stockholm/krebs/3modules/exim-retiolum.nix

142 lines
3.7 KiB
Nix
Raw Normal View History

2015-08-13 11:46:09 +02:00
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.krebs.exim-retiolum;
out = {
options.krebs.exim-retiolum = api;
config = mkIf cfg.enable imp;
2015-08-13 11:46:09 +02:00
};
api = {
enable = mkEnableOption "krebs.exim-retiolum";
};
imp = {
services.exim = {
enable = true;
config =
# This configuration makes only sense for retiolum-enabled hosts.
# TODO modular configuration
assert config.krebs.retiolum.enable;
''
primary_hostname = ${retiolumHostname}
domainlist local_domains = @ : localhost
domainlist relay_to_domains = *.retiolum
hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
2015-08-13 11:46:09 +02:00
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
2015-08-13 11:46:09 +02:00
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
2015-08-13 11:46:09 +02:00
log_file_path = syslog
syslog_timestamp = false
syslog_duplication = false
2015-08-13 11:46:09 +02:00
begin acl
2015-08-13 11:46:09 +02:00
acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
2015-08-13 11:46:09 +02:00
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
2015-08-13 11:46:09 +02:00
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
2015-08-13 11:46:09 +02:00
accept local_parts = postmaster
domains = +local_domains
2015-08-13 11:46:09 +02:00
#accept
# hosts = *.retiolum
# domains = *.retiolum
# control = dkim_disable_verify
2015-08-13 11:46:09 +02:00
#require verify = sender
2015-08-13 11:46:09 +02:00
accept hosts = +relay_from_hosts
control = submission
control = dkim_disable_verify
2015-08-13 11:46:09 +02:00
accept authenticated = *
control = submission
control = dkim_disable_verify
2015-08-13 11:46:09 +02:00
require message = relay not permitted
domains = +local_domains : +relay_to_domains
2015-08-13 11:46:09 +02:00
require verify = recipient
2015-08-13 11:46:09 +02:00
accept
2015-08-13 11:46:09 +02:00
acl_check_data:
accept
2015-08-13 11:46:09 +02:00
begin routers
2015-08-13 11:46:09 +02:00
retiolum:
driver = manualroute
domains = ! ${retiolumHostname} : *.retiolum
transport = remote_smtp
route_list = ^.* $0 byname
no_more
2015-08-13 11:46:09 +02:00
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
2015-08-13 11:46:09 +02:00
local_user:
# debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = home_maildir
cannot_route_message = Unknown user
2015-08-13 11:46:09 +02:00
begin transports
2015-08-13 11:46:09 +02:00
remote_smtp:
driver = smtp
2015-08-13 11:46:09 +02:00
home_maildir:
driver = appendfile
maildir_format
directory = $home/Maildir
directory_mode = 0700
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660
2015-08-13 11:46:09 +02:00
begin retry
*.retiolum * F,42d,1m
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
2015-08-13 11:46:09 +02:00
begin rewrite
2015-08-13 11:46:09 +02:00
begin authenticators
'';
};
2015-08-13 11:46:09 +02:00
};
# TODO get the hostname from somewhere else.
retiolumHostname = "${config.networking.hostName}.retiolum";
in
out