ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2024-11-11 19:39:16 +05:00
Code Issues Packages Projects Releases Wiki Activity
A complete and Simple Nixos Mailserver
163 Commits 40 Branches 22 Tags 167 MiB
Nix 93.7%
Python 5.7%
Sieve 0.3%
Shell 0.3%
a12c42bdfb
Go to file
Robin Raymond a12c42bdfb
Merge pull request #27 from eqyiel/fix-examples 
nixos-mailserver/default.nix: fix examples
2017-11-12 11:25:03 +01:00
logo add logo 2017-09-13 14:03:04 +02:00
mail-server fix multidomain dkim signing fixes #24 2017-11-11 16:06:28 +01:00
nixops Fix syntax error in sample nixops config 2017-11-11 09:53:35 +00:00
tests remove output from fetchmail in test 2017-11-11 16:07:48 +01:00
.editorconfig Remove makefile section from editorconfig 2017-11-11 09:47:25 +00:00
.travis.yml Switch to nixpkgs-unstable channel. 2017-09-22 12:50:06 -05:00
default.nix nixos-mailserver/default.nix: fix examples 2017-11-12 12:29:53 +10:30
LICENSE Initial commit 2016-07-21 18:09:04 +02:00
README.md update readme for v2.0 2017-11-11 16:15:30 +01:00

README.md

Simple Nixos MailServer

license status

Stable Releases

None so far.

Latest Release Candidate

Features

v2.0

  • Multiple Domains
  • Postfix MTA
    • smtp on port 25
    • submission port 587
    • lmtp with dovecot
  • Dovecot
    • maildir folders
    • imap starttls on port 143
    • pop3 starttls on port 110
  • Certificates
    • manual certificates
    • on the fly creation
    • Let's Encrypt
  • Spam Filtering
    • via rspamd
    • hard coded sieve script to move spam into Junk folder
  • Virus Scanning
    • via clamav
  • DKIM Signing
    • via opendkim
  • User Management
    • declarative user management
    • declarative password management

In the future

  • Sieves
    • Allow user defined sieve scripts
  • User Aliases
    • More complete alias support
  • DKIM Signing
    • Allow a per domain selector

Changelog

v1.0 -> v1.1

  • Changed structure to Nix Modules
  • Adds Sieve support

v1.1 -> v2.0

  • rename domain to fqdn, seperate fqdn from domains
  • multi domain support

How to Deploy

{ config, pkgs, ... }:
{
  imports = [
    (builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/releases/tag/v2.0-rc1")
  ];

  mailserver = {
    enable = true;
    fqdn = "mail.example.com";
    domains = [ "example.com" "example2.com" ];
    loginAccounts = {
        "user1@example.com" = {
            hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
        };
    };
    virtualAliases = {
        # address = forward address;
        "info@example.com" = "user1@example.com";
        "postmaster@example.com" = "user1@example.com";
        "abuse@example.com" = "user1@example.com";
        "user1@example2.com" = "user1@example.com";
        "info@example2.com" = "user1@example.com";
        "postmaster@example2.com" = "user1@example.com";
        "abuse@example2.com" = "user1@example.com";
    };
  };
}

For a complete list of options, see default.nix.

How to Test

You can test the setup via nixops. After installation, do

nixops create nixops/single-server.nix nixops/vbox.nix -d mail
nixops deploy -d mail
nixops info -d mail

You can then test the server via e.g. telnet. To log into it, use

nixops ssh -d mail mailserver

To test imap manually use

openssl s_client -host mail.example.com -port 143 -starttls imap

How to Set Up a 10/10 Mail Server

Mail servers can be a tricky thing to set up. This guide is supposed to run you through the most important steps to achieve a 10/10 score on mail-tester.com.

Fully Qualified Domain Name

No matter how many domains you want to serve on your mail server, you need to settle on a Fully Qualified Domain Name (FQDN) where your server is reachable, so that other servers can find yours. Common FQDN include mx.example.com (where example.com is a domain you own) or mail.example.com.

After you settled on a FQDN (we will assume mx.example.com henceforth) you need to

  • Set a DNS entry on your domain to point to the IP of the server. For this add a DNS record such as

    Name (Subdomain) TTL Type Priority Value
    mx.example.com 10800 A xxx.xxx.xxx.xxx

    to your domain, where xxx.xxx.xxx.xxx is the IP of your server.

  • Set a rDNS (reverse DNS) entry for your FQDN. You need to do so wherever you have rented your server. Make sure that xxx.xxx.xxx.xxx resolves to mx.example.com.

MX Record

Name (Subdomain) TTL Type Priority Value
domain1.com MX 10 mx.exmaple.com

Spf record

Name (Subdomain) TTL Type Priority Value
domain1.com 10800 TXT v=spf1 ip4:xxx.xxx.xxx.xxx -all

DKIM signature

Name (Subdomain) TTL Type Priority Value
dkim._domainkey.domain1.com 10800 TXT v=DKIM1; p=yyyyyyyyyyyy

where yyyyyyyyyyyy is the DKIM signature

A Complete Mail Server Without Moving Parts

Used Technologies

  • Nixos
  • Nixpkgs
  • Dovecot
  • Postfix
  • Rmilter
  • Rspamd
  • Clamav
  • Opendkim
  • Pam

Features

  • unlimited domain
  • unlimited mail accounts
  • unlimited aliases for every mail account
  • spam and virus checking
  • dkim signing of outgoing emails
  • imap (optionally pop3)
  • startTLS

Nonfeatures

  • moving parts
  • SQL databases
  • configurations that need to be made after nixos-rebuild switch
  • complicated storage schemes
  • webclients / http-servers

Contributors

  • Special thanks to @Infinisil for the module rewrite
  • Special thanks to @jbboehr for multidomain implementation
  • @danbst
  • @phdoerfler
  • @eqyiel

Credits