postfix: fix connectivity issues
This commit is contained in:
parent
c1e17a0693
commit
2fa00b4c73
|
@ -22,6 +22,13 @@
|
||||||
# - but postfix delegates authorization of that outgoing mail to dovecot, on the server side
|
# - but postfix delegates authorization of that outgoing mail to dovecot, on the server side
|
||||||
#
|
#
|
||||||
# - local clients (i.e. sendmail) interact only with postfix
|
# - local clients (i.e. sendmail) interact only with postfix
|
||||||
|
#
|
||||||
|
# debugging: general connectivity issues
|
||||||
|
# - test that inbound port 25 is unblocked:
|
||||||
|
# - `curl https://canyouseeme.org/ --data 'port=25&IP=185.157.162.178' | grep 'see your service'`
|
||||||
|
# - and retry with port 465, 587
|
||||||
|
# - i think this API requires the queried IP match the source IP
|
||||||
|
# - if necessary, `systemctl stop postfix` and `sudo nc -l 185.157.162.178 25`, then try https://canyouseeme.org
|
||||||
|
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
|
|
@ -28,22 +28,25 @@ in
|
||||||
# "/var/lib/dovecot"
|
# "/var/lib/dovecot"
|
||||||
];
|
];
|
||||||
|
|
||||||
sane.ports.ports."25" = {
|
# XXX(2023/10/20): opening these ports in the firewall has the OPPOSITE effect as intended.
|
||||||
protocol = [ "tcp" ];
|
# these ports are only routable so long as they AREN'T opened.
|
||||||
# XXX visibleTo.lan effectively means "open firewall, but don't configure any NAT/forwarding"
|
# probably some cursed interaction with network namespaces introduced after 2023/10/10.
|
||||||
visibleTo.lan = true;
|
# sane.ports.ports."25" = {
|
||||||
description = "colin-smtp-mx.uninsane.org";
|
# protocol = [ "tcp" ];
|
||||||
};
|
# # XXX visibleTo.lan effectively means "open firewall, but don't configure any NAT/forwarding"
|
||||||
sane.ports.ports."465" = {
|
# visibleTo.lan = true;
|
||||||
protocol = [ "tcp" ];
|
# description = "colin-smtp-mx.uninsane.org";
|
||||||
visibleTo.lan = true;
|
# };
|
||||||
description = "colin-smtps-mx.uninsane.org";
|
# sane.ports.ports."465" = {
|
||||||
};
|
# protocol = [ "tcp" ];
|
||||||
sane.ports.ports."587" = {
|
# visibleTo.lan = true;
|
||||||
protocol = [ "tcp" ];
|
# description = "colin-smtps-mx.uninsane.org";
|
||||||
visibleTo.lan = true;
|
# };
|
||||||
description = "colin-smtps-submission-mx.uninsane.org";
|
# sane.ports.ports."587" = {
|
||||||
};
|
# protocol = [ "tcp" ];
|
||||||
|
# visibleTo.lan = true;
|
||||||
|
# description = "colin-smtps-submission-mx.uninsane.org";
|
||||||
|
# };
|
||||||
|
|
||||||
# exists only to manage certs for Postfix
|
# exists only to manage certs for Postfix
|
||||||
services.nginx.virtualHosts."mx.uninsane.org" = {
|
services.nginx.virtualHosts."mx.uninsane.org" = {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user