enable dkim signing
2017-08-23 17:22:44 +02:00
Robin Raymond
7d4809038f
add virus scanning
2017-08-13 21:51:07 +02:00
Robin Raymond
f51811b236
add password hashes
2017-08-13 15:51:41 +02:00
Robin Raymond
ecd73f4e1c
firewall respects settings
2017-08-13 14:20:02 +02:00
Robin Raymond
72f45af1ca
fix submission port
2017-08-13 14:05:40 +02:00
Robin Raymond
b68e64ec72
certificate scheme 2
...
On the fly create certificates via openssl (Maybe change this to
libressl in the future?). This is probably the best scheme to get
something that simply works. Self signed certificates only pose a
problem when connecting to retrieve the email via imap or pop3.
2017-08-13 11:51:07 +02:00
Robin Raymond
be5d8c09d8
add rmilter and certificate files
2017-08-12 18:27:22 +02:00
Robin Raymond
f3f30f2f24
add documentation
2017-08-12 16:41:43 +02:00
Robin Raymond
f8b5e03b78
get postfix working
...
I still have to decide what to do with the certificate file
2017-08-12 16:14:16 +02:00
Robin Raymond
1d53a88a21
finish up dovecot configuration
...
also factor out users into own file
2017-08-12 12:28:46 +02:00
Robin Raymond
e63b6ebda9
create maildir folder
2017-08-12 11:47:52 +02:00
Robin Raymond
60574841c6
restructuring; now works with 17.03/17.09-pre
...
I had to remove some of the features, they need to be slowely added in
again.
2017-08-12 11:27:19 +02:00
Robin Raymond
938158b3a6
fix arguments of functions
2017-08-11 14:05:58 +02:00
Robin Raymond
5faac4d735
factors out postfix
2016-07-25 17:48:40 +02:00
Robin Raymond
00649f7222
seperate dovecot into own file
2016-07-25 17:40:58 +02:00