diff --git a/hosts/by-name/servo/services/postfix.nix b/hosts/by-name/servo/services/postfix.nix index d3364da4..cdb7b9a6 100644 --- a/hosts/by-name/servo/services/postfix.nix +++ b/hosts/by-name/servo/services/postfix.nix @@ -1,5 +1,16 @@ # DOCS: +# - postfix config options: # - dovecot config: +# - rspamd nixos: +# - rspamd guide: +# +# nix configs to reference: +# - +# - +# - postfix / dovecot / rspamd / stalwart-jmap / sogo + +# TODO: +# - rspamd integration: { config, lib, ... }: @@ -109,6 +120,12 @@ in milter_default_action = accept inet_protocols = ipv4 smtp_tls_security_level = may + + # anti-spam options: + # reject_unknown_sender_domain: causes postfix to `dig MX` and make sure that exists. + # but may cause problems receiving mail from google & others who load-balance? + # - + # smtpd_sender_restrictions = reject_unknown_sender_domain ''; services.postfix.enableSubmission = true; @@ -158,15 +175,18 @@ in # - Drafts: ? # - Sent: works # - Trash: works + # - Junk: ? # aerc # - Drafts: works # - Sent: works # - Trash: no; deleted messages are actually deleted # use `:move trash` instead + # - Junk: ? # Sent mailbox: all sent messages are copied to it. unclear if this happens server-side or client-side. Drafts = { specialUse = "Drafts"; auto = "create"; }; Sent = { specialUse = "Sent"; auto = "create"; }; Trash = { specialUse = "Trash"; auto = "create"; }; + Junk = { specialUse = "Junk"; auto = "create"; }; }; services.dovecot2.sslServerCert = "/var/lib/acme/imap.uninsane.org/fullchain.pem"; services.dovecot2.sslServerKey = "/var/lib/acme/imap.uninsane.org/key.pem"; @@ -222,6 +242,10 @@ in # } ]; + #### SPAM FILTERING + # services.rspamd.enable = true; + # services.rspamd.postfix.enable = true; + sops.secrets."dovecot_passwd" = { owner = config.users.users.dovecot2.name; # TODO: debug why mail can't be sent without this being world-readable