From f0ab198279a86aaed6195032374e41074cd6b5e3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 7 Nov 2016 13:19:17 +0100
Subject: mail system cleanup

---
 ymir.nix | 41 +++++++++++++++++++++++++----------------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 7d0622ff..3c7d8f70 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -392,10 +392,11 @@ in rec {
       # 10 GiB
       mailbox_size_limit = 10737418240
 
-      mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
+      mailbox_transport = lmtp:unix:private/dovecot-lmtp
+      #mailbox_command = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"
 
       smtpd_sasl_type = dovecot
-      smtpd_sasl_path = auth
+      smtpd_sasl_path = private/dovecot-auth
 
       smtpd_sasl_auth_enable = yes
       smtpd_sasl_security_options = noanonymous, noplaintext
@@ -410,13 +411,13 @@ in rec {
         reject_unauth_pipelining,
         reject_non_fqdn_recipient,
         reject_unknown_recipient_domain,
-        check_policy_service unix:private/policy-quota,
         permit_mynetworks,
         permit_sasl_authenticated,
         reject_non_fqdn_helo_hostname,
         reject_invalid_helo_hostname,
         reject_unknown_reverse_client_hostname,
         reject_unauth_destination,
+        reject_unverified_recipient,
         check_client_access regexp:${pkgs.writeText "spfpolicy" ''
           /(^|\.)tu-muenchen\.de$/ DUNNO
           /(^|\.)tum\.de$/ DUNNO
@@ -519,7 +520,7 @@ in rec {
   services.dovecot2 = {
     enable = true;
     enableImap = true;
-    enableLmtp = false;
+    enableLmtp = true;
     enablePop3 = false;
     enablePAM = true;
     sslServerCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
@@ -531,8 +532,16 @@ in rec {
       postmaster_address = postmaster@yggdrasil.li
 
       service auth {
-        unix_listener /var/lib/postfix/queue/auth {
-          mode = 0660
+        unix_listener /var/lib/postfix/queue/private/dovecot-auth {
+          mode = 0600
+          user = postfix
+          group = postfix
+        }
+      }
+
+      service lmtp {
+        unix_listener /var/lib/postfix/queue/private/dovecot-lmtp {
+          mode = 0600
           user = postfix
           group = postfix
         }
@@ -552,16 +561,16 @@ in rec {
         quota_status_nouser = DUNNO
       }
 
-      service quota-status {
-        executable = quota-status -p postfix
-        unix_listener /var/lib/postfix/queue/private/policy-quota {
-          mode = 0660
-          user = postfix
-          group = postfix
-          # You can choose any port you want
-        }
-        client_limit = 1
-      }
+      # service quota-status {
+      #   executable = quota-status -p postfix
+      #   unix_listener /var/lib/postfix/queue/private/policy-quota {
+      #     mode = 0660
+      #     user = postfix
+      #     group = postfix
+      #     # You can choose any port you want
+      #   }
+      #   client_limit = 1
+      # }
     '';
   };
   security.pam.services.dovecot2.text = ''
-- 
cgit v1.2.3