From 628e4149dc3465c909564bc4a1fd861cf6de9e99 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 10 Feb 2019 19:42:38 +0100
Subject: ...

---
 ymir.nix | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 4983dd43..6f65fb03 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -604,6 +604,16 @@ in rec {
       sender_canonical_classes = "envelope_sender";
       recipient_canonical_maps = "tcp:localhost:10002";
       recipient_canonical_classes = ["envelope_recipient" "header_recipient"];
+
+      smtpd_discard_ehlo_keyword_address_maps = "cidr:${pkgs.writeText "esmtp_access" ''
+        # Allow DSN requests from local subnet only
+        192.168.0.0/16      silent-discard
+        172.16.0.0/12       silent-discard
+        10.0.0.0/8          silent-discard
+        0.0.0.0/0           silent-discard, dsn
+        fd00::/8            silent-discard
+        ::/0                silent-discard, dsn
+      ''}";
     };
     masterConfig = {
       uucp = {
@@ -683,18 +693,6 @@ in rec {
     '';
   };
 
-  services.postgrey = {
-    enable = false;
-    socket = {
-      path = "/var/lib/postfix/queue/private/policy-greylist";
-      mode = "0777";
-    };
-    delay = 60;
-    autoWhitelist = 1;
-    maxAge = 7;
-    retryWindow = 1;
-  };
-
   services.dovecot2 = {
     enable = true;
     enableImap = true;
@@ -1092,8 +1090,14 @@ in rec {
     };
     locals = {
       "milter_headers.conf".text = ''
-        extended_spam_headers = true;
+        use = ["authentication-results", "x-spamd-bar", "x-stat-signature"];
+      '';
+      "actions.conf".text = ''
+        reject = 150;
+        add_header = 6;
+        greylist = 4;
       '';
     };
   };
+
 }
-- 
cgit v1.2.3