blob: b6d59823240cdd3d25a3052f02891afffdf156ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
(define-module (deployment services mail)
#:export (smtp-service-aisaka)
#:use-module (gnu services)
#:use-module (gnu services mail)
#:use-module (guix gexp)
#:use-module ((gnu packages mail)
#:prefix gnu:packages:mail:))
(define aliases-file
(mixed-text-file "aliases"
"@ vmail\n"))
(define blacklist-file
(mixed-text-file "blacklist"
"@yahoo.com.cn\n"
"@qq.com\n"
"@fnac.com\n"
"@just-aero.us\n"
"@elitetorrent1.com\n"))
(define relays-file
(mixed-text-file "other-relays"
"mx1.forwardemail.net\n"
"mx2.forwardemail.net\n"))
(define smtpd-keys "/secrets/smtpd")
(define (smtpd-conf interface domain)
(mixed-text-file "smtpd.conf"
"# This is the smtpd server system-wide configuration file.\n"
"# See smtpd.conf(5) for more information.\n"
"\n"
"# My TLS certificate and key\n"
"pki marekpasnikowski.pl cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"\n"
"pki marekpasnikowski.pl key \"/etc/letsencrypt/live/" domain "/privkey.pem\"\n"
"\n"
"# Edit this file to add add more virtual users (passwords are read in that file\n"
"# instead of /etc/passwd\n"
"table passwd file:" smtpd-keys "\n"
"\n"
"# table other-relays file:" relays-file "\n"
"table blacklist file:" blacklist-file "\n"
"\n"
"# A simple spam filter\n"
"# filter spam-filter phase mail-from match mail-from <blacklist> reject \"555\"\n"
"\n"
"# port 25 is used only for receiving from external servers, and they may start\n"
"# a TLS session if they want.\n"
"listen on " interface " port 25 # tls pki marekpasnikowski.pl filter spam-filter\n"
"\n"
"# For sending messages from outside of this server, you need to authenticate and\n"
"# use TLS.\n"
"listen on " interface " port 465 smtps pki marekpasnikowski.pl mask-src auth <passwd>\n"
"\n"
"# Localhost is used by the .onion, so we use the same configuration for \n"
"# local connections."
"listen on lo port 25 tls pki marekpasnikowski.pl filter spam-filter\n"
"# Since incoming connection uses tor, we don't need tls, but still require\n"
"# authentication; we're not a relay\n"
"# listen on lo port 587 tls pki marekpasnikowski.pl mask-src auth <passwd>\n"
"\n"
"# DKIMproxy\n"
"listen on lo port 10028 tag DKIM_OUT\n"
"\n"
"# The socket is considered an internal connection\n"
"listen on socket mask-src\n"
"\n"
"# Maybe it'll work better if we connect to gmail only with v4?\n"
"# limit mta for domain gmail.com inet4\n"
"\n"
"# TODO: manage these files directly in the configuration?\n"
"# If you edit the file, you have to run \"smtpctl update table aliases\"\n"
"table aliases file:" aliases-file "\n"
"\n"
"# We define some actions\n"
"action receive lmtp \"/var/run/dovecot/lmtp\" rcpt-to virtual <aliases>\n"
"action godkim relay host smtp://localhost:10027\n"
"action outbound relay src \"192.168.1.2\" helo " domain "\n"
"\n"
"# We accept to relay any mail from authenticated users\n"
"match for any from any auth action godkim\n"
"match tag DKIM_OUT for any action outbound\n"
"\n"
"# Then, we reject on some other conditions:\n"
"\n"
"# If the mail tries to impersonate us\n"
"# match !from src <other-relays> mail-from \"@marekpasnikowski.pl\" for any reject\n"
"\n"
"# If it comes from someone on the blacklist\n"
"match from any mail-from <blacklist> reject\n"
"\n"
"# Finally, if we accept incoming messages\n"
"match from any for domain \"marekpasnikowski.pl\" action receive\n"
"match for local action receive\n" ))
(define opensmtpd-configuration-aisaka
(opensmtpd-configuration
(package gnu:packages:mail:opensmtpd)
(shepherd-requirement (list 'dkimproxy-out
'networking))
(config-file (smtpd-conf "enp2s0"
"marekpasnikowski.pl"))
(log-file "/val/log/mail.log")
(setgid-commands? #t)))
(define smtp-service-aisaka
(service opensmtpd-service-type
opensmtpd-configuration-aisaka))
;;; EOF
|
