wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity

[Draft] Fixes for the mail configuration #22

Merged
rouven0 merged 19 commits from mail into main 2023-04-03 23:19:32 +02:00
Conversation 3 Commits 19 Files changed 16 +21 -2
1 changed files with 21 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit dd6374d371 - Show all commits

21
modules/mail.nix
View file

@ -28,7 +28,7 @@ in
sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user; sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user;
networking.firewall.allowedTCPPorts = [ 25 465 993 ]; networking.firewall.allowedTCPPorts = [ 25 465 993 ];
users.users.postfix.extraGroups = ["opendkim"]; users.users.postfix.extraGroups = [ "opendkim" ];
services = { services = {
postfix = { postfix = {
@ -42,10 +42,29 @@ in
sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslKey = "/var/lib/acme/${hostname}/key.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem";
config = { config = {
smtp_use_tls = true;
smtp_tls_security_level = "encrypt";
smtpd_use_tls = true;
smtpd_tls_security_level = lib.mkForce "encrypt";
smtpd_tls_auth_only = true;
smtpd_tls_protocols = [
"!SSLv2"
"!SSLv3"
"!TLSv1"
"!TLSv1.1"
];
smtpd_recipient_restrictions = [ smtpd_recipient_restrictions = [
"permit_sasl_authenticated" "permit_sasl_authenticated"
"permit_mynetworks" "permit_mynetworks"
"reject_unauth_destination" "reject_unauth_destination"
"reject_non_fqdn_hostname"
"reject_non_fqdn_sender"
"reject_non_fqdn_recipient"
"reject_unknown_sender_domain"
"reject_unknown_recipient_domain"
"reject_unauth_destination"
"reject_unauth_pipelining"
"reject_invalid_hostname"
]; ];
smtpd_relay_restrictions = [ smtpd_relay_restrictions = [
"permit_sasl_authenticated" "permit_sasl_authenticated"