2021-10-02 20:41:46 +02:00
|
|
|
{pkgs ? <nixpkgs>, ...}:
|
|
|
|
let
|
|
|
|
maildomain = "c3d2.de";
|
|
|
|
hostname = "mail.c3d2.de";
|
|
|
|
virtual_map = ''
|
|
|
|
### system
|
|
|
|
# postmaster
|
|
|
|
postmaster root
|
|
|
|
hostmaster@redmine.c3d2.de root
|
|
|
|
hostmaster@pentapad.c3d2.de root
|
|
|
|
hostmaster@wiki.c3d2.de root
|
|
|
|
hostmaster@chat.c3d2.de nulli
|
|
|
|
# hostmaster
|
|
|
|
hostmaster@dresden.ccc.de fb@alien8.de, root
|
|
|
|
hostmaster@datenspuren.de daniel@plominski.eu, root
|
|
|
|
hostmaster root
|
|
|
|
# root
|
|
|
|
root@c3d2.de astro, morphium, nulli, eri, tboston
|
|
|
|
root root@c3d2.de
|
|
|
|
# webmaster
|
|
|
|
webmaster astro, root
|
|
|
|
# c3d2web
|
|
|
|
c3d2web astro
|
|
|
|
# Abuse
|
|
|
|
abuse abuse@c3d2.de
|
|
|
|
abuse@c3d2.de abuse@q-ix.net, root
|
|
|
|
# listmaster
|
|
|
|
listmaster@c3d2.de fb@c3d2.de, ps@c3d2.de, mail@c3d2.de
|
|
|
|
list@c3d2.de nulli, koeart, morphium, vv01f, tboston
|
|
|
|
list list@c3d2.de
|
|
|
|
mailer-daemon list@c3d2.de
|
|
|
|
# logcheck
|
|
|
|
logcheck root
|
|
|
|
# admin fuer gitolite
|
|
|
|
admin@c3d2.de root, blastmaster@c3d2.de, john@tuxcode.org, nulli
|
|
|
|
admin admin@c3d2.de
|
|
|
|
# flatbert admins
|
|
|
|
flatbert-admin@c3d2.de daniel@plominski.eu, astro@spaceboyz.net, john@tuxcode.org, paul@schwanse.de, morphium, ccc@poelzi.org, nulli@c3d2.de
|
|
|
|
wiki@c3d2.de root
|
|
|
|
## VPN
|
|
|
|
vpn@c3d2.de astro, ccc@poelzi.org, vv01f
|
|
|
|
### c3d2 user local home
|
|
|
|
# nulli
|
|
|
|
nulli@dresden.ccc.de nulli
|
|
|
|
nulli@c3d2.de nulli
|
|
|
|
webzwo0i@c3d2.de nulli
|
|
|
|
#ispconfig trial, can be removed?
|
|
|
|
hostmaster@jabber.c3d2.de nulli
|
|
|
|
0i@c3d2.de nulli
|
|
|
|
rec0very@c3d2.de nulli
|
|
|
|
vr@c3d2.de nulli
|
|
|
|
dock@c3d2.de nulli
|
|
|
|
shodan@c3d2.de nulli
|
|
|
|
tkradio@c3d2.de nulli, honky
|
|
|
|
dict@c3d2.de nulli
|
|
|
|
eb@c3d2.de nulli
|
|
|
|
dropbox@c3d2.de nulli
|
|
|
|
ebi@c3d2.de nulli
|
|
|
|
goo@c3d2.de nulli
|
|
|
|
dmi@c3d2.de nulli
|
|
|
|
impffein@c3d2.de nulli
|
|
|
|
gaga@c3d2.de nulli
|
|
|
|
# astro
|
|
|
|
# formerly: astro@spaceboyz.net
|
|
|
|
astro@c3d2.de astro
|
|
|
|
astro@netzbiotop.org astro
|
|
|
|
# alien8
|
|
|
|
a8 a8, fb@alien8.de
|
|
|
|
a8@c3d2.de a8, fb@alien8.de
|
|
|
|
fb@c3d2.de a8, fb@alien8.de
|
|
|
|
alien8@c3d2.de a8, fb@alien8.de
|
|
|
|
# pentabugs
|
|
|
|
pentabugs@c3d2.de pentabugs
|
|
|
|
# herr flupke
|
|
|
|
hf@c3d2.de hf
|
|
|
|
# santex
|
|
|
|
# formerly:
|
|
|
|
santex@c3d2.de santex
|
|
|
|
hagen@c3d2.de santex
|
|
|
|
#nek0
|
|
|
|
nek0@c3d2.de nek0
|
|
|
|
nek0@netzbiotop.org nek0
|
|
|
|
pizza@c3d2.de nek0
|
|
|
|
# ju
|
|
|
|
ju@c3d2.de ju
|
|
|
|
# vater
|
|
|
|
vater@c3d2.de vater
|
|
|
|
pavel@c3d2.de vater
|
|
|
|
# flatbert
|
|
|
|
flatbert@c3d2.de flatbert
|
|
|
|
|
|
|
|
###Datenspuren
|
|
|
|
datenspuren@c3d2.de martin@christianix.de, blastmaster, bigalex, nek0, honky, koeart, xyrill@c3d2.de
|
|
|
|
twitter@datenspuren.de mail@c3d2.de
|
|
|
|
lightningtalks@datenspuren.de bigalex@c3d2.de, hcx23@mailbox.org, honky
|
|
|
|
|
|
|
|
### c3d2 user forwarding
|
|
|
|
# riot
|
|
|
|
riot@c3d2.de riot@bsd-crew.de
|
|
|
|
# fukami
|
|
|
|
fukami@c3d2.de ccc@foo.io
|
|
|
|
# jens
|
|
|
|
jens@c3d2.de weisse_jens@web.de
|
|
|
|
# matthias
|
|
|
|
matthias@c3d2.de matthias@bsd-crew.de
|
|
|
|
# morphium
|
|
|
|
morphium@c3d2.de c3d2@morphium.info
|
|
|
|
morphium c3d2@morphium.info
|
|
|
|
# tibyr
|
|
|
|
tibyr@c3d2.de tibyr@alien8.de
|
|
|
|
# twobit
|
|
|
|
twobit@c3d2.de s8572327@gmail.com
|
|
|
|
tboston tboston@posteo.net
|
|
|
|
xyrill majewsky@posteo.de
|
|
|
|
polaris ursa.minor@posteo.de
|
|
|
|
|
|
|
|
### c3d2 aliases
|
|
|
|
## viele bunte smarties
|
|
|
|
#astro seins
|
|
|
|
eris@c3d2.de astro
|
|
|
|
flauschi@c3d2.de astro
|
|
|
|
kabelsalat@c3d2.de eris@c3d2.de
|
|
|
|
fnord@c3d2.de eris@c3d2.de
|
|
|
|
f.nord@c3d2.de eris@c3d2.de
|
|
|
|
frauke@c3d2.de eris@c3d2.de
|
|
|
|
fridolin@c3d2.de eris@c3d2.de
|
|
|
|
pm@c3d2.de eris@c3d2.de
|
|
|
|
# pre pre urzeit
|
|
|
|
21c3fpdev@c3d2.de pentabarf@mail.skyhub.de
|
|
|
|
ds-ic@c3d2.de ds-ic@mail.kruitzer.net
|
|
|
|
# pentamusic
|
|
|
|
podcast@c3d2.de pentaradio
|
|
|
|
ps@c3d2.de koeart
|
|
|
|
pentamusic@c3d2.de koeart
|
|
|
|
pentaradio honky, xyrill@c3d2.de, siehm@c3d2.de, mole@mopox.de, vv01f, friedemann@wulff-woesten.de
|
|
|
|
# autotopia - arbeitsgruppe zu atomatisierung
|
|
|
|
autotopia@c3d2.de polaris, nos, nek0, adrien@informancer.eu
|
|
|
|
# datenschleuder
|
|
|
|
datenschleuder@c3d2.de koeart, nulli, john@tuxcode.org, datenschleuder@tuxcode.org
|
|
|
|
# bestellungen fuer wem auch immer fuer den vllt. c3d2 oder privat, man weis es nicht
|
|
|
|
bestellungen@c3d2.de c3d2@xvlc.de, bigalex, mail@c3d2.de
|
|
|
|
#robmail addresse suchen
|
|
|
|
peering@c3d2.de koeart, nulli, astro@spaceboyz.net
|
|
|
|
freifunk@c3d2.de nulli, astro@spaceboyz.net
|
|
|
|
# vorstand, schatzmeister, kassenwart
|
|
|
|
schatzmeister@c3d2.de vorstand@c3d2.de
|
|
|
|
kassenwart@c3d2.de vorstand@c3d2.de
|
|
|
|
kassenwart@netzbiotop.org vorstand@c3d2.de
|
|
|
|
vorstand@netzbiotop.org honky, winzlieb, nek0
|
|
|
|
vorstand@c3d2.de honky, winzlieb, nek0
|
|
|
|
# master of coin
|
|
|
|
ln@c3d2.de bitcoin@c3d2.de
|
|
|
|
crypto@c3d2.de bitcoin@c3d2.de
|
|
|
|
bitcoin@c3d2.de vv01f
|
|
|
|
# wire
|
|
|
|
# project address, forward ziel fuer alle *.wire@c3d2.de siehe virtual.regex
|
|
|
|
wire@c3d2.de wire
|
|
|
|
|
|
|
|
# adressen aus dem c3d2-web git
|
|
|
|
2c3@c3d2.de mail@c3d2.de
|
|
|
|
keysign@c3d2.de mail@c3d2.de
|
|
|
|
news@c3d2.de mail@c3d2.de
|
|
|
|
presse@c3d2.de mail@c3d2.de
|
|
|
|
info@c3d2.de mail@c3d2.de
|
|
|
|
# CmS Schule
|
|
|
|
schule@c3d2.de cms@lists.c3d2.de
|
|
|
|
|
|
|
|
### c3d2 orga
|
|
|
|
# mail@
|
|
|
|
mail@c3d2.de astro, ibook@klobs.de, koeart, bigalex, morphium, nulli, vv01f, vater, nek0, tboston, xyrill, polaris, winzlieb, simon_ccc@liebing.cc
|
|
|
|
mail@dresden.ccc.de mail@c3d2.de
|
|
|
|
mail@c3dd.de mail@c3d2.de
|
|
|
|
mail@cccdd.de mail@c3d2.de
|
|
|
|
mail mail@c3d2.de
|
|
|
|
werbung@c3d2.de mail@c3d2.de
|
|
|
|
paypal@c3d2.de daniel@plominski.eu, astro, bigalex@c3d2.de, raz@c3d2.de, joerg@higgsboson.tk, mail
|
|
|
|
mail@netzbiotop.org mail@c3d2.de
|
|
|
|
|
|
|
|
### ueber /home/blotter/bin/create_vmail_user hinzugefuegt
|
|
|
|
# sven
|
|
|
|
# formerly: sven@elektro-klemm.de
|
|
|
|
sven@c3d2.de sven
|
|
|
|
nevs@c3d2.de sven
|
|
|
|
# blastmaster
|
|
|
|
# formerly: oeste.sebastian@googlemail.com
|
|
|
|
blastmaster@c3d2.de blastmaster
|
|
|
|
blastermaster@c3d2.de blastmaster
|
|
|
|
# koeart
|
|
|
|
# formerly: paul@schwanse.de, koeart@zwoelfelf.org
|
|
|
|
koeart@c3d2.de koeart
|
|
|
|
# eri!
|
|
|
|
# formerly: hans.orter@gmx.de
|
|
|
|
eri@c3d2.de eri
|
|
|
|
eri@cccdd.de eri
|
|
|
|
eri@netzbiotop.org eri
|
|
|
|
# pwnytail
|
|
|
|
# formerly: jakobi@stura.htw-dresden.de
|
|
|
|
pwnytail@c3d2.de pwnytail
|
|
|
|
# darkwake
|
|
|
|
# formerly: darkwake@freenet.de
|
|
|
|
darkwake@c3d2.de darkwake
|
|
|
|
# coeins
|
|
|
|
# formerly: coeins@gmail.com
|
|
|
|
coeins@c3d2.de coeins
|
|
|
|
# bigalex
|
|
|
|
# formerly: bigalex@gmx.de, alexander.lorz@tu-dresden.de
|
|
|
|
bigalex@c3d2.de bigalex
|
|
|
|
bigalex bigalex
|
|
|
|
# lachmoewe
|
|
|
|
# formerly: omg-lachmoewe@gmx.net
|
|
|
|
lachmoewe@c3d2.de lachmoewe
|
|
|
|
tf@c3d2.de lachmoewe
|
|
|
|
# daniel.plominski
|
|
|
|
daniel@c3d2.de daniel, daniel@plominski.eu
|
|
|
|
daniel@dresden.ccc.de daniel, daniel@plominski.eu
|
|
|
|
daniel.plominski@c3d2.de daniel, daniel@plominski.eu
|
|
|
|
daniel.plominski@dresden.ccc.de daniel, daniel@plominski.eu
|
|
|
|
# dodo
|
|
|
|
# formerly: dodo.the.last@gmail.com
|
|
|
|
dodo@c3d2.de dodo
|
|
|
|
dodo@dresden.ccc.de dodo
|
|
|
|
# payload
|
|
|
|
# formerly: payload@payload-bay.de
|
|
|
|
payload payload, s1394474@mail.zih.tu-dresden.de
|
|
|
|
payload@c3d2.de payload, s1394474@mail.zih.tu-dresden.de
|
|
|
|
# nos
|
|
|
|
# formerly: s70341@htw-dresden.de
|
|
|
|
nos@c3d2.de nos
|
|
|
|
# mc
|
|
|
|
# formerly: martin@christianix.de
|
|
|
|
mc@c3d2.de mc
|
|
|
|
norbert@c3d2.de mc
|
|
|
|
# vany
|
|
|
|
# formerly: eyke.schoeniger@gmx.de
|
|
|
|
vany@c3d2.de vany
|
|
|
|
# toon
|
|
|
|
# formerly: s71156@htw-dresden.de
|
|
|
|
toon@c3d2.de toon
|
|
|
|
# meo
|
|
|
|
# formerly: meodexter@gmail.com
|
|
|
|
meo@c3d2.de meo
|
|
|
|
meodexter@c3d2.de meo
|
|
|
|
# j03
|
|
|
|
j03@c3d2.de j03
|
|
|
|
jo3@c3d2.de j03
|
|
|
|
# nac
|
|
|
|
nac@c3d2.de nac
|
|
|
|
#vv01f
|
|
|
|
vv01f@c3d2.de vv01f
|
|
|
|
wolf@c3d2.de vv01f
|
|
|
|
vv01f@dresden.ccc.de vv01f
|
|
|
|
vv01f@c3dd.de vv01f
|
|
|
|
vv01f@cccdd.de vv01f
|
|
|
|
wolf@dresden.ccc.de vv01f
|
|
|
|
vv01f@netzbiotop.org vv01f
|
|
|
|
wolf@netzbiotop.org vv01f
|
|
|
|
# polygon
|
|
|
|
polygon@c3d2.de polygon
|
|
|
|
# derped
|
|
|
|
derped@c3d2.de derped
|
|
|
|
# kalipso
|
|
|
|
# formerly: kingkaiserprinz@gmail.com
|
|
|
|
kalipso@c3d2.de kalipso
|
|
|
|
# dzzzniel
|
|
|
|
dzzzniel@c3d2.de dzzzniel
|
|
|
|
# summi
|
|
|
|
summi@c3d2.de summi
|
|
|
|
# hendrix
|
|
|
|
hendrix@c3d2.de ra.anti@gmx.net
|
|
|
|
# testcopy
|
|
|
|
testcopy@c3d2.de testcopy
|
|
|
|
# blottervmail
|
|
|
|
blotter@c3d2.de blotter
|
|
|
|
blotter@c3dd.de blotter
|
|
|
|
blotter@cccdd.de blotter
|
|
|
|
blotter@dresden.ccc.de blotter
|
|
|
|
no blotter
|
|
|
|
blottervmail@c3d2.de blotter
|
|
|
|
blottervmail@mail.c3d2.de blotter
|
|
|
|
# simon
|
|
|
|
# formerly: simon.toermer@gmx.de
|
|
|
|
simon@c3d2.de simon
|
|
|
|
# ventolin
|
|
|
|
# formerly: sackgasse@gmx.net
|
|
|
|
ventolin@c3d2.de ventolin
|
|
|
|
# honky
|
|
|
|
# formerly: honky@defendtheplanet.net
|
|
|
|
honky@c3d2.de honky
|
|
|
|
honky@cccdd.de honky
|
|
|
|
honky@c3dd.de honky
|
|
|
|
honky@netzbiotop.org honky
|
|
|
|
# matemat
|
|
|
|
matemat@c3d2.de matemat
|
|
|
|
# nero
|
|
|
|
# formerly: nero@w1r3.net
|
|
|
|
nero@c3d2.de nero
|
|
|
|
# billy
|
|
|
|
# formerly: annettgerlach@gmx.net
|
|
|
|
billy@c3d2.de annettgerlach@gmx.net
|
|
|
|
# winzlieb
|
|
|
|
winzlieb graviola@posteo.de
|
|
|
|
winzlieb@netzbiotop.org winzlieb
|
|
|
|
# broken_pipe
|
|
|
|
# formerly: urban@subnet.email
|
|
|
|
broken_pipe@c3d2.de broken_pipe
|
|
|
|
# autotopia
|
|
|
|
# formerly: broken_pipe@c3d2.de
|
|
|
|
# servicemail
|
|
|
|
servicemail@c3d2.de servicemail
|
|
|
|
monitoring@c3d2.de monitoring
|
|
|
|
# polaris
|
|
|
|
# formerly: ursa.minor@posteo.de
|
|
|
|
polaris@c3d2.de polaris
|
|
|
|
# xeri
|
|
|
|
xeri@c3d2.de xeri
|
|
|
|
# xyrill
|
|
|
|
# formerly: majewsky@posteo.de
|
|
|
|
xyrill@dresden.ccc.de majewsky@posteo.de
|
|
|
|
xyrill@c3d2.de majewsky@posteo.de
|
|
|
|
xyrill@c3dd.de majewsky@posteo.de
|
|
|
|
xyrill@netzbiotop.org majewsky@posteo.de
|
|
|
|
# neda
|
|
|
|
neda@c3d2.de n.sultova@hzdr.de
|
|
|
|
# ehmry
|
|
|
|
ehmry@c3d2.de ehmry@posteo.net
|
|
|
|
ehmry@dresden.ccc.de ehmry@posteo.net
|
|
|
|
ehmry@c3dd.de ehmry@posteo.net
|
|
|
|
# antranes
|
|
|
|
antranes@c3d2.de antranes
|
|
|
|
# antrares
|
|
|
|
antrares@c3d2.de antrares
|
|
|
|
# siehm: simon_ccc@liebing.cc
|
|
|
|
siehm@c3d2.de simon_ccc@liebing.cc
|
|
|
|
siehm@c3dd.de simon_ccc@liebing.cc
|
|
|
|
siehm@dresden.ccc.de simon_ccc@liebing.cc
|
|
|
|
# sandro
|
|
|
|
# formerly: sandro.jaeckel@posteo.de
|
|
|
|
sandro@c3d2.de sandro
|
|
|
|
# leonvita91
|
|
|
|
leonvita91@c3d2.de leonvita91
|
|
|
|
# wiki-sender
|
|
|
|
wiki-sender@c3d2.de wiki-sender
|
|
|
|
# etherpad-notify
|
|
|
|
etherpad-notify@c3d2.de etherpad-notify
|
|
|
|
# zylens
|
|
|
|
# formerly: zylens
|
|
|
|
zylens@c3d2.de zylens
|
|
|
|
# formerly: Mirko <mirko@zeiban.de>
|
|
|
|
mirko@c3d2.de mirko@c3d2.zeiban.de
|
|
|
|
'';
|
|
|
|
mynetworks = [
|
|
|
|
"127.0.0.0/8"
|
|
|
|
"172.22.99.0/24"
|
|
|
|
"172.22.100.0/24"
|
|
|
|
"81.201.149.152/32"
|
|
|
|
"24.134.104.53/32"
|
|
|
|
"[::1]/128"
|
|
|
|
"[fe80::]/10"
|
|
|
|
"[2a00:1828:a008::]/48"
|
|
|
|
"[2001:470:6d:670::]/64"
|
|
|
|
"[2001:67c:1400:2240::]/64"
|
|
|
|
"[2a00:8180:2c00:200::]/56"
|
|
|
|
];
|
|
|
|
virtual_domains = [
|
|
|
|
"dresden.ccc.de"
|
|
|
|
"cccdd.de"
|
|
|
|
"c3dd.de"
|
|
|
|
"datenspuren.de"
|
|
|
|
"jabber.c3d2.de"
|
|
|
|
"webmail.c3d2.de"
|
|
|
|
"chat.c3d2.de"
|
|
|
|
"zengelsystem.c3d2.space"
|
|
|
|
"c3d2.space"
|
|
|
|
"netzbiotop.org"
|
|
|
|
# "nc.c3d2.space"
|
|
|
|
];
|
|
|
|
in
|
|
|
|
{
|
|
|
|
#imports = [
|
|
|
|
# <nixpkgs/nixos/modules/virtualisation/lxc-container.nix>
|
|
|
|
#];
|
|
|
|
networking.hostName = "mail";
|
|
|
|
networking.useNetworkd = true;
|
|
|
|
networking.interfaces.eth0.ipv4.addresses = [{
|
|
|
|
address = "172.20.73.58";
|
|
|
|
prefixLength = 26;
|
|
|
|
}];
|
|
|
|
networking.defaultGateway = "172.20.73.1";
|
|
|
|
|
|
|
|
networking.firewall = {
|
|
|
|
enable = true;
|
|
|
|
allowedTCPPorts = [
|
|
|
|
25 587 143
|
|
|
|
4190
|
|
|
|
80 443
|
|
|
|
];
|
|
|
|
allowedUDPPorts = [
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users."mailowner" = {
|
|
|
|
createHome = false;
|
|
|
|
extraGroups = [];
|
|
|
|
group = "users";
|
|
|
|
home = "/vor/spool/mail";
|
|
|
|
isSystemUser = true;
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
];
|
|
|
|
uid = 5000;
|
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
|
|
|
postfix = {
|
|
|
|
enable = true;
|
|
|
|
enableSmtp = true;
|
|
|
|
enableSubmission = true;
|
|
|
|
enableHeaderChecks = true;
|
|
|
|
domain = maildomain;
|
|
|
|
hostname = hostname;
|
|
|
|
sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
|
|
|
sslKey = "/var/lib/acme/${hostname}/key.pem";
|
|
|
|
networks = [
|
|
|
|
];
|
|
|
|
virtual = virtual_map;
|
|
|
|
config = {
|
|
|
|
myorigin = maildomain;
|
|
|
|
mydestination = [
|
|
|
|
"127.0.0.1"
|
|
|
|
];
|
|
|
|
mynetworks = mynetworks;
|
|
|
|
mail_owner = "postfix";
|
|
|
|
smtp_use_tls = true;
|
|
|
|
smtp_tls_security_level = "may";
|
|
|
|
smtpd_use_tls = true;
|
|
|
|
smtpd_tls_security_level = "may";
|
|
|
|
smtpd_recipient_restrictions = [
|
|
|
|
"permit_mynetworks"
|
|
|
|
"permit_sasl_authenticated"
|
|
|
|
"reject_unauth_destination"
|
|
|
|
];
|
|
|
|
smtpd_relay_restrictions = [
|
|
|
|
"permit_mynetworks"
|
|
|
|
"permit_sasl_authenticated"
|
|
|
|
"reject_unauth_destination"
|
|
|
|
];
|
|
|
|
smtpd_sasl_auth_enable = true;
|
|
|
|
smtpd_tls_auth_only = false;
|
|
|
|
smtpd_tls_protocols = [
|
|
|
|
"!SSLv2" "!SSLv3" "!TLSv1" "!TLSv1.1"
|
|
|
|
];
|
|
|
|
smtpd_tls_mandatory_ciphers = "high";
|
|
|
|
smtpd_sasl_path = "/var/lib/postfix/auth";
|
|
|
|
smtpd_sasl_type = "dovecot";
|
|
|
|
virtual_mailbox_domains =
|
|
|
|
[ maildomain ] ++ virtual_domains;
|
|
|
|
relay_domains = [
|
|
|
|
"$mydestination"
|
|
|
|
"lists.c3d2.de"
|
|
|
|
];
|
|
|
|
message_size_limit = "40960000";
|
|
|
|
# Dovecot delivery
|
|
|
|
virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
|
|
|
|
virtual_gid_maps = "static:5000";
|
|
|
|
virtual_uid_maps = "static:5000";
|
|
|
|
virtual_minimum_uid = "5000";
|
|
|
|
virtual_mailbox_base = "/var/vmail";
|
|
|
|
# tarpitting
|
|
|
|
smtpd_error_sleep_time = "10s";
|
|
|
|
smtpd_soft_error_limit = 2;
|
|
|
|
smtpd_hard_error_limit = 5;
|
|
|
|
smtpd_junk_command_limit = 2;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
dovecot2 = {
|
|
|
|
enable = true;
|
|
|
|
enableImap = true;
|
|
|
|
enableLmtp = true;
|
|
|
|
enablePop3 = false;
|
|
|
|
enablePAM = false;
|
|
|
|
enableQuota = true;
|
|
|
|
createMailUser = true;
|
|
|
|
mailLocation = "maildir:~/maildir";
|
|
|
|
mailboxes = {
|
|
|
|
Spam = {
|
|
|
|
auto = "create";
|
|
|
|
specialUse = "Junk";
|
|
|
|
};
|
|
|
|
Sent = {
|
|
|
|
auto = "create";
|
|
|
|
specialUse = "Sent";
|
|
|
|
};
|
|
|
|
Drafts = {
|
|
|
|
auto = "create";
|
|
|
|
specialUse = "Drafts";
|
|
|
|
};
|
|
|
|
Trash = {
|
|
|
|
auto = "create";
|
|
|
|
specialUse = "Trash";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
modules = [
|
|
|
|
pkgs.dovecot_pigeonhole
|
|
|
|
];
|
|
|
|
quotaGlobalPerUser = "1G";
|
|
|
|
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
|
|
|
|
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
|
|
|
|
protocols = [
|
|
|
|
"sieve"
|
|
|
|
];
|
|
|
|
mailPlugins = {
|
|
|
|
perProtocol = {
|
|
|
|
imap = {
|
|
|
|
enable = [
|
|
|
|
"imap_sieve"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
lmtp = {
|
|
|
|
enable = [
|
|
|
|
"sieve"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
extraConfig = ''
|
|
|
|
passdb {
|
|
|
|
driver = passwd-file
|
|
|
|
args = username_format=%u /etc/dovecot/auth.d/passwd
|
|
|
|
}
|
|
|
|
userdb {
|
|
|
|
driver = passwd-file
|
|
|
|
args = username_format=%u /etc/dovecot/auth.d/passwd
|
|
|
|
}
|
|
|
|
service lmtp {
|
|
|
|
unix_listener dovecot-lmtp {
|
|
|
|
group = postfix
|
|
|
|
mode = 0660
|
|
|
|
user = postfix
|
|
|
|
}
|
|
|
|
}
|
|
|
|
service auth {
|
|
|
|
unix_listener /var/lib/postfix/auth {
|
|
|
|
group = postfix
|
|
|
|
mode = 0660
|
|
|
|
user = postfix
|
|
|
|
}
|
|
|
|
user = dovecot2
|
|
|
|
}
|
|
|
|
|
|
|
|
service managesieve-login {
|
|
|
|
}
|
|
|
|
|
|
|
|
service managesieve {
|
|
|
|
}
|
|
|
|
|
|
|
|
protocol sieve {
|
|
|
|
}
|
|
|
|
|
|
|
|
protocol lmtp {
|
|
|
|
postmaster_address = postmaster@nek0.eu
|
|
|
|
}
|
|
|
|
|
|
|
|
protocol imap {
|
|
|
|
mail_max_userip_connections = 100
|
|
|
|
}
|
|
|
|
|
|
|
|
plugin {
|
|
|
|
sieve = file:~/sieve;active=~/.dovecot.sieve
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
fail2ban = {
|
|
|
|
enable = true;
|
|
|
|
ignoreIP = mynetworks;
|
|
|
|
jails = {
|
|
|
|
"postfix" = ''
|
|
|
|
enabled = true
|
|
|
|
'';
|
|
|
|
"dovecot-imap" = ''
|
|
|
|
enabled = true
|
|
|
|
port = imap,imaps
|
|
|
|
filter = dovecot-imap
|
|
|
|
#logpath = /var/log/dovecot.log
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts."${maildomain}" = {
|
|
|
|
serverAliases = virtual_domains;
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
http2 = true;
|
|
|
|
locations."/rspamd/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:11334/";
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
rspamd = {
|
|
|
|
enable = true;
|
|
|
|
user = "rspamd";
|
|
|
|
group = "rspamd";
|
|
|
|
postfix = {
|
|
|
|
enable = true;
|
|
|
|
config = {
|
|
|
|
non_smtpd_milters = [ "inet:127.0.0.1:11332" ];
|
|
|
|
smtpd_milters = [ "inet:127.0.0.1:11332" ];
|
|
|
|
milter_protocol = "6";
|
|
|
|
milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_authen}";
|
|
|
|
milter_default_action = "accept";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
workers = {
|
|
|
|
"normal" = {
|
|
|
|
enable = true;
|
|
|
|
type = "normal";
|
|
|
|
includes = [ "$CONFDIR/worker-normal.inc" ];
|
|
|
|
bindSockets = [{
|
|
|
|
socket = "/run/rspamd/rspamd.sock";
|
|
|
|
mode = "0660";
|
|
|
|
owner = "rspamd";
|
|
|
|
group = "rspamd";
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
"controller" = {
|
|
|
|
enable = true;
|
|
|
|
count = 1;
|
|
|
|
type = "controller";
|
|
|
|
includes = [ "$CONFDIR/worker-controller.inc" ];
|
|
|
|
bindSockets = [ "127.0.0.1:11334" ];
|
|
|
|
};
|
|
|
|
"rspamd_proxy" = {
|
|
|
|
enable = true;
|
|
|
|
type = "rspamd_proxy";
|
|
|
|
includes = [ "$CONFDIR/worker-proxy.inc" ];
|
|
|
|
extraConfig = ''
|
|
|
|
milter = yes;
|
|
|
|
timeout = 120s;
|
|
|
|
upstream "local" {
|
|
|
|
default = yes;
|
|
|
|
self_scan = yes;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
locals = {
|
|
|
|
"options.inc" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
2021-10-16 18:17:09 +02:00
|
|
|
#local_addrs = "127.0.0.0/8, ::1, 10.0.0.0/8, 2a01:4f8:222:2b41::/64";
|
|
|
|
local_addrs = ${builtins foldl (acc: a: acc + a + " ") "" mynetworks}
|
2021-10-02 20:41:46 +02:00
|
|
|
dns {
|
|
|
|
nameserver = ["10.0.0.53:53:10"];
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"worker-normal.inc" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
bind_socket = "127.0.0.1:11333";
|
|
|
|
count = 2;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"worker-controller.inc" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
# create with "rspamadm pw"
|
|
|
|
password = "$2$ybs6zdxgq17ys7azr4iwkwr3tg4ifx5z$79hoz8ah1w6f4b5rs7u8x7gst6ioidzcwijj8uu5zap9t6cw4tjb";
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"worker-proxy.inc" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
bind_socket = "127.0.0.1:11332";
|
|
|
|
milter = yes;
|
|
|
|
timeout = 120s;
|
|
|
|
upstream "local" {
|
|
|
|
default = yes;
|
|
|
|
self_scan = yes;
|
|
|
|
}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"logging.inc" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
type = "file";
|
|
|
|
filename = "/var/lib/rspamd/rspamd.log";
|
|
|
|
level = "error";
|
|
|
|
debug_modules = [];
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"milter_headers.conf" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
|
|
|
|
authenticated_headers = ["authentication-results"];
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"classifier-bayes.conf" = {
|
|
|
|
enable = true;
|
|
|
|
text = ''
|
|
|
|
backend = "redis";
|
|
|
|
servers = "127.0.0.1:6378";
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
redis = {
|
|
|
|
enable = true;
|
|
|
|
bind = "127.0.0.1";
|
|
|
|
port = 6378;
|
|
|
|
vmOverCommit = true;
|
|
|
|
settings = {
|
|
|
|
supervised = "systemd";
|
|
|
|
maxmemory = "1GB";
|
|
|
|
maxmemory-policy = "volatile-lru";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
preliminarySelfsigned = true;
|
|
|
|
renewInterval = "*-01,03,05,07,09,11-01 00:00:00";
|
|
|
|
certs = {
|
|
|
|
"${maildomain}" = {
|
|
|
|
email = "nek0@nek0.eu";
|
|
|
|
extraDomainNames = [
|
|
|
|
virtual_domains
|
|
|
|
];
|
|
|
|
postRun = "systemctl restart postfix.service dovecot2.service";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|