};
};
config = {
+users.groups.acme.members = [ postfix.user ];
systemd.services.postfix = {
after = ["openldap.service"];
preStart = ''
# Reject if the domain is not working, even before bothering to check the address
"reject_unknown_recipient_domain"
# Reject if the address is not working
+ # WARNING: this does not work if the recipient is greylisting.
# WARNING: verify(8) has a cache, dumpable if verify(8) is stopped, with:
# postmap -s btree:/var/lib/postfix/data/verify_cache
- "reject_unverified_recipient"
+ #"reject_unverified_recipient"
"permit"
];
# Trust the verify database
- unverified_recipient_reject_code = "550";
+ #unverified_recipient_reject_code = "550";
smtpd_data_restrictions = [
# Force the smtpd's client to wait OK before sending
"reject_unauth_pipelining"
"hash:/etc/postfix/virtual"
];
virtual_transport = "lmtp:unix:private/dovecot-lmtp";
+ /*
+ dovecot_destination_recipient_limit = "1";
+ virtual_transport = "dovecot";
+ */
# There is no fallback
fallback_transport = "";
"TLSv1.2"
];
milter_macro_daemon_name = "ORIGINATING";
+ smtpd_helo_restrictions = [
+ "permit_sasl_authenticated"
+ ] ++ postfix.config.smtpd_helo_restrictions;
smtpd_relay_restrictions = [
# SASL authorizes to send to the world
"permit_sasl_authenticated"
'';
};
};
+ /*
+ dovecot = {
+ type = "unix";
+ privileged = true;
+ chroot = false;
+ command = "pipe";
+ args = let
+ # rspamd could be used as a milter, but then it cannot apply
+ # its checks "per user" (milter is not yet dispatched to
+ # users), so we wrap dovecot-lda inside rspamc per recipient
+ # here.
+ rspamc_dovecot = pkgs.writeScriptBin "rspamc_dovecot" ''
+ #!${pkgs.stdenv.shell}
+ sender="$1"
+ original_recipient="$2"
+ user="$3"
+ ${pkgs.coreutils}/bin/cat - | \
+ (${pkgs.rspamd}/bin/rspamc -h ${config.myServices.mail.rspamd.sockets.worker-controller} -c bayes -d "$user" --mime || true) | \
+ ${pkgs.dovecot}/libexec/dovecot/dovecot-lda -f "$sender" -a "$original_recipient" -d "$user"
+ '';
+ in [
+ "flags=DRhu" "user=vhost:vhost"
+ "argv=${rspamc_dovecot}/bin/rspamc_dovecot \${sender} \${original_recipient} \${user}@\${nexthop}"
+ ];
+ };
+ */
};
extraMasterConf = ''
#spfcheck unix - n n - 0 spawn