]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/postfix/sourcephile.fr.nix
dovecot: no longer use auth_bind=no
[sourcephile-nix.git] / servers / mermet / postfix / sourcephile.fr.nix
1 { pkgs, lib, config, ... }:
2 let
3 domain = "sourcephile.fr";
4 in
5 {
6 systemd.services.postfix.after = [
7 "${domain}.key.pem-key.service"
8 ];
9 services.postfix = {
10 config = {
11 virtual_mailbox_domains = [ domain ];
12 };
13 virtual = ''
14 root@${domain} julm@${domain}
15 admin@${domain} julm@${domain}
16 webmaster@${domain} julm@${domain}
17 postmaster@${domain} julm@${domain}
18 '';
19 config = {
20 virtual_alias_maps = [
21 ("ldap:"+pkgs.writeText "ldap-forward.cf" ''
22 version = 3
23 debuglevel = 0
24 server_host = ldapi://
25 bind = sasl
26 sasl_mechs = EXTERNAL
27 search_base = ou=posix,dc=sourcephile,dc=fr
28 scope = sub
29 dereference = 0
30 query_filter = (&(mail=%s)(mailEnabled=TRUE))
31 result_format = %s
32 result_attribute = mailForwardingAddress
33 '')
34 ("ldap:"+pkgs.writeText "ldap-virtual_alias_maps.cf" ''
35 version = 3
36 debuglevel = 0
37 server_host = ldapi://
38 bind = sasl
39 sasl_mechs = EXTERNAL
40 search_base = ou=posix,dc=sourcephile,dc=fr
41 scope = sub
42 dereference = 0
43 query_filter = (&(mailAlias=%s)(mailEnabled=TRUE))
44 result_format = %s
45 result_attribute = mail
46 '')
47 ];
48 };
49 # Allowed MAIL FROM addresses that belong to a given SASL authenticated user.
50 submissions.smtpd_sender_login_maps = [
51 ("ldap:"+pkgs.writeText "ldap-senders.cf" ''
52 version = 3
53 debuglevel = 0
54 server_host = ldapi://
55 bind = sasl
56 sasl_mechs = EXTERNAL
57 search_base = ou=posix,dc=sourcephile,dc=fr
58 scope = sub
59 dereference = 0
60 query_filter = (&(|(mail=%s)(mailAlias=%s))(mailEnabled=TRUE))
61 result_format = %s
62 result_attribute = uid
63 '')
64 ];
65 };
66 }