mail system cleanup

author: Gregor Kleen <pngwjpgh@users.noreply.github.com> 2016-11-07 13:19:17 +0100
committer: Gregor Kleen <pngwjpgh@users.noreply.github.com> 2016-11-07 13:19:17 +0100
commit: f0ab198279a86aaed6195032374e41074cd6b5e3 (patch)
tree: 621835740e5ce1b5d8928ff4154d424276a6df0a
parent: 853351a9738b18d9bdde789d63d3727c1a7e680f (diff)
download: nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar
nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar.gz
nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar.bz2
nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar.xz
nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.zip
1 files changed, 25 insertions, 16 deletions
diff --git a/ymir.nix b/ymir.nix
index 7d0622ff..3c7d8f70 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -392,10 +392,11 @@ in rec {
      # 10 GiB
      mailbox_size_limit = 10737418240
-      mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
+      mailbox_transport = lmtp:unix:private/dovecot-lmtp
+      #mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
      smtpd_sasl_type = dovecot
-      smtpd_sasl_path = auth
+      smtpd_sasl_path = private/dovecot-auth
      smtpd_sasl_auth_enable = yes
      smtpd_sasl_security_options = noanonymous, noplaintext
@@ -410,13 +411,13 @@ in rec {
        reject_unauth_pipelining,
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
-        check_policy_service unix:private/policy-quota,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_helo_hostname,
        reject_invalid_helo_hostname,
        reject_unknown_reverse_client_hostname,
        reject_unauth_destination,
+        reject_unverified_recipient,
        check_client_access regexp:${pkgs.writeText "spfpolicy" ''
          /(^|\.)tu-muenchen\.de$/ DUNNO
          /(^|\.)tum\.de$/ DUNNO
@@ -519,7 +520,7 @@ in rec {
  services.dovecot2 = {
    enable = true;
    enableImap = true;
-    enableLmtp = false;
+    enableLmtp = true;
    enablePop3 = false;
    enablePAM = true;
    sslServerCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
@@ -531,8 +532,16 @@ in rec {
      postmaster_address = postmaster@yggdrasil.li
      service auth {
-        unix_listener /var/lib/postfix/queue/auth {
+        unix_listener /var/lib/postfix/queue/private/dovecot-auth {
-          mode = 0660
+          mode = 0600
+          user = postfix
+          group = postfix
+        }
+      }
+      service lmtp {
+        unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
+          mode = 0600
          user = postfix
          group = postfix
        }
@@ -552,16 +561,16 @@ in rec {
        quota_status_nouser = DUNNO
      }
-      service quota-status {
+      # service quota-status {
-        executable = quota-status -p postfix
+      #   executable = quota-status -p postfix
-        unix_listener /var/lib/postfix/queue/private/policy-quota {
+      #   unix_listener /var/lib/postfix/queue/private/policy-quota {
-          mode = 0660
+      #     mode = 0660
-          user = postfix
+      #     user = postfix
-          group = postfix
+      #     group = postfix
-          # You can choose any port you want
+      #     # You can choose any port you want
-        }
+      #   }
-        client_limit = 1
+      #   client_limit = 1
-      }
+      # }
    '';
  };
  security.pam.services.dovecot2.text = ''
author	Gregor Kleen <pngwjpgh@users.noreply.github.com>	2016-11-07 13:19:17 +0100
committer	Gregor Kleen <pngwjpgh@users.noreply.github.com>	2016-11-07 13:19:17 +0100
commit	f0ab198279a86aaed6195032374e41074cd6b5e3 (patch)
tree	621835740e5ce1b5d8928ff4154d424276a6df0a
parent	853351a9738b18d9bdde789d63d3727c1a7e680f (diff)
download	nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar.gz nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar.bz2 nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.tar.xz nixos-f0ab198279a86aaed6195032374e41074cd6b5e3.zip