smtp auth

author: Gregor Kleen <gkleen@yggdrasil.li> 2016-04-27 17:41:25 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2016-04-27 17:41:25 +0200
commit: 63758d900960edbad9c64e62de1f48352acd9036 (patch)
tree: 348cd6f3964f0f5c27e7f039863266dd36c1a688 /ymir.nix
parent: 4e3549eb2bcd6817dcbd52791815c322140c1140 (diff)
download: nixos-63758d900960edbad9c64e62de1f48352acd9036.tar
nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.gz
nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.bz2
nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.xz
nixos-63758d900960edbad9c64e62de1f48352acd9036.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/ymir.nix b/ymir.nix
index e90e59f7..2eedb641 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -327,6 +327,14 @@ in rec {
      mailbox_size_limit = 10737418240
      mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
+      smtpd_sasl_type = dovecot
+      smtpd_sasl_path = ../data/auth
+      smtpd_sasl_auth_enable = yes
+      smtpd_sasl_security_options = noanonymous, noplaintext
+      smtpd_sasl_tls_security_options = noanonymous
+      smtpd_tls_auth_only = yes
    '';
    extraMasterConf = ''
      uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)
@@ -343,8 +351,20 @@ in rec {
    sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem";
    extraConfig = ''
      postmaster_address = postmaster@yggdrasil.li
+      service auth {
+        unix_listener /var/lib/postfix/data/auth {
+          mode = 0660
+          user = postfix
+          group = postfix
+        }
+      }
    '';
  };
+  security.pam.services.dovecot2.text = ''
+    auth requisite  pam_succeed_if.so user ingroup mail
+    auth required   pam_unix.so audit
+  '';
  security.acme = {
    certs = {
author	Gregor Kleen <gkleen@yggdrasil.li>	2016-04-27 17:41:25 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2016-04-27 17:41:25 +0200
commit	63758d900960edbad9c64e62de1f48352acd9036 (patch)
tree	348cd6f3964f0f5c27e7f039863266dd36c1a688 /ymir.nix
parent	4e3549eb2bcd6817dcbd52791815c322140c1140 (diff)
download	nixos-63758d900960edbad9c64e62de1f48352acd9036.tar nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.gz nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.bz2 nixos-63758d900960edbad9c64e62de1f48352acd9036.tar.xz nixos-63758d900960edbad9c64e62de1f48352acd9036.zip

diff --git a/ymir.nix b/ymir.nix index e90e59f7..2eedb641 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -327,6 +327,14 @@ in rec {
327	mailbox_size_limit = 10737418240	327	mailbox_size_limit = 10737418240
328		328
329	mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"	329	mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
		330
		331	smtpd_sasl_type = dovecot
		332	smtpd_sasl_path = ../data/auth
		333
		334	smtpd_sasl_auth_enable = yes
		335	smtpd_sasl_security_options = noanonymous, noplaintext
		336	smtpd_sasl_tls_security_options = noanonymous
		337	smtpd_tls_auth_only = yes
330	'';	338	'';
331	extraMasterConf = ''	339	extraMasterConf = ''
332	uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)	340	uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)
@@ -343,8 +351,20 @@ in rec {
343	sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem";	351	sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem";
344	extraConfig = ''	352	extraConfig = ''
345	postmaster_address = postmaster@yggdrasil.li	353	postmaster_address = postmaster@yggdrasil.li
		354
		355	service auth {
		356	unix_listener /var/lib/postfix/data/auth {
		357	mode = 0660
		358	user = postfix
		359	group = postfix
		360	}
		361	}
346	'';	362	'';
347	};	363	};
		364	security.pam.services.dovecot2.text = ''
		365	auth requisite pam_succeed_if.so user ingroup mail
		366	auth required pam_unix.so audit
		367	'';
348		368
349	security.acme = {	369	security.acme = {
350	certs = {	370	certs = {