postfix: fix connectivity issues
This commit is contained in:
parent
c1e17a0693
commit
2fa00b4c73
|
@ -22,6 +22,13 @@
|
|||
# - but postfix delegates authorization of that outgoing mail to dovecot, on the server side
|
||||
#
|
||||
# - local clients (i.e. sendmail) interact only with postfix
|
||||
#
|
||||
# debugging: general connectivity issues
|
||||
# - test that inbound port 25 is unblocked:
|
||||
# - `curl https://canyouseeme.org/ --data 'port=25&IP=185.157.162.178' | grep 'see your service'`
|
||||
# - and retry with port 465, 587
|
||||
# - i think this API requires the queried IP match the source IP
|
||||
# - if necessary, `systemctl stop postfix` and `sudo nc -l 185.157.162.178 25`, then try https://canyouseeme.org
|
||||
|
||||
{ ... }:
|
||||
{
|
||||
|
|
|
@ -28,22 +28,25 @@ in
|
|||
# "/var/lib/dovecot"
|
||||
];
|
||||
|
||||
sane.ports.ports."25" = {
|
||||
protocol = [ "tcp" ];
|
||||
# XXX visibleTo.lan effectively means "open firewall, but don't configure any NAT/forwarding"
|
||||
visibleTo.lan = true;
|
||||
description = "colin-smtp-mx.uninsane.org";
|
||||
};
|
||||
sane.ports.ports."465" = {
|
||||
protocol = [ "tcp" ];
|
||||
visibleTo.lan = true;
|
||||
description = "colin-smtps-mx.uninsane.org";
|
||||
};
|
||||
sane.ports.ports."587" = {
|
||||
protocol = [ "tcp" ];
|
||||
visibleTo.lan = true;
|
||||
description = "colin-smtps-submission-mx.uninsane.org";
|
||||
};
|
||||
# XXX(2023/10/20): opening these ports in the firewall has the OPPOSITE effect as intended.
|
||||
# these ports are only routable so long as they AREN'T opened.
|
||||
# probably some cursed interaction with network namespaces introduced after 2023/10/10.
|
||||
# sane.ports.ports."25" = {
|
||||
# protocol = [ "tcp" ];
|
||||
# # XXX visibleTo.lan effectively means "open firewall, but don't configure any NAT/forwarding"
|
||||
# visibleTo.lan = true;
|
||||
# description = "colin-smtp-mx.uninsane.org";
|
||||
# };
|
||||
# sane.ports.ports."465" = {
|
||||
# protocol = [ "tcp" ];
|
||||
# visibleTo.lan = true;
|
||||
# description = "colin-smtps-mx.uninsane.org";
|
||||
# };
|
||||
# sane.ports.ports."587" = {
|
||||
# protocol = [ "tcp" ];
|
||||
# visibleTo.lan = true;
|
||||
# description = "colin-smtps-submission-mx.uninsane.org";
|
||||
# };
|
||||
|
||||
# exists only to manage certs for Postfix
|
||||
services.nginx.virtualHosts."mx.uninsane.org" = {
|
||||
|
|
Loading…
Reference in New Issue
Block a user