colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

postfix: fix connectivity issues

Browse Source
This commit is contained in:
Colin 2023-10-21 11:48:45 +00:00
parent c1e17a0693
commit 2fa00b4c73
2 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/by-name/servo/services/email/default.nix
View File

@ -22,6 +22,13 @@
# - but postfix delegates authorization of that outgoing mail to dovecot, on the server side # - but postfix delegates authorization of that outgoing mail to dovecot, on the server side
# #
# - local clients (i.e. sendmail) interact only with postfix # - local clients (i.e. sendmail) interact only with postfix
#
# debugging: general connectivity issues
# - test that inbound port 25 is unblocked:
# - `curl https://canyouseeme.org/ --data 'port=25&IP=185.157.162.178' | grep 'see your service'`
# - and retry with port 465, 587
# - i think this API requires the queried IP match the source IP
# - if necessary, `systemctl stop postfix` and `sudo nc -l 185.157.162.178 25`, then try https://canyouseeme.org
{ ... }: { ... }:
{ {

35
hosts/by-name/servo/services/email/postfix.nix
View File

@ -28,22 +28,25 @@ in
# "/var/lib/dovecot" # "/var/lib/dovecot"
]; ];
sane.ports.ports."25" = { # XXX(2023/10/20): opening these ports in the firewall has the OPPOSITE effect as intended.
protocol = [ "tcp" ]; # these ports are only routable so long as they AREN'T opened.
# XXX visibleTo.lan effectively means "open firewall, but don't configure any NAT/forwarding" # probably some cursed interaction with network namespaces introduced after 2023/10/10.
visibleTo.lan = true; # sane.ports.ports."25" = {
description = "colin-smtp-mx.uninsane.org"; # protocol = [ "tcp" ];
}; # # XXX visibleTo.lan effectively means "open firewall, but don't configure any NAT/forwarding"
sane.ports.ports."465" = { # visibleTo.lan = true;
protocol = [ "tcp" ]; # description = "colin-smtp-mx.uninsane.org";
visibleTo.lan = true; # };
description = "colin-smtps-mx.uninsane.org"; # sane.ports.ports."465" = {
}; # protocol = [ "tcp" ];
sane.ports.ports."587" = { # visibleTo.lan = true;
protocol = [ "tcp" ]; # description = "colin-smtps-mx.uninsane.org";
visibleTo.lan = true; # };
description = "colin-smtps-submission-mx.uninsane.org"; # sane.ports.ports."587" = {
}; # protocol = [ "tcp" ];
# visibleTo.lan = true;
# description = "colin-smtps-submission-mx.uninsane.org";
# };
# exists only to manage certs for Postfix # exists only to manage certs for Postfix
services.nginx.virtualHosts."mx.uninsane.org" = { services.nginx.virtualHosts."mx.uninsane.org" = {