nix-files/config/services/postfix.nix

{ config, pkgs, lib, ... }:

{
  services.postfix.enable = true;
  services.postfix.hostname = "mx.uninsane.org";
  services.postfix.origin = "uninsane.org";
  services.postfix.destination = ["localhost" "uninsane.org"];

  services.postfix.virtual = ''
    @uninsane.org colin
  '';

  services.postfix.extraConfig = ''
    # smtpd_milters = local:/run/opendkim/opendkim.sock
    # milter docs: http://www.postfix.org/MILTER_README.html
    # mail filters for receiving email and authorized SMTP clients
    # smtpd_milters = inet:185.157.162.190:8891
    smtpd_milters = unix:/run/opendkim/opendkim.sock
    # mail filters for sendmail
    non_smtpd_milters = $smtpd_milters
    milter_default_action = accept
    inet_protocols = ipv4
  '';

  systemd.services.postfix.after = ["wg0veth.service"];
  systemd.services.postfix.serviceConfig = {
    # run this behind the OVPN static VPN
    NetworkNamespacePath = "/run/netns/ovpns";
  };


  services.opendkim.enable = true;
  # services.opendkim.domains = "csl:uninsane.org";
  services.opendkim.domains = "uninsane.org";

  # we use a custom (inet) socket, because the default perms
  # of the unix socket don't allow postfix to connect.
  # this sits on the machine-local 10.0.1 interface because it's the closest
  # thing to a loopback interface shared by postfix and opendkim netns.
  # services.opendkim.socket = "inet:8891@185.157.162.190";
  # services.opendkim.socket = "local:/run/opendkim.sock";
  # selectors can be used to disambiguate sender machines.
  # keeping this the same as the hostname seems simplest
  services.opendkim.selector = "mx";

  systemd.services.opendkim.after = ["wg0veth.service"];
  systemd.services.opendkim.serviceConfig = {
    # run this behind the OVPN static VPN
    NetworkNamespacePath = "/run/netns/ovpns";
    # /run/opendkim/opendkim.sock needs to be rw by postfix
    UMask = lib.mkForce "0011";
  };
}
prototype postfix config. disabled until i configure virtual alias map 2022-04-27 08:48:40 +00:00			`{ config, pkgs, lib, ... }:`

			`{`
postfix working for sending signed mail to itself. not tested: - sending to root - receiving from an external domain - sending to an external domain (definitely won't work, since the DNS keys aren't correct anymore) 2022-04-28 07:22:03 +00:00			`services.postfix.enable = true;`
prototype postfix config. disabled until i configure virtual alias map 2022-04-27 08:48:40 +00:00			`services.postfix.hostname = "mx.uninsane.org";`
postfix working for sending signed mail to itself. not tested: - sending to root - receiving from an external domain - sending to an external domain (definitely won't work, since the DNS keys aren't correct anymore) 2022-04-28 07:22:03 +00:00			`services.postfix.origin = "uninsane.org";`
			`services.postfix.destination = ["localhost" "uninsane.org"];`

			`services.postfix.virtual = ''`
			`@uninsane.org colin`
			`'';`

			`services.postfix.extraConfig = ''`
			`# smtpd_milters = local:/run/opendkim/opendkim.sock`
postfix: fix DKIM signing although gmail doesn't seem to be accepting my messages yet :'( 2022-05-06 11:43:17 +00:00			`# milter docs: http://www.postfix.org/MILTER_README.html`
			`# mail filters for receiving email and authorized SMTP clients`
			`# smtpd_milters = inet:185.157.162.190:8891`
			`smtpd_milters = unix:/run/opendkim/opendkim.sock`
			`# mail filters for sendmail`
postfix working for sending signed mail to itself. not tested: - sending to root - receiving from an external domain - sending to an external domain (definitely won't work, since the DNS keys aren't correct anymore) 2022-04-28 07:22:03 +00:00			`non_smtpd_milters = $smtpd_milters`
			`milter_default_action = accept`
postfix: fix DKIM signing although gmail doesn't seem to be accepting my messages yet :'( 2022-05-06 11:43:17 +00:00			`inet_protocols = ipv4`
postfix working for sending signed mail to itself. not tested: - sending to root - receiving from an external domain - sending to an external domain (definitely won't work, since the DNS keys aren't correct anymore) 2022-04-28 07:22:03 +00:00			`'';`

postfix: fix DKIM signing although gmail doesn't seem to be accepting my messages yet :'( 2022-05-06 11:43:17 +00:00			`systemd.services.postfix.after = ["wg0veth.service"];`
			`systemd.services.postfix.serviceConfig = {`
			`# run this behind the OVPN static VPN`
			`NetworkNamespacePath = "/run/netns/ovpns";`
			`};`


postfix working for sending signed mail to itself. not tested: - sending to root - receiving from an external domain - sending to an external domain (definitely won't work, since the DNS keys aren't correct anymore) 2022-04-28 07:22:03 +00:00			`services.opendkim.enable = true;`
postfix: fix DKIM signing although gmail doesn't seem to be accepting my messages yet :'( 2022-05-06 11:43:17 +00:00			`# services.opendkim.domains = "csl:uninsane.org";`
			`services.opendkim.domains = "uninsane.org";`
postfix working for sending signed mail to itself. not tested: - sending to root - receiving from an external domain - sending to an external domain (definitely won't work, since the DNS keys aren't correct anymore) 2022-04-28 07:22:03 +00:00
			`# we use a custom (inet) socket, because the default perms`
postfix: fix DKIM signing although gmail doesn't seem to be accepting my messages yet :'( 2022-05-06 11:43:17 +00:00			`# of the unix socket don't allow postfix to connect.`
			`# this sits on the machine-local 10.0.1 interface because it's the closest`
			`# thing to a loopback interface shared by postfix and opendkim netns.`
			`# services.opendkim.socket = "inet:8891@185.157.162.190";`
			`# services.opendkim.socket = "local:/run/opendkim.sock";`
postfix working for sending signed mail to itself. not tested: - sending to root - receiving from an external domain - sending to an external domain (definitely won't work, since the DNS keys aren't correct anymore) 2022-04-28 07:22:03 +00:00			`# selectors can be used to disambiguate sender machines.`
			`# keeping this the same as the hostname seems simplest`
			`services.opendkim.selector = "mx";`
postfix: run behind ovpns this gives us a static IPv4 IP address which has an unblocked SMTP port. 2022-05-03 00:44:15 +00:00
postfix: fix DKIM signing although gmail doesn't seem to be accepting my messages yet :'( 2022-05-06 11:43:17 +00:00			`systemd.services.opendkim.after = ["wg0veth.service"];`
			`systemd.services.opendkim.serviceConfig = {`
postfix: run behind ovpns this gives us a static IPv4 IP address which has an unblocked SMTP port. 2022-05-03 00:44:15 +00:00			`# run this behind the OVPN static VPN`
			`NetworkNamespacePath = "/run/netns/ovpns";`
postfix: fix DKIM signing although gmail doesn't seem to be accepting my messages yet :'( 2022-05-06 11:43:17 +00:00			`# /run/opendkim/opendkim.sock needs to be rw by postfix`
			`UMask = lib.mkForce "0011";`
postfix: run behind ovpns this gives us a static IPv4 IP address which has an unblocked SMTP port. 2022-05-03 00:44:15 +00:00			`};`
prototype postfix config. disabled until i configure virtual alias map 2022-04-27 08:48:40 +00:00			`}`