Commit Graph

62 Commits

Author SHA1 Message Date
Bjørn Forsman
a3b03d1b5a Use umask for race-free permission setting
Without using umask there's a small time window where paths are world
readable. That is a bad idea to do for secret files (e.g. the dovecot
code path).
2023-07-17 18:22:16 +02:00
Antoine Eiche
71b4c62d85 dovecot: fix a typo on userAttrs 2023-07-11 19:31:20 +00:00
Antoine Eiche
fb3210b932 ldap: do not write password to the Nix store 2023-07-11 19:31:20 +00:00
Martin Weinelt
08f077c5ca Add support for LDAP users
Allow configuring lookups for users and their mail addresses from an
LDAP directory. The LDAP username will be used as an accountname as
opposed to the email address used as the `loginName` for declarative
accounts. Mailbox for LDAP users will be stored below
`/var/vmail/ldap/<account>`.

Configuring domains is out of scope, since domains require further
configuration within the NixOS mailserver construct to set up all
related services accordingly.

Aliases can already be configured using `mailserver.forwards` but could
be supported using LDAP at a later point.
2023-07-11 19:31:20 +00:00
Florian Klink
0c1801b489 dovecot: add dovecot_pigeonhole to system packages
`sieve-test` can be used to test sieve scripts.

It's annoying to nix-shell it in, because it reads the dovecot global
config and might stumble over incompatible .so files (as has happened
to me).

Simply providing it in $PATH is easier.
2023-06-29 20:54:57 +02:00
Lafiel
d8131ffc61 dovecot: split passdb and userdb 2023-05-23 20:41:36 +00:00
Maximilian Bosch
bd99079363 mail-server/dovecot: also learn spam/ham on APPEND
The current configuration doesn't work when moving spam from the INBOX
to Junk on a local maildir and then syncing the result to the IMAP
server with `mbsync(1)`. This is because `mbsync(1)` doesn't support a
mvoe-detection[1] (i.e. an IMAP MOVE which subsequently causes a Sieve
COPY according to RFC6851 which then triggers report{h,sp}am.sieve), but
instead sends `APPEND` (and removes the message in the src mailbox after
that).

Tested on my own mailserver that this fixes spam learning.

This doesn't work the other way round though because `APPEND` doesn't
have an origin. However, learning mails as spam happens more often than
learning spam as ham, so this is IMHO still useful.

[1] https://sourceforge.net/p/isync/mailman/isync-devel/thread/87y2p1tihz.fsf%40ericabrahamsen.net/#msg37030483
2023-05-23 19:49:59 +00:00
Lionello Lunesu
822c5f22bd Fix fullTextSearch.enable=false 2021-11-26 04:57:43 +00:00
Antoine Eiche
72748d7b6d Use the Junk mailbox name defined in the mailboxes attrs
Previously, the static Junk mailbox was used in sieve script to move
spam messages. This patch gets the Junk mailbox defined in the dovecot
mailboxes attribute instead.

Fixes #224
2021-08-06 16:21:03 +00:00
Antoine Eiche
93330c5453 Move indexDir option to the mailserver scope
This option has been initially in the mailserver.fullTextSearch
scope. However, this option modifies the location of all index files
of dovecot and not only those used by the full text search feature. It
is then more relevant to have this option in the mailserver top level
scope.

Moreover, the default option has been changed to null in order to keep
existing index files where they are: changing the index location means
recreating all index files. The fts documentation however recommend to
change this default location when enabling the fts feature.
2021-04-07 22:22:38 +02:00
Emmanouil Kampitakis
d75614a653 Feature/configurable delimiter 2021-03-22 19:05:34 +00:00
Andreas Rammhold
7627c29268
Store FTS index in directory per domain & user to avoid collisions
Previously all the xapian files and logs would be stored in the same
folder for all users. This couid probably lead to weird situations where
all users get the same search results.
2021-03-07 11:26:35 +01:00
Symphorien Gibol
06b989c1e7 add full text search support 2021-03-04 22:17:25 +01:00
Henri Menke
89bd89c706 Recommend bcrypt passwords everywhere 2020-11-29 20:19:46 +01:00
Henri Menke
c00fc587f5
Configurable sieve script directory 2020-11-21 14:39:49 +01:00
Antoine Eiche
4818b57a92 test.dovecot: ensure port 143 is closed when enableImap is not set
The test also checks the connection on the imap port 993 is a SSL
connection.
2020-10-05 21:18:36 +02:00
Milan Pässler
cc526a2700 add full support for tls wrapped mode 2020-10-05 20:54:46 +02:00
Brian Olsen
eb70dd1f55
Fix passwfile update
Currently oneshot services are not re-run on NixOS activate and that
meant that you needed to manually restart `gen-passwd-file` for new
users to be available.

This commit removes the `gen-passwd-file` service and instead simply
calls the same script in the dovecot2 preStart.
2020-06-19 16:02:21 +02:00
Benjamin Asbach
fb8886547b Enable dovecot option to prefer server ciphers
This might prevent misconfigured clients to use a weak cipher when stronger ciphers are available.
2020-05-27 10:10:59 +02:00
Benjamin Asbach
9b98746515 Set TLSv1.2 as minimal TLS version for dovecot
TLSv1 and TLSv1.1 are commonly opinioned as deprecated.
2020-05-27 10:10:59 +02:00
Ryan Trinkle
066dba1b2f Fix spelling of lmtp in option 2020-05-25 18:19:32 -04:00
Antoine Eiche
7788eccc24 Merge branch 'eqyiel/nixos-mailserver-feat/make-lmtp_save_to_detail_mailbox-optional' 2020-05-08 21:02:55 +02:00
Galen Abell
6563abc1c4 Fix password hash file generation behavior
- Move the "create password hash file from hashed password" behavior to
  a separate variable, since having it in the default field of config
  would always cause the warning to trigger
- Change type of hashedPassword to `nullOr str`
2020-03-06 17:27:47 +00:00
Maximilian Bosch
14cabd62e5
Trigger restart of postfix if passwords of mail accounts change 2019-10-18 21:21:01 +02:00
Ruben Maher
b4f6d96365 fix: make surprising lmtp_save_to_detail_mailbox behaviour optional 2019-09-01 20:21:11 +09:00
Alberto Berti
0ff81a9593 Make the delimiter configuration work 2019-07-26 19:00:32 +02:00
Alberto Berti
fad71d9948 Fix typo 2019-07-25 17:55:01 +02:00
Alberto Berti
253c8732b4 Add subaddresses configuration 2019-07-25 17:30:20 +02:00
plchldr
fa0541b96b remove Diffie Hillman parameter creation as it is handled by the upstream dovecot2 module as of 18.09 2018-10-30 17:56:25 +01:00
Brian Olsen
61df799036 dovecot: Add spam filter traning using imapsieve 2018-06-29 21:36:34 +09:30
Brian Olsen
410c6c410b Use nixpkgs functions to check dovecot version 2018-06-29 21:36:34 +09:30
Brian Olsen
8a27b941bf Start dovecot before postfix and add target for certificates
It seemed weird to me that preStart on postfix was used to generate
files not needed directly by postfix and for the self-signed
certificate which is also needed by dovecot. nginx.service was also
used as a proxy for when ACME certificate generation was done.

So I have created mailserver-certificates.target for when certificates
are available for other services. For self-signed that means that a
new oneshot service called mailserver-selfsigned-certificate has been
run. And for ACME this means that the target
acme-selfsigned-certificates has been reached (which is when acme has
created the self-signed certificates used before the actual
certificates provided by LetsEncrypt are created). This setup has the
added bonus that if you want to run a service to provide your own
certificates you can set that to run before
mailserver-certificates.target.

DH Parameters are only needed by dovecot so generation of that file has
been moved to the dovecot2 preStart.

And lastly the only remaining reason to for dovecot to start before
postfix was that the auth and lmtp sockets where located in a directory
created by postfix. But since they could just as well be located in
/run/dovecot2 as long as postfix has access to them I have moved them
there.
2018-06-29 21:35:16 +09:30
Brian Olsen
0fbfbafb6e Make dovecot sockets use postfix user/group options 2018-06-29 21:35:16 +09:30
Philipp Dörfler
4f36b72dd6 Added dovecot option for mail_max_userip_connections defaulting to 100 2018-03-13 10:43:30 +00:00
Philipp Dörfler
43d36d9b76 Dovecot: Mailbox config + hierarchy separator + FS layout.
- Factored mailbox config into its own option.
- Added hierarchy separator option.
- Added option for using FS layout.
2018-02-22 20:32:21 +00:00
Robin Raymond
436cf0513b add vitual mail users 2018-02-18 12:17:32 +01:00
Ruben Maher
5b570ad5a0 dovecot: read dovecot version into nix variable
This allows determining whether it's OK to use particular configuration
variables that will throw errors when used in older versions.
2018-02-17 22:24:39 +10:30
Robin Raymond
f6546a1a8e fix dovecot 2.3 ssl_dh 2018-02-13 13:18:31 +01:00
Robin Raymond
aca43875dc update copywright 2018-01-29 10:34:27 +01:00
Andrey Golovizin
ee479ae683 Run spam.sieve after user scripts
Allows the user to override or disable it, if necessary.
2018-01-07 14:05:16 +01:00
Andrey Golovizin
aeedb25daf Use sieve_default option for sieveScript
https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration#Visible_Default_Script
2018-01-07 14:05:16 +01:00
Andrey Golovizin
a6d9604ea5 Fix Sieve script activation via ManageSieve 2018-01-07 14:05:16 +01:00
Robin Raymond
eeb7fd64af implement qutoas 2017-12-22 16:58:35 +01:00
Robin Raymond
2d0648e0f4 move from real users to passwd file 2017-12-22 16:08:42 +01:00
Ruben Maher
d3fc1cccbd mail-server/dovecot.nix: automatically subscribe to new mailboxes
When a mailbox is created by sieve or is delivered to directly by IMAP commands,
created IMAP folders are not subscribed to by dovecot.  These configuration
options change that.

Acked-by: Ruben Maher <ruben@maher.fyi>
2017-11-21 08:32:55 +10:30
Ruben Maher
c2495e69f3 default.nix, mail-server/users.nix: add per-user sieve script 2017-11-20 09:04:32 +10:30
Robin Raymond
5a851d837c
Merge pull request #31 from eqyiel/debug-option
Add debug option for verbose logging
2017-11-15 07:52:16 +01:00
Ruben Maher
f928924049 Add debug option for verbose logging 2017-11-15 08:22:46 +10:30
Ruben Maher
43bd883cf6 mail-server/dovecot.nix: fix path to dovecot_maildir 2017-11-14 08:18:55 +10:30
Ruben Maher
717dc36048 mail-server/dovecot.nix: fix indentation 2017-11-13 20:20:38 +10:30