summaryrefslogtreecommitdiff
path: root/hosts/surtr/email
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/email')
-rw-r--r--hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py2
-rw-r--r--hosts/surtr/email/default.nix13
2 files changed, 13 insertions, 2 deletions
diff --git a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
index dac3054a..7c931559 100644
--- a/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
+++ b/hosts/surtr/email/ccert-policy-server/ccert_policy_server/__main__.py
@@ -48,7 +48,7 @@ class PolicyHandler(StreamRequestHandler):
48 cur.row_factory = namedtuple_row 48 cur.row_factory = namedtuple_row
49 49
50 if relay_eligible: 50 if relay_eligible:
51 cur.execute('SELECT EXISTS(SELECT true FROM "mailbox" INNER JOIN "relay_access" ON "mailbox".id = "relay_access"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("domain" = %(domain)s OR "domain" ilike CONCAT("%%_.", %(domain)s))) as "exists"', params = {'user': user, 'domain': domain}) 51 cur.execute('SELECT EXISTS(SELECT true FROM "mailbox" INNER JOIN "relay_access" ON "mailbox".id = "relay_access"."mailbox" WHERE "mailbox"."mailbox" = %(user)s AND ("domain" = %(domain)s OR %(domain)s ilike CONCAT(\'%%_.\', "domain"))) as "exists"', params = {'user': user, 'domain': domain})
52 if (row := cur.fetchone()) is not None: 52 if (row := cur.fetchone()) is not None:
53 allowed = row.exists 53 allowed = row.exists
54 54
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 0a42b808..c993bb18 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -275,6 +275,17 @@ in {
275 postscreen_access_list = ""; 275 postscreen_access_list = "";
276 postscreen_denylist_action = "drop"; 276 postscreen_denylist_action = "drop";
277 postscreen_greet_action = "enforce"; 277 postscreen_greet_action = "enforce";
278
279 sender_bcc_maps = ''pgsql:${pkgs.writeText "sender_bcc_maps.cf" ''
280 hosts = postgresql:///email
281 dbname = email
282 query = SELECT value FROM sender_bcc_maps WHERE key = '%s'
283 ''}'';
284 recipient_bcc_maps = ''pgsql:${pkgs.writeText "recipient_bcc_maps.cf" ''
285 hosts = postgresql:///email
286 dbname = email
287 query = SELECT value FROM recipient_bcc_maps WHERE key = '%s'
288 ''}'';
278 }; 289 };
279 masterConfig = { 290 masterConfig = {
280 "465" = { 291 "465" = {
@@ -392,7 +403,7 @@ in {
392 enable = true; 403 enable = true;
393 user = "postfix"; group = "postfix"; 404 user = "postfix"; group = "postfix";
394 socket = "local:/run/opendkim/opendkim.sock"; 405 socket = "local:/run/opendkim/opendkim.sock";
395 domains = ''csl:${concatStringsSep "," (["surtr.yggdrasil.li"] ++ emailDomains)}''; 406 domains = ''csl:${concatStringsSep "," (["surtr.yggdrasil.li" "yggdrasil.li" "141.li" "kleen.li" "synapse.li" "praseodym.org"] ++ emailDomains)}'';
396 selector = "surtr"; 407 selector = "surtr";
397 configFile = builtins.toFile "opendkim.conf" '' 408 configFile = builtins.toFile "opendkim.conf" ''
398 Syslog true 409 Syslog true
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-08 00:40:40 +0000