diff options
Diffstat (limited to 'modules/server/spectrum/postfix')
-rw-r--r-- | modules/server/spectrum/postfix/default.nix | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/modules/server/spectrum/postfix/default.nix b/modules/server/spectrum/postfix/default.nix new file mode 100644 index 000000000000..978cb47726e6 --- /dev/null +++ b/modules/server/spectrum/postfix/default.nix @@ -0,0 +1,71 @@ +{ pkgs, ... }: + +{ + services.postfix.enable = true; + services.postfix.enableSubmission = true; + services.postfix.hostname = "atuin.qyliss.net"; + services.postfix.config.smtp_tls_loglevel = "1"; + services.postfix.config.smtpd_forbid_bare_newline = true; + services.postfix.config.disable_mime_output_conversion = true; + services.postfix.sslCert = "/var/lib/acme/spectrum-os.org/fullchain.pem"; + services.postfix.sslKey = "/var/lib/acme/spectrum-os.org/key.pem"; + services.postfix.rootAlias = "hi@alyssa.is"; + services.postfix.relayDomains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; + services.postfix.config.transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; + services.postfix.localRecipients = []; # empty array causes NixOS to add $alias_maps + services.postfix.config.mailbox_command = "${pkgs.coreutils}/bin/false"; + services.postfix.config.local_recipient_maps = + [ "proxy:unix:passwd.byname" "hash:/var/lib/mailman/data/postfix_lmtp" ]; + + services.postfix.destination = + [ "atuin.qyliss.net" "qyliss.net" "spectrumos.org" "spectrum-os.org" ]; + services.postfix.extraAliases = '' + abuse: root + noc: root + security: root + hostmaster: root + usenet: root + news: root + webmaster: root + www: root + uucp: root + ftp: root + ''; + + services.postfix.enableHeaderChecks = true; + + # Local mail can be submitted without being filtered through SpamAssassin. + services.postfix.masterConfig."::1:smtp" = { + type = "inet"; + private = false; + command = "smtpd"; + }; + + services.postfix.masterConfig.smtp_inet.args = + [ "-o" "content_filter=spamassassin" ]; + + services.postfix.masterConfig.spamassassin = { + privileged = true; + chroot = false; + command = "pipe"; + args = [ + "user=postfix-spamc" + "argv=${pkgs.spamassassin}/bin/spamc" + "-f" + "-e" + "/run/wrappers/bin/sendmail" + "-oi" + "-f" + "\${sender}" + "\${recipient}" + ]; + }; + + networking.firewall.allowedTCPPorts = [ 25 ]; + + users.groups.postfix-spamc = {}; + users.users.postfix-spamc = { + group = "postfix-spamc"; + isSystemUser = true; + }; +} |