about summary refs log tree commit diff
path: root/modules/server/spectrum/postfix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/server/spectrum/postfix')
-rw-r--r--modules/server/spectrum/postfix/default.nix71
1 files changed, 71 insertions, 0 deletions
diff --git a/modules/server/spectrum/postfix/default.nix b/modules/server/spectrum/postfix/default.nix
new file mode 100644
index 000000000000..978cb47726e6
--- /dev/null
+++ b/modules/server/spectrum/postfix/default.nix
@@ -0,0 +1,71 @@
+{ pkgs, ... }:
+
+{
+  services.postfix.enable = true;
+  services.postfix.enableSubmission = true;
+  services.postfix.hostname = "atuin.qyliss.net";
+  services.postfix.config.smtp_tls_loglevel = "1";
+  services.postfix.config.smtpd_forbid_bare_newline = true;
+  services.postfix.config.disable_mime_output_conversion = true;
+  services.postfix.sslCert = "/var/lib/acme/spectrum-os.org/fullchain.pem";
+  services.postfix.sslKey = "/var/lib/acme/spectrum-os.org/key.pem";
+  services.postfix.rootAlias = "hi@alyssa.is";
+  services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ];
+  services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ];
+  services.postfix.localRecipients = []; # empty array causes NixOS to add $alias_maps
+  services.postfix.config.mailbox_command = "${pkgs.coreutils}/bin/false";
+  services.postfix.config.local_recipient_maps =
+    [ "proxy:unix:passwd.byname" "hash:/var/lib/mailman/data/postfix_lmtp" ];
+
+  services.postfix.destination =
+    [ "atuin.qyliss.net" "qyliss.net" "spectrumos.org" "spectrum-os.org" ];
+  services.postfix.extraAliases = ''
+    abuse: root
+    noc: root
+    security: root
+    hostmaster: root
+    usenet: root
+    news: root
+    webmaster: root
+    www: root
+    uucp: root
+    ftp: root
+  '';
+
+  services.postfix.enableHeaderChecks = true;
+
+  # Local mail can be submitted without being filtered through SpamAssassin.
+  services.postfix.masterConfig."::1:smtp" = {
+    type = "inet";
+    private = false;
+    command = "smtpd";
+  };
+
+  services.postfix.masterConfig.smtp_inet.args =
+    [ "-o" "content_filter=spamassassin" ];
+
+  services.postfix.masterConfig.spamassassin = {
+    privileged = true;
+    chroot = false;
+    command = "pipe";
+    args = [
+      "user=postfix-spamc"
+      "argv=${pkgs.spamassassin}/bin/spamc"
+      "-f"
+      "-e"
+      "/run/wrappers/bin/sendmail"
+      "-oi"
+      "-f"
+      "\${sender}"
+      "\${recipient}"
+    ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 25 ];
+
+  users.groups.postfix-spamc = {};
+  users.users.postfix-spamc = {
+    group = "postfix-spamc";
+    isSystemUser = true;
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-04 18:08:51 +0000