2017-09-13 14:03:04 +02:00
|
|
|
# ![Simple Nixos MailServer][logo]
|
2016-07-21 18:55:01 +02:00
|
|
|
![license](https://img.shields.io/badge/license-GPL3-brightgreen.svg)
|
2017-09-21 16:32:01 +02:00
|
|
|
![status](https://travis-ci.org/r-raymond/nixos-mailserver.svg?branch=master)
|
2016-07-21 18:11:43 +02:00
|
|
|
|
2017-09-13 14:03:04 +02:00
|
|
|
|
2017-09-13 13:16:17 +02:00
|
|
|
## Stable Releases
|
2016-07-21 18:55:59 +02:00
|
|
|
|
2017-09-13 13:16:17 +02:00
|
|
|
None so far.
|
|
|
|
|
2017-09-20 16:27:52 +02:00
|
|
|
[Latest Release Candidate](https://github.com/r-raymond/nixos-mailserver/releases/latest)
|
|
|
|
|
2017-09-13 13:16:17 +02:00
|
|
|
## Features
|
|
|
|
### v1.1
|
|
|
|
* Postfix MTA
|
|
|
|
- [x] smtp on port 25
|
|
|
|
- [x] submission port 587
|
2017-08-13 12:58:00 +02:00
|
|
|
- [x] lmtp with dovecot
|
|
|
|
* Dovecot
|
2017-09-13 13:16:17 +02:00
|
|
|
- [x] maildir folders
|
|
|
|
- [x] imap starttls on port 143
|
|
|
|
- [x] pop3 starttls on port 110
|
2017-08-13 12:58:00 +02:00
|
|
|
* Certificates
|
|
|
|
- [x] manual certificates
|
|
|
|
- [x] on the fly creation
|
|
|
|
* Spam Filtering
|
2017-09-13 13:16:17 +02:00
|
|
|
- [x] via rspamd
|
|
|
|
- [x] hard coded sieve script to move spam into Junk folder
|
2017-08-13 12:58:00 +02:00
|
|
|
* Virus Scanning
|
2017-09-13 13:16:17 +02:00
|
|
|
- [x] via clamav
|
2017-08-13 12:58:00 +02:00
|
|
|
* DKIM Signing
|
2017-09-13 13:16:17 +02:00
|
|
|
- [x] via opendkim
|
2017-08-13 12:58:00 +02:00
|
|
|
* User Management
|
2017-09-13 13:16:17 +02:00
|
|
|
- [x] declarative user management
|
|
|
|
- [x] declarative password management
|
|
|
|
|
|
|
|
|
|
|
|
### v1.2
|
|
|
|
* Certificates
|
2017-09-23 09:58:10 +02:00
|
|
|
- [x] Let's Encrypt
|
2017-09-13 13:16:17 +02:00
|
|
|
* Sieves
|
|
|
|
- [ ] Allow user defined sieve scripts
|
|
|
|
* User Aliases
|
|
|
|
- [ ] More complete alias support
|
|
|
|
|
|
|
|
### v2.0
|
|
|
|
* [ ] Multiple Domains
|
2017-09-13 10:17:04 +02:00
|
|
|
|
|
|
|
### Changelog
|
|
|
|
|
|
|
|
#### v1.0 -> v1.1
|
|
|
|
* Changed structure to Nix Modules
|
2017-09-13 13:16:17 +02:00
|
|
|
* Adds Sieve support
|
2017-08-13 12:58:00 +02:00
|
|
|
|
2017-10-17 11:52:47 +02:00
|
|
|
### How to Deploy
|
|
|
|
|
2017-10-17 11:53:53 +02:00
|
|
|
```nix
|
2017-10-17 11:52:47 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
|
|
|
imports = [
|
2017-11-05 11:22:58 +01:00
|
|
|
(builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/releases/tag/v1.1-rc3")
|
2017-10-17 11:52:47 +02:00
|
|
|
];
|
2017-11-05 10:57:26 +01:00
|
|
|
|
2017-10-17 11:52:47 +02:00
|
|
|
mailserver = {
|
|
|
|
enable = true;
|
|
|
|
domain = "example.com";
|
|
|
|
login_accounts = {
|
|
|
|
user1 = {
|
|
|
|
name = "test";
|
|
|
|
hashedPassword = "$6$Mmmx1U68$Twd8acMxqHoqFyfz3SPz1pzjY/D36gayAdpUTFMvfrHQUwObF3acuLz2GYAGFzsjHLEK/dPIv3pCwj3kZ5T2u.";
|
|
|
|
};
|
|
|
|
};
|
2017-10-17 17:29:07 +02:00
|
|
|
virtualAliases = {
|
2017-10-17 11:52:47 +02:00
|
|
|
admin = "user1";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
For a complete list of options, see `default.nix`.
|
|
|
|
|
|
|
|
|
2017-08-12 11:52:01 +02:00
|
|
|
### How to Test
|
|
|
|
|
|
|
|
You can test the setup via `nixops`. After installation, do
|
|
|
|
|
|
|
|
```
|
|
|
|
nixops create nixops/single-server.nix nixops/vbox.nix -d mail
|
|
|
|
nixops deploy -d mail
|
|
|
|
nixops info -d mail
|
|
|
|
```
|
|
|
|
|
|
|
|
You can then test the server via e.g. `telnet`. To log into it, use
|
|
|
|
|
|
|
|
```
|
|
|
|
nixops ssh -d mail mailserver
|
|
|
|
```
|
|
|
|
|
2017-09-13 13:16:17 +02:00
|
|
|
To test imap manually use
|
|
|
|
|
|
|
|
```
|
|
|
|
openssl s_client -host mail.example.com -port 143 -starttls imap
|
|
|
|
```
|
|
|
|
|
2017-09-13 10:17:04 +02:00
|
|
|
|
2017-11-10 16:57:11 +01:00
|
|
|
## How to Set Up a 10/10 Mail Server
|
|
|
|
Mail servers can be a tricky thing to set up. This guide is supposed to run you
|
|
|
|
through the most important steps to achieve a 10/10 score on `mail-tester.com`.
|
|
|
|
|
|
|
|
### Fully Qualified Domain Name
|
|
|
|
No matter how many domains you want to serve on your mail server, you need to
|
|
|
|
settle on a _Fully Qualified Domain Name_ (FQDN) where your server is reachable,
|
|
|
|
so that other servers can find yours. Common FQDN include `mx.example.com`
|
|
|
|
(where `example.com` is a domain you own) or `mail.example.com`.
|
|
|
|
|
|
|
|
After you settled on a FQDN (we will assume `mx.example.com` henceforth) you
|
|
|
|
need to
|
|
|
|
* Set a DNS entry on your domain to point to the IP of the server. For this
|
|
|
|
add a DNS record such as
|
|
|
|
|
|
|
|
| Name (Subdomain) | TTL | Type | Priority | Value |
|
|
|
|
| ---------------- | ----- | ---- | -------- | ----------------- |
|
|
|
|
| mx.example.com | 10800 | A | | `xxx.xxx.xxx.xxx` |
|
|
|
|
|
|
|
|
to your domain, where `xxx.xxx.xxx.xxx` is the IP of your server.
|
|
|
|
|
|
|
|
* Set a `rDNS` (reverse DNS) entry for your FQDN. You need to do so wherever
|
|
|
|
you have rented your server. Make sure that `xxx.xxx.xxx.xxx` resolves to
|
|
|
|
`mx.example.com`.
|
|
|
|
|
|
|
|
|
2017-11-10 16:58:52 +01:00
|
|
|
### MX Record
|
|
|
|
|
2017-11-10 17:16:21 +01:00
|
|
|
| Name (Subdomain) | TTL | Type | Priority | Value |
|
|
|
|
| ---------------- | ----- | ---- | -------- | ----------------- |
|
|
|
|
| domain1.com | | MX | 10 | mx.exmaple.com |
|
2017-11-10 16:58:52 +01:00
|
|
|
|
2017-11-10 16:57:11 +01:00
|
|
|
### Spf record
|
|
|
|
|
2017-11-10 17:16:21 +01:00
|
|
|
| Name (Subdomain) | TTL | Type | Priority | Value |
|
|
|
|
| ---------------- | ----- | ---- | -------- | ----------------- |
|
|
|
|
| domain1.com | 10800 | TXT | | `v=spf1 ip4:xxx.xxx.xxx.xxx -all` |
|
2017-11-10 16:57:11 +01:00
|
|
|
|
|
|
|
### DKIM signature
|
|
|
|
|
2017-11-10 17:16:21 +01:00
|
|
|
| Name (Subdomain) | TTL | Type | Priority | Value |
|
|
|
|
| ---------------- | ----- | ---- | -------- | ----------------- |
|
|
|
|
| dkim._domainkey.domain1.com | 10800 | TXT | | `v=DKIM1; p=yyyyyyyyyyyy` |
|
|
|
|
|
|
|
|
where `yyyyyyyyyyyy` is the `DKIM` signature
|
2017-11-10 16:57:11 +01:00
|
|
|
|
2016-07-21 18:11:43 +02:00
|
|
|
## A Complete Mail Server Without Moving Parts
|
|
|
|
|
|
|
|
### Used Technologies
|
2017-08-12 11:37:54 +02:00
|
|
|
* Nixos
|
|
|
|
* Nixpkgs
|
|
|
|
* Dovecot
|
|
|
|
* Postfix
|
|
|
|
* Rmilter
|
|
|
|
* Rspamd
|
|
|
|
* Clamav
|
|
|
|
* Opendkim
|
|
|
|
* Pam
|
2016-07-21 18:20:56 +02:00
|
|
|
|
|
|
|
### Features
|
2016-07-25 18:07:49 +02:00
|
|
|
* one domain
|
|
|
|
* unlimited mail accounts
|
2016-07-21 18:20:56 +02:00
|
|
|
* unlimited aliases for every mail account
|
|
|
|
* spam and virus checking
|
|
|
|
* dkim signing of outgoing emails
|
2016-07-21 18:42:14 +02:00
|
|
|
* imap (optionally pop3)
|
|
|
|
* startTLS
|
2016-07-21 18:20:56 +02:00
|
|
|
|
|
|
|
### Nonfeatures
|
|
|
|
* moving parts
|
|
|
|
* SQL databases
|
|
|
|
* configurations that need to be made after `nixos-rebuild switch`
|
|
|
|
* complicated storage schemes
|
|
|
|
* webclients / http-servers
|
2017-08-13 14:05:40 +02:00
|
|
|
|
2017-09-03 15:43:37 +02:00
|
|
|
## Contributors
|
|
|
|
* Special thanks to @Infinisil for the module rewrite
|
|
|
|
* @danbst
|
2017-09-13 10:17:04 +02:00
|
|
|
* @phdoerfler
|
2017-11-05 10:57:26 +01:00
|
|
|
* @eqyiel
|
2017-09-13 14:03:04 +02:00
|
|
|
|
|
|
|
|
|
|
|
### Credits
|
|
|
|
* send mail graphic by [tnp_dreamingmao](https://thenounproject.com/dreamingmao)
|
|
|
|
from [TheNounProject](https://thenounproject.com/) is licensed under
|
|
|
|
[CC BY 3.0](http://creativecommons.org/~/3.0/)
|
|
|
|
* Logo made with [Logomakr.com](https://logomakr.com)
|
|
|
|
|
|
|
|
[logo]: logo/logo.png
|