diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2019-02-10 19:01:29 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2019-02-10 19:01:29 +0100 |
| commit | ee59ed6d96f7647668a5a569f8d1553c395decec (patch) | |
| tree | 7c30e0f27bccd2cc7987384d12d065f78604a437 /ymir.nix | |
| parent | 973decde79d05d0a41e81c0ed0cdb9fb90b0df4f (diff) | |
| download | nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.gz nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.bz2 nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.xz nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.zip | |
...
Diffstat (limited to 'ymir.nix')
| -rw-r--r-- | ymir.nix | 31 |
1 files changed, 5 insertions, 26 deletions
| @@ -560,24 +560,7 @@ in rec { | |||
| 560 | "reject_non_fqdn_helo_hostname" | 560 | "reject_non_fqdn_helo_hostname" |
| 561 | "reject_invalid_helo_hostname" | 561 | "reject_invalid_helo_hostname" |
| 562 | "reject_unauth_destination" | 562 | "reject_unauth_destination" |
| 563 | ''check_client_access regexp:${pkgs.writeText "spfpolicy" '' | ||
| 564 | /(^|\.)tu-muenchen\.de$/ DUNNO | ||
| 565 | /(^|\.)tum\.de$/ DUNNO | ||
| 566 | /(^|\.)lmu\.de$/ DUNNO | ||
| 567 | /(^|\.)uni-muenchen\.de$/ DUNNO | ||
| 568 | /(^|\.)lrz\.de$/ DUNNO | ||
| 569 | /(^|\.)badw-muenchen\.de$/ DUNNO | ||
| 570 | /(^|\.)badw\.de$/ DUNNO | ||
| 571 | /(^|\.)hm\.edu$/ DUNNO | ||
| 572 | /(^|\.)hswt\.de$/ DUNNO | ||
| 573 | /(^|\.)mhn\.de$/ DUNNO | ||
| 574 | /(^|\.)mwn\.de$/ DUNNO | ||
| 575 | /(^|\.)boulderwelt\.de$/ DUNNO | ||
| 576 | /.*/ spfcheck | ||
| 577 | ''}'' | ||
| 578 | ]; | 563 | ]; |
| 579 | smtpd_restriction_classes = "spfcheck"; | ||
| 580 | spfcheck = "check_policy_service unix:private/policy-spf"; | ||
| 581 | 564 | ||
| 582 | smtpd_relay_restrictions = [ | 565 | smtpd_relay_restrictions = [ |
| 583 | "permit_mynetworks" | 566 | "permit_mynetworks" |
| @@ -587,7 +570,6 @@ in rec { | |||
| 587 | 570 | ||
| 588 | mlmmj_destination_recipient_limit = "1"; | 571 | mlmmj_destination_recipient_limit = "1"; |
| 589 | mlmmj-subs_destination_recipient_limit = "1"; | 572 | mlmmj-subs_destination_recipient_limit = "1"; |
| 590 | policy-spf_time_limit = "3600s"; | ||
| 591 | propagate_unmatched_extensions = ["canonical" "virtual" "alias"]; | 573 | propagate_unmatched_extensions = ["canonical" "virtual" "alias"]; |
| 592 | smtpd_authorized_verp_clients = "$authorized_verp_clients"; | 574 | smtpd_authorized_verp_clients = "$authorized_verp_clients"; |
| 593 | authorized_verp_clients = "$mynetworks"; | 575 | authorized_verp_clients = "$mynetworks"; |
| @@ -648,14 +630,6 @@ in rec { | |||
| 648 | command = "pipe"; | 630 | command = "pipe"; |
| 649 | args = [ "flags=Fqhu" "user=mlmmj" ''argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /srv/mail/lists/''${user} ''${extension}'' ]; | 631 | args = [ "flags=Fqhu" "user=mlmmj" ''argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /srv/mail/lists/''${user} ''${extension}'' ]; |
| 650 | }; | 632 | }; |
| 651 | policy-spf = { | ||
| 652 | type = "unix"; | ||
| 653 | private = true; | ||
| 654 | privileged = true; | ||
| 655 | chroot = false; | ||
| 656 | command = "spawn"; | ||
| 657 | args = [ "user=nobody" "argv=${pkgs.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}" ]; | ||
| 658 | }; | ||
| 659 | }; | 633 | }; |
| 660 | networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; | 634 | networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; |
| 661 | }; | 635 | }; |
| @@ -1116,5 +1090,10 @@ in rec { | |||
| 1116 | ''; | 1090 | ''; |
| 1117 | }; | 1091 | }; |
| 1118 | }; | 1092 | }; |
| 1093 | locals = { | ||
| 1094 | "milter_headers.conf".text = '' | ||
| 1095 | extended_spam_headers = true; | ||
| 1096 | ''; | ||
| 1097 | }; | ||
| 1119 | }; | 1098 | }; |
| 1120 | } | 1099 | } |