diff options
| author | Peter Simons <simons@cryp.to> | 2019-07-15 13:52:26 +0200 |
|---|---|---|
| committer | Peter Simons <simons@cryp.to> | 2019-07-15 17:36:20 +0200 |
| commit | 59bacaca3d61d2fe19ea22fa18e493ec7413743e (patch) | |
| tree | 3192cee92803b57febee2b1b34e0aea9bf0b40cb /nixos/modules/services | |
| parent | b43744b933074157273bd0f9490a46fcb601ee78 (diff) | |
| download | nixlib-59bacaca3d61d2fe19ea22fa18e493ec7413743e.tar nixlib-59bacaca3d61d2fe19ea22fa18e493ec7413743e.tar.gz nixlib-59bacaca3d61d2fe19ea22fa18e493ec7413743e.tar.bz2 nixlib-59bacaca3d61d2fe19ea22fa18e493ec7413743e.tar.lz nixlib-59bacaca3d61d2fe19ea22fa18e493ec7413743e.tar.xz nixlib-59bacaca3d61d2fe19ea22fa18e493ec7413743e.tar.zst nixlib-59bacaca3d61d2fe19ea22fa18e493ec7413743e.zip | |
nixos: add 'localRecipients' config option for Postfix
The new option services.postfix.localRecipients allows configuring the postfix option 'local_recipient_maps'. When set to a list of user names (or patterns), that map effectively replaces the lookup in the system's user database that's used by default to determine which local users are valid. This option is useful to explicitly set local users that are allowed to receive e-mail from the outside world. For local injection i.e. via the 'sendmail' command this option has no effect.
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/mail/postfix.nix | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index d43733484ffa..dab1b29aa4be 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -13,6 +13,7 @@ let || cfg.extraAliases != ""; haveTransport = cfg.transport != ""; haveVirtual = cfg.virtual != ""; + haveLocalRecipients = cfg.localRecipients != null; clientAccess = optional (cfg.dnsBlacklistOverrides != "") @@ -244,6 +245,7 @@ let aliasesFile = pkgs.writeText "postfix-aliases" aliases; virtualFile = pkgs.writeText "postfix-virtual" cfg.virtual; + localRecipientMapFile = pkgs.writeText "postfix-local-recipient-map" (concatMapStrings (x: x + " ACCEPT\n") cfg.localRecipients); checkClientAccessFile = pkgs.writeText "postfix-check-client-access" cfg.dnsBlacklistOverrides; mainCfFile = pkgs.writeText "postfix-main.cf" mainCf; masterCfFile = pkgs.writeText "postfix-master.cf" masterCfContent; @@ -506,6 +508,19 @@ in ''; }; + localRecipients = mkOption { + type = with types; nullOr (listOf string); + default = null; + description = '' + List of accepted local users. Specify a bare username, an + <literal>"@domain.tld"</literal> wild-card, or a complete + <literal>"user@domain.tld"</literal> address. If set, these names end + up in the local recipient map -- see the local(8) man-page -- and + effectively replace the system user database lookup that's otherwise + used by default. + ''; + }; + transport = mkOption { default = ""; description = " @@ -742,6 +757,7 @@ in // optionalAttrs haveAliases { alias_maps = [ "${cfg.aliasMapType}:/etc/postfix/aliases" ]; } // optionalAttrs haveTransport { transport_maps = [ "hash:/etc/postfix/transport" ]; } // optionalAttrs haveVirtual { virtual_alias_maps = [ "${cfg.virtualMapType}:/etc/postfix/virtual" ]; } + // optionalAttrs haveLocalRecipients { local_recipient_maps = [ "hash:/etc/postfix/local_recipients" ] ++ optional haveAliases "$alias_maps"; } // optionalAttrs (cfg.dnsBlacklists != []) { smtpd_client_restrictions = clientRestrictions; } // optionalAttrs cfg.useSrs { sender_canonical_maps = [ "tcp:127.0.0.1:10001" ]; @@ -869,6 +885,9 @@ in (mkIf haveVirtual { services.postfix.mapFiles."virtual" = virtualFile; }) + (mkIf haveLocalRecipients { + services.postfix.mapFiles."local_recipients" = localRecipientMapFile; + }) (mkIf cfg.enableHeaderChecks { services.postfix.mapFiles."header_checks" = headerChecksFile; }) |