5.6 KiB
Stable Releases
None so far.
Features
v2.0
- Multiple Domains
- Postfix MTA
- smtp on port 25
- submission port 587
- lmtp with dovecot
- Dovecot
- maildir folders
- imap starttls on port 143
- pop3 starttls on port 110
- Certificates
- manual certificates
- on the fly creation
- Let's Encrypt
- Spam Filtering
- via rspamd
- hard coded sieve script to move spam into Junk folder
- Virus Scanning
- via clamav
- DKIM Signing
- via opendkim
- User Management
- declarative user management
- declarative password management
In the future
- Sieves
- Allow user defined sieve scripts
- User Aliases
- More complete alias support
- DKIM Signing
- Allow a per domain selector
Changelog
v1.0 -> v1.1
- Changed structure to Nix Modules
- Adds Sieve support
v1.1 -> v2.0
- rename domain to fqdn, seperate fqdn from domains
- multi domain support
How to Deploy
{ config, pkgs, ... }:
{
imports = [
(builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/releases/tag/v2.0-rc1")
];
mailserver = {
enable = true;
fqdn = "mail.example.com";
domains = [ "example.com" "example2.com" ];
loginAccounts = {
"user1@example.com" = {
hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/";
};
};
virtualAliases = {
# address = forward address;
"info@example.com" = "user1@example.com";
"postmaster@example.com" = "user1@example.com";
"abuse@example.com" = "user1@example.com";
"user1@example2.com" = "user1@example.com";
"info@example2.com" = "user1@example.com";
"postmaster@example2.com" = "user1@example.com";
"abuse@example2.com" = "user1@example.com";
};
};
}
For a complete list of options, see default.nix
.
How to Test
You can test the setup via nixops
. After installation, do
nixops create nixops/single-server.nix nixops/vbox.nix -d mail
nixops deploy -d mail
nixops info -d mail
You can then test the server via e.g. telnet
. To log into it, use
nixops ssh -d mail mailserver
To test imap manually use
openssl s_client -host mail.example.com -port 143 -starttls imap
How to Set Up a 10/10 Mail Server
Mail servers can be a tricky thing to set up. This guide is supposed to run you
through the most important steps to achieve a 10/10 score on mail-tester.com
.
Fully Qualified Domain Name
No matter how many domains you want to serve on your mail server, you need to
settle on a Fully Qualified Domain Name (FQDN) where your server is reachable,
so that other servers can find yours. Common FQDN include mx.example.com
(where example.com
is a domain you own) or mail.example.com
.
After you settled on a FQDN (we will assume mx.example.com
henceforth) you
need to
-
Set a DNS entry on your domain to point to the IP of the server. For this add a DNS record such as
Name (Subdomain) TTL Type Priority Value mx.example.com 10800 A xxx.xxx.xxx.xxx
to your domain, where
xxx.xxx.xxx.xxx
is the IP of your server. -
Set a
rDNS
(reverse DNS) entry for your FQDN. You need to do so wherever you have rented your server. Make sure thatxxx.xxx.xxx.xxx
resolves tomx.example.com
.
MX Record
Name (Subdomain) | TTL | Type | Priority | Value |
---|---|---|---|---|
domain1.com | MX | 10 | mx.exmaple.com |
Spf record
Name (Subdomain) | TTL | Type | Priority | Value |
---|---|---|---|---|
domain1.com | 10800 | TXT | v=spf1 ip4:xxx.xxx.xxx.xxx -all |
DKIM signature
Name (Subdomain) | TTL | Type | Priority | Value |
---|---|---|---|---|
dkim._domainkey.domain1.com | 10800 | TXT | v=DKIM1; p=yyyyyyyyyyyy |
where yyyyyyyyyyyy
is the DKIM
signature
A Complete Mail Server Without Moving Parts
Used Technologies
- Nixos
- Nixpkgs
- Dovecot
- Postfix
- Rmilter
- Rspamd
- Clamav
- Opendkim
- Pam
Features
- unlimited domain
- unlimited mail accounts
- unlimited aliases for every mail account
- spam and virus checking
- dkim signing of outgoing emails
- imap (optionally pop3)
- startTLS
Nonfeatures
- moving parts
- SQL databases
- configurations that need to be made after
nixos-rebuild switch
- complicated storage schemes
- webclients / http-servers
Contributors
- Special thanks to @Infinisil for the module rewrite
- Special thanks to @jbboehr for multidomain implementation
- @danbst
- @phdoerfler
- @eqyiel
Credits
- send mail graphic by tnp_dreamingmao from TheNounProject is licensed under CC BY 3.0
- Logo made with Logomakr.com