ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2024-11-11 19:39:16 +05:00
Code Issues Packages Projects Releases Wiki Activity
541 Commits 40 Branches 22 Tags 167 MiB
nixos-22.11
Commit Graph

221 Commits

Author SHA1 Message Date
Robin Raymond
4b480d1445 Merge branch 'metapensiero/nixos-mailserver-delimiter-master' 2019-08-13 19:57:31 +02:00
Robin Raymond
ee7bb07f25 Merge branch 'scintill/nixos-mailserver-dkim-bits' 2019-08-13 19:56:18 +02:00
Robin Raymond
0bf2bb0b54 Merge branch 'scintill/nixos-mailserver-fix-tests' 2019-08-13 19:51:16 +02:00
Alberto Berti
76922632ca Merge branch 'verbose-spam-header' into verbose-spam-header-master 2019-07-26 19:37:18 +02:00
Alberto Berti
6033364d0b Merge branch 'delimiter' into delimiter-master 2019-07-26 19:28:51 +02:00
Alberto Berti
05bb5518ad Let the milter add to headers the reason for tagging a message as spam 2019-07-26 19:01:54 +02:00
Alberto Berti
0ff81a9593 Make the delimiter configuration work 2019-07-26 19:00:32 +02:00
Alberto Berti
fad71d9948 Fix typo 2019-07-25 17:55:01 +02:00
Alberto Berti
253c8732b4 Add subaddresses configuration 2019-07-25 17:30:20 +02:00
Joey Hewitt
f789f7a80c add dkimKeyBits configuration 2019-07-09 21:59:28 -06:00
Joey Hewitt
7e718e0e33 dkim: transition to PermissionsStartOnly=false 
That's how nixpkgs-unstable is now, so to be compatible with both we
have to force that setting. Use systemd tmpfiles to provision
directory with correct owner.
 2019-07-07 21:47:09 -06:00
Joey Hewitt
93660eabcd fixes to tests 
- restructure rspamd config. It's nicer now, and it was getting
overridden the old way.
- "scan_mime_parts = false" apparently must be used in rspamd for ClamAV
to work
- refactor the clamav test a bit for cleanliness
- wait for rspamd and clamd sockets to open, before testing
- use clamdscan for speed, and verify that the virus was found
- verify msmtp returns virus scan result
 2019-07-07 21:47:09 -06:00
Oscar Carlsson
4e8fbac580 Disable TLSv1.0 and deprecated ciphers. 
TLSv1.0 is as deprecated as the older SSL versions, and should not be
used. I've also disabled a slew of ciphers, and hopefully this will
make us less vulnerable to downgrade attacks and similar.
 2019-06-21 11:09:30 +02:00
Christian Kauhaus
bce95d0229 Use services.postfix.virtual option 
SNM used to define virtual_alias_maps in extraConfig which collides with
the same parameter defined by the standard services.postfix.virtual
option. This led to *lots* of warnings during postfix startup like

```
May 02 18:29:58 nun postfix/master[24758]: warning: /etc/postfix/main.cf, line 47: overriding earlier entry: virtual_alias_maps=hash:/etc/postfix/virtual
```

Refraining from overriding virtual_alias_maps has the additional
advantage that virtual aliases defined by other modules dont' stop
working with SNM.
 2019-05-03 11:25:23 +00:00
Christian Kauhaus
184975be76 Fix renamed rspamd_proxy option 
Fixes #152
 2019-05-03 10:54:15 +02:00
Michishige Kaito
c2ca4d1bb0 postfix: allow configuring message_size_limit 2018-11-23 14:29:23 +00:00
Robin Raymond
8b7dde4b54 remove rspamd socket 2018-11-11 18:03:04 +01:00
Robin Raymond
acd65c0803 New Feature >>rejectSender<< 
Authored by tokudan
 2018-11-10 14:29:16 +01:00
plchldr
fa0541b96b remove Diffie Hillman parameter creation as it is handled by the upstream dovecot2 module as of 18.09 2018-10-30 17:56:25 +01:00
Brian Olsen
88e292c5b7 postfix: Support setting options for policyd-spf 2018-06-29 21:36:34 +09:30
Brian Olsen
61df799036 dovecot: Add spam filter traning using imapsieve 2018-06-29 21:36:34 +09:30
Brian Olsen
616d779e1f Move from rmilter to rspamd #25 2018-06-29 21:36:34 +09:30
Brian Olsen
410c6c410b Use nixpkgs functions to check dovecot version 2018-06-29 21:36:34 +09:30
Brian Olsen
1c76e0a119 tests: Add ClamAV test and fix errors in virus scanning 2018-06-29 21:36:34 +09:30
Brian Olsen
e32a915489 postfix: Use pypolicyd-spf for SPF checking 2018-06-29 21:35:16 +09:30
Brian Olsen
f209fa3bf3 postfix: use masterConfig option instead of extraMasterConf 
extraMasterConf is just a string while masterConfig is a nix module so
the options are more explicit and has help text.
 2018-06-29 21:35:16 +09:30
Brian Olsen
7036371f75 Use OpenDKIM instead of rmilter for DKIM 
As part of #61 this moves DKIM handling from rmilter to OpenDKIM.
 2018-06-29 21:35:16 +09:30
Brian Olsen
8a27b941bf Start dovecot before postfix and add target for certificates 
It seemed weird to me that preStart on postfix was used to generate
files not needed directly by postfix and for the self-signed
certificate which is also needed by dovecot. nginx.service was also
used as a proxy for when ACME certificate generation was done.

So I have created mailserver-certificates.target for when certificates
are available for other services. For self-signed that means that a
new oneshot service called mailserver-selfsigned-certificate has been
run. And for ACME this means that the target
acme-selfsigned-certificates has been reached (which is when acme has
created the self-signed certificates used before the actual
certificates provided by LetsEncrypt are created). This setup has the
added bonus that if you want to run a service to provide your own
certificates you can set that to run before
mailserver-certificates.target.

DH Parameters are only needed by dovecot so generation of that file has
been moved to the dovecot2 preStart.

And lastly the only remaining reason to for dovecot to start before
postfix was that the auth and lmtp sockets where located in a directory
created by postfix. But since they could just as well be located in
/run/dovecot2 as long as postfix has access to them I have moved them
there.
 2018-06-29 21:35:16 +09:30
Brian Olsen
0fbfbafb6e Make dovecot sockets use postfix user/group options 2018-06-29 21:35:16 +09:30
Robin Raymond
f016b9689a
Merge pull request #128 from Infinisil/fix-enable-conditions 
fix conditions for enabling services
 2018-06-09 15:18:46 +02:00
Philipp Dörfler
92238c61f6 Disabled scanning of incoming mails for phishing attempts 2018-06-09 09:13:56 +00:00
Silvan Mosberger
845e06e61a
fix conditions for enabling services 
Without this fix, kresd and others would get enabled even though the
main mailserver option is disabled.
 2018-05-22 23:18:55 +02:00
Robin Raymond
68232ddf87
Merge pull request #116 from phdoerfler/post-upgrade-check 
Added option for automatic reboot after a kernel upgrade.
 2018-05-10 13:06:46 +02:00
Robin Raymond
6d3ab77a5d
Merge pull request #114 from geistesk/message-id 
Fog user's hostname in the Message-ID
 2018-05-10 13:05:32 +02:00
Robin Raymond
02b0e867d2
Merge pull request #124 from nlewo/pr-dh.pem 
postfix: also create the dh.pem if it is empty
 2018-05-10 13:04:35 +02:00
Robin Raymond
e0907f489b
Merge pull request #117 from tokudan/reject_recipients 
Allow rejecting mails to selected local addresses from remote systems
 2018-05-10 13:02:37 +02:00
Antoine Eiche
e9dea6cdb4 postfix: also create the dh.pem if it is empty 
The dh.pem file is currently created by the postfix prestart
script. If the entropy of the system is to low, the postfix prestart
can timeout. In this case, an empty file is created.
If the user restarts the postfix service, the dh.pem is not created
because the file already exists (but is empty).
When a ssl is established with dovecot, it fails with this message:
imap-login: `Error:Failed to initialize SSL server context: Couldn't parse DH parameters:
error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH
PARAMETERS`

With this patch, the postfix service creates the dh.pem if the dh.pem
doesn't exist or if it is empty. It doesn't fix the entropy or
timeout issue but at least, the user knows something is failing:/
 2018-05-10 01:04:02 +02:00
Antoine Eiche
0f75894b4f dkim: set header canonicalization to relaxed 
Instead of simple canonicalization which is the default one.

Fixes #120
 2018-05-04 19:55:25 +02:00
Daniel Frank
f613779999 Allow rejecting mails to selected local addresses from remote systems 2018-04-15 01:49:26 +02:00
Philipp Dörfler
610a4008dc Added option for automatic reboot after a kernel upgrade. 2018-04-12 10:31:49 +00:00
geistesk
386faf960c Fog user's hostname in the Message-ID 2018-04-09 22:14:17 +02:00
Robin Raymond
e4c6682eb9 Merge branch 'master' of github.com:r-raymond/nixos-mailserver 2018-04-08 15:28:58 +02:00
Robin Raymond
c28d7756c1
Merge pull request #101 from tokudan/mydestination 
Avoid accepting mail to xyz@localhost from remote systems
 2018-04-08 15:25:48 +02:00
geistesk
c0df22aaae Support for multiple extraVirtualAliases 
Should fix #104 by introducing

```
extraVirtualAliases = {
  "single-alias@domain.foobar" = "user1@domain.foobar";
  "multi-alias@domain.foobar" = [
    "user1@domain.foobar" "user2@domain.foobar" ];
};
```
 2018-04-03 11:52:03 +02:00
Philipp Dörfler
4f36b72dd6 Added dovecot option for mail_max_userip_connections defaulting to 100 2018-03-13 10:43:30 +00:00
Robin Raymond
e3a12093b7
Merge pull request #93 from phdoerfler/borgbackup 
Added basic support for borgbackup
 2018-03-10 18:20:19 +01:00
Daniel Frank
f283b6750b Avoid accepting mail to xyz@localhost. Local email should be aliased to another user anyway. 2018-03-10 17:13:30 +01:00
Robin Raymond
f69081226d
Merge pull request #98 from tokudan/fix_backscatter 
Avoid backscattering on unknown recipients. Fixes #97
 2018-03-06 16:00:54 +01:00
Daniel Frank
330cc73089 Avoid backscattering on unknown recipients. Fixes #97 2018-03-05 20:29:02 +01:00
Robert Schütz
f9820b55ab Don't include identity twice in vaccounts 
fixes #94
 2018-03-05 16:20:54 +01:00
Philipp Dörfler
b53364715d Added basic support for borgbackup 2018-03-04 14:36:42 +00:00
Robin Raymond
c1c4706519 remove deprecated virtualAliases 2018-02-23 16:48:13 +01:00
Robin Raymond
d72b975a45 Merge branch 'v2.1-bugfixes' 2018-02-23 15:37:09 +01:00
Robin Raymond
6bdfdca0e3 fix typo 2018-02-23 15:36:29 +01:00
Robin Raymond
22caa012d6 Merge branch 'v2.1-bugfixes' 2018-02-23 14:57:22 +01:00
Robin Raymond
5d169c3ef2 fixes #88 2018-02-23 14:56:28 +01:00
Robin Raymond
a3043b2242 fixes #87 2018-02-23 14:52:11 +01:00
Robin Raymond
ea20d60ec1 possible fix for #86 2018-02-23 14:51:15 +01:00
Robin Raymond
c252ecb869 possible fix for #86 2018-02-22 23:12:39 +01:00
Robin Raymond
df25233fd4 merge 'basic rsnapshot backup' 2018-02-22 22:49:58 +01:00
Robin Raymond
ca9680403e
Merge pull request #56 from phdoerfler/monitoring 
Added monitoring of disk space via monit
 2018-02-22 22:45:02 +01:00
Philipp Dörfler
29cb68a216 Added monitoring of disk space and more with monit. 2018-02-22 20:33:55 +00:00
Philipp Dörfler
59b1fafefc Added basic rsnapshot backup. 2018-02-22 20:33:27 +00:00
Philipp Dörfler
43d36d9b76 Dovecot: Mailbox config + hierarchy separator + FS layout. 
- Factored mailbox config into its own option.
- Added hierarchy separator option.
- Added option for using FS layout.
 2018-02-22 20:32:21 +00:00
Ruben Maher
929cac8f50 mail-server/users.nix: don't expand variables in sieve script 2018-02-19 09:32:40 +10:30
Robin Raymond
436cf0513b add vitual mail users 2018-02-18 12:17:32 +01:00
Ruben Maher
5b570ad5a0 dovecot: read dovecot version into nix variable 
This allows determining whether it's OK to use particular configuration
variables that will throw errors when used in older versions.
 2018-02-17 22:24:39 +10:30
Robin Raymond
f6546a1a8e fix dovecot 2.3 ssl_dh 2018-02-13 13:18:31 +01:00
Robin Raymond
b75575f02e
remove unbound 2018-02-09 15:02:28 +01:00
Robin Raymond
671f447015
Merge pull request #57 from phdoerfler/localnameserver 
Added kresd as local nameserver so rspamd stops complaining
 2018-02-09 15:00:09 +01:00
Robin Raymond
0f6de6ff57
remove clamav from packages, fixes #64 2018-02-01 09:14:21 +01:00
Robin Raymond
aca43875dc update copywright 2018-01-29 10:34:27 +01:00
Robin Raymond
ba4eaed61d related to #52 2018-01-29 10:24:53 +01:00
Philipp Dörfler
bc627f180a Added kresd as local nameserver so rspamd stops complaining 2018-01-13 01:39:21 +00:00
Andrey Golovizin
ee479ae683 Run spam.sieve after user scripts 
Allows the user to override or disable it, if necessary.
 2018-01-07 14:05:16 +01:00
Andrey Golovizin
aeedb25daf Use sieve_default option for sieveScript 
https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration#Visible_Default_Script
 2018-01-07 14:05:16 +01:00
Andrey Golovizin
a6d9604ea5 Fix Sieve script activation via ManageSieve 2018-01-07 14:05:16 +01:00
Andrey Golovizin
30e4f136fd Add enableManageSieve option to open port 4190 2018-01-07 14:05:12 +01:00
Robin Raymond
eeb7fd64af implement qutoas 2017-12-22 16:58:35 +01:00
Robin Raymond
2d0648e0f4 move from real users to passwd file 2017-12-22 16:08:42 +01:00
Ruben Maher
3a333ab71a mail-server/postfix: add each loginAccount to virtual_alias_maps 2017-12-20 10:54:57 +10:30
Robin Raymond
fc9b63f0e6 add explicit catchAlls #49 2017-12-18 12:26:54 +01:00
geistesk
0091ae1761 Postfix: set hostname to FQDN 
This should fix #43
 2017-11-26 11:56:34 +01:00
Robin Raymond
160f3cbc9b open port 80 when using LE certs. fixes #42 2017-11-26 07:59:31 +01:00
Robin Raymond
8ce3d42c13 implement extraVirtualAliases 2017-11-21 11:52:16 +01:00
Robin Raymond
67c29a561c concat all valiases 2017-11-21 11:35:52 +01:00
Robin Raymond
d94b8acd78 implement alias list 2017-11-21 11:18:07 +01:00
Ruben Maher
d3fc1cccbd mail-server/dovecot.nix: automatically subscribe to new mailboxes 
When a mailbox is created by sieve or is delivered to directly by IMAP commands,
created IMAP folders are not subscribed to by dovecot.  These configuration
options change that.

Acked-by: Ruben Maher <ruben@maher.fyi>
 2017-11-21 08:32:55 +10:30
Ruben Maher
c2495e69f3 default.nix, mail-server/users.nix: add per-user sieve script 2017-11-20 09:04:32 +10:30
Robin Raymond
8b144b44b0
Merge pull request #39 from eqyiel/delete-comment 
mail-server/nginx.nix: delete dangling comment
 2017-11-19 08:37:32 +01:00
Ruben Maher
5f3c44b60f mail-server/nginx.nix: delete dangling comment 2017-11-19 08:14:04 +10:30
Ruben Maher
cd85fd9d2f s/vmailUIDStart/vmailUID/g 
The name vmailUIDStart is not consistent with how it is being used (as the UID
of the vmail user).
 2017-11-19 07:10:49 +10:30
Robin Raymond
5a851d837c
Merge pull request #31 from eqyiel/debug-option 
Add debug option for verbose logging
 2017-11-15 07:52:16 +01:00
Ruben Maher
f928924049 Add debug option for verbose logging 2017-11-15 08:22:46 +10:30
Robin Raymond
1d7e70c613
Merge pull request #33 from eqyiel/set-mydestination 
mail-server/postfix.nix: set mydestination to localhost
 2017-11-14 08:11:20 +01:00
Ruben Maher
f076a0af65 mail-server/postfix.nix: set mydestination to localhost 
In the event that your `cfg.fqdn` is the same as a domain in `cfg.domains`, you
will not be able to receive mail for users like `user1@fqdn` because postfix
will try to deliver the mail locally.
 2017-11-14 09:16:53 +10:30
Ruben Maher
43bd883cf6 mail-server/dovecot.nix: fix path to dovecot_maildir 2017-11-14 08:18:55 +10:30
Robin Raymond
b7c8c4ec3c
Merge pull request #30 from eqyiel/dovecot-indentation 
mail-server/dovecot.nix: fix indentation
 2017-11-13 15:07:08 +01:00
Ruben Maher
717dc36048 mail-server/dovecot.nix: fix indentation 2017-11-13 20:20:38 +10:30
Ruben Maher
7b3e33c49c mail-server/networking.nix: make use of use lib.optional 2017-11-13 20:10:33 +10:30