New Feature >>rejectSender<<

Authored by tokudan
2024-11-11 11:29:17 +05:00 · 2018-11-10 14:29:16 +01:00 · 2018-11-10 14:29:16 +01:00 · acd65c0803
commit acd65c0803
parent 28cff2497a
2 changed files with 26 additions and 3 deletions
--- a/default.nix
+++ b/default.nix
@ -166,6 +166,16 @@ in
      default = {};
    };

+    rejectSender = mkOption {
+      type = types.listOf types.str;
+      example = [ "@example.com" "spammer@example.net" ];
+      description = ''
+        Reject emails from these addresses from unauthorized senders.
+        Use if a spammer is using the same domain or the same sender over and over.
+      '';
+      default = [];
+    };
+
    rejectRecipients = mkOption {
      type = types.listOf types.str;
      example = [ "sales@example.com" "info@example.com" ];
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@ -55,6 +55,13 @@ let
                      (lib.concatStringsSep "\n" (all_valiases_postfix ++
                                                  catchAllPostfix));

+  reject_senders_postfix = (map
+    (sender:
+      "${sender} REJECT")
+    (cfg.rejectSender));
+  reject_senders_file = builtins.toFile "reject_senders" (lib.concatStringsSep "\n" (reject_senders_postfix))  ;
+
+
  reject_recipients_postfix = (map
    (recipient:
      "${recipient} REJECT")
@ -103,6 +110,8 @@ let
    + (lib.optionalString cfg.debug ''
    debugLevel = 4
  ''));
+
+  mappedFile = name: "hash:/var/lib/postfix/conf/${name}";
 in
 {
  config = with cfg; lib.mkIf enable {
@ -113,6 +122,7 @@ in
      networksStyle = "host";
      mapFiles."valias" = valiases_file;
      mapFiles."vaccounts" = vaccounts_file;
+      mapFiles."reject_senders" = reject_senders_file;
      mapFiles."reject_recipients" = reject_recipients_file;
      sslCert = certificatePath;
      sslKey = keyPath;
@ -132,8 +142,8 @@ in
        virtual_gid_maps = static:5000
        virtual_mailbox_base = ${mailDirectory}
        virtual_mailbox_domains = ${vhosts_file}
-        virtual_mailbox_maps = hash:/var/lib/postfix/conf/valias
-        virtual_alias_maps = hash:/var/lib/postfix/conf/valias
+        virtual_mailbox_maps = ${mappedFile "valias"}
+        virtual_alias_maps = ${mappedFile "valias"}
        virtual_transport = lmtp:unix:/run/dovecot2/dovecot-lmtp

        # sasl with dovecot
@ -144,9 +154,12 @@ in

        policy-spf_time_limit = 3600s

+        # reject selected senders
+        smtpd_sender_restrictions = check_sender_access ${mappedFile "reject_senders"}
+
        # quota and spf checking
        smtpd_recipient_restrictions =
-          check_recipient_access hash:/var/lib/postfix/conf/reject_recipients,
+          check_recipient_access ${mappedFile "reject_recipients"},
          check_policy_service inet:localhost:12340,
          check_policy_service unix:private/policy-spf