2024-03-17 18:48:49 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
2023-11-03 14:45:29 +00:00
|
|
|
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 25 ]; # smtp with other hosts
|
2023-11-03 09:26:11 +00:00
|
|
|
environment.systemPackages = [ pkgs.deltachat-desktop ];
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
services.maddy =
|
|
|
|
let
|
2024-03-06 08:43:50 +00:00
|
|
|
domain = "${config.clanCore.machineName}.local";
|
2023-11-14 17:30:17 +00:00
|
|
|
in
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
primaryDomain = domain;
|
|
|
|
config = ''
|
|
|
|
# Minimal configuration with TLS disabled, adapted from upstream example
|
|
|
|
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
|
|
|
|
# Do not use this in unencrypted networks!
|
2023-11-03 09:26:11 +00:00
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
auth.pass_table local_authdb {
|
|
|
|
table sql_table {
|
|
|
|
driver sqlite3
|
|
|
|
dsn credentials.db
|
|
|
|
table_name passwords
|
|
|
|
}
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
storage.imapsql local_mailboxes {
|
|
|
|
driver sqlite3
|
|
|
|
dsn imapsql.db
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
table.chain local_rewrites {
|
|
|
|
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
|
|
|
|
optional_step static {
|
|
|
|
entry postmaster postmaster@$(primary_domain)
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
2023-11-14 17:30:17 +00:00
|
|
|
optional_step file /etc/maddy/aliases
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
msgpipeline local_routing {
|
2023-11-03 09:26:11 +00:00
|
|
|
destination postmaster $(local_domains) {
|
2023-11-14 17:30:17 +00:00
|
|
|
modify {
|
|
|
|
replace_rcpt &local_rewrites
|
|
|
|
}
|
|
|
|
deliver_to &local_mailboxes
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
|
|
|
default_destination {
|
|
|
|
reject 550 5.1.1 "User doesn't exist"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
smtp tcp://[::]:25 {
|
|
|
|
limits {
|
|
|
|
all rate 20 1s
|
|
|
|
all concurrency 10
|
|
|
|
}
|
|
|
|
dmarc yes
|
2023-11-03 09:26:11 +00:00
|
|
|
check {
|
2023-11-14 17:30:17 +00:00
|
|
|
require_mx_record
|
|
|
|
dkim
|
|
|
|
spf
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
2023-11-14 17:30:17 +00:00
|
|
|
source $(local_domains) {
|
|
|
|
reject 501 5.1.8 "Use Submission for outgoing SMTP"
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
2023-11-14 17:30:17 +00:00
|
|
|
default_source {
|
|
|
|
destination postmaster $(local_domains) {
|
|
|
|
deliver_to &local_routing
|
|
|
|
}
|
|
|
|
default_destination {
|
|
|
|
reject 550 5.1.1 "User doesn't exist"
|
|
|
|
}
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
submission tcp://[::1]:587 {
|
|
|
|
limits {
|
|
|
|
all rate 50 1s
|
|
|
|
}
|
|
|
|
auth &local_authdb
|
|
|
|
source $(local_domains) {
|
|
|
|
check {
|
|
|
|
authorize_sender {
|
|
|
|
prepare_email &local_rewrites
|
|
|
|
user_to_email identity
|
|
|
|
}
|
|
|
|
}
|
|
|
|
destination postmaster $(local_domains) {
|
|
|
|
deliver_to &local_routing
|
|
|
|
}
|
|
|
|
default_destination {
|
|
|
|
modify {
|
|
|
|
dkim $(primary_domain) $(local_domains) default
|
|
|
|
}
|
|
|
|
deliver_to &remote_queue
|
|
|
|
}
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
2023-11-14 17:30:17 +00:00
|
|
|
default_source {
|
|
|
|
reject 501 5.1.8 "Non-local sender domain"
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
target.remote outbound_delivery {
|
|
|
|
limits {
|
|
|
|
destination rate 20 1s
|
|
|
|
destination concurrency 10
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
2023-11-14 17:30:17 +00:00
|
|
|
mx_auth {
|
|
|
|
dane
|
|
|
|
mtasts {
|
|
|
|
cache fs
|
|
|
|
fs_dir mtasts_cache/
|
|
|
|
}
|
|
|
|
local_policy {
|
|
|
|
min_tls_level encrypted
|
|
|
|
min_mx_level none
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
target.queue remote_queue {
|
|
|
|
target &outbound_delivery
|
|
|
|
autogenerated_msg_domain $(primary_domain)
|
|
|
|
bounce {
|
|
|
|
destination postmaster $(local_domains) {
|
|
|
|
deliver_to &local_routing
|
|
|
|
}
|
|
|
|
default_destination {
|
|
|
|
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
|
|
|
|
}
|
2023-11-03 09:26:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-14 17:30:17 +00:00
|
|
|
imap tcp://[::1]:143 {
|
|
|
|
auth &local_authdb
|
|
|
|
storage &local_mailboxes
|
|
|
|
}
|
|
|
|
'';
|
2024-03-17 18:48:49 +00:00
|
|
|
ensureAccounts = [ "user@${domain}" ];
|
2023-11-14 17:30:17 +00:00
|
|
|
ensureCredentials = {
|
2023-11-15 08:44:07 +00:00
|
|
|
"user@${domain}".passwordFile = pkgs.writeText "dummy" "foobar";
|
2023-11-14 17:30:17 +00:00
|
|
|
};
|
2023-11-03 09:26:11 +00:00
|
|
|
};
|
|
|
|
}
|