blob: 3ef3e9fb9cbc84aee237e08aa275c188bf777822 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
{ config, pkgs, ... }:
{
services.postfix = {
enable = true;
enableSmtp = true;
enableSubmission = false;
setSendmail = true;
networksStyle = "host";
hostname = "sif.midgard.yggdrasil";
destination = [];
relayHost = "uucp:ymir";
recipientDelimiter = "+";
masterConfig = {
uucp = {
type = "unix";
private = true;
privileged = true;
chroot = false;
command = "pipe";
args = [ "flags=Fqhu" "user=uucp" ''argv=${config.security.wrapperDir}/uux -z -a $sender - $nexthop!rmail ($recipient)'' ];
};
smtps = {
type = "unix";
private = true;
privileged = true;
chroot = false;
command = "smtp";
args = [ "-o" "smtp_tls_wrappermode=yes" "-o" "smtp_tls_security_level=encrypt" ];
};
};
transport = ''
odin.asgard.yggdrasil uucp:odin
'';
config = {
always_bcc = "gkleen+sent@odin.asgard.yggdrasil";
default_transport = "uucp:ymir";
inet_interfaces = "loopback-only";
authorized_submit_users = ["!uucp" "static:anyone"];
message_size_limit = "0";
sender_dependent_default_transport_maps = ''regexp:${pkgs.writeText "sender_relay" ''
/@(cip|stud)\.ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtp.ifi.lmu.de
/@ifi\.(lmu|uni-muenchen)\.de$/ smtp:smtpin1.ifi.lmu.de:587
/@math(ematik)?\.(lmu|uni-muenchen)\.de$/ smtps:smtp.math.lmu.de:465
/@(campus\.)?lmu\.de$/ smtp:postout.lrz.de
''}'';
sender_bcc_maps = ''regexp:${pkgs.writeText "sender_bcc" ''
/^uni2work(-[^@]*)?@ifi\.lmu\.de$/ uni2work@ifi.lmu.de
/@ifi\.lmu\.de$/ gregor.kleen@ifi.lmu.de
''}'';
smtp_sasl_auth_enable = true;
smtp_sender_dependent_authentication = true;
smtp_sasl_tls_security_options = "noanonymous";
smtp_sasl_mechanism_filter = ["plain"];
smtp_sasl_password_maps = "regexp:/var/db/postfix/sasl_passwd";
smtp_cname_overrides_servername = false;
smtp_always_send_ehlo = true;
smtp_tls_security_level = "dane";
smtp_tls_loglevel = "1";
smtp_dns_support_level = "dnssec";
};
};
sops.secrets.postfix-sasl-passwd = {
key = "sasl-passwd";
path = "/var/db/postfix/sasl_passwd";
owner = "postfix";
sopsFile = ./secrets.yaml;
};
}
|