Commit Graph

209 Commits

Author SHA1 Message Date
Antoine Eiche 72748d7b6d Use the Junk mailbox name defined in the mailboxes attrs
Previously, the static Junk mailbox was used in sieve script to move
spam messages. This patch gets the Junk mailbox defined in the dovecot
mailboxes attribute instead.

Fixes #224
2021-08-06 16:21:03 +00:00
Antoine Eiche 9578dbac69 Remove non longer supported configurations (<21.05) 2021-07-24 09:57:44 +02:00
Robert Schütz 49074b7835 kresd: no need to explicitly set nameserver
Since https://github.com/NixOS/nixpkgs/pull/124391, enabling kreasd also
sets `networking.resolvconf.useLocalResolver = true`.
2021-06-03 05:58:42 +00:00
Milan Pässler 9c80a66f57
Make vmail_user a system user
This is required since https://github.com/NixOS/nixpkgs/pull/115332
2021-04-18 15:41:05 +02:00
Antoine Eiche 93330c5453 Move indexDir option to the mailserver scope
This option has been initially in the mailserver.fullTextSearch
scope. However, this option modifies the location of all index files
of dovecot and not only those used by the full text search feature. It
is then more relevant to have this option in the mailserver top level
scope.

Moreover, the default option has been changed to null in order to keep
existing index files where they are: changing the index location means
recreating all index files. The fts documentation however recommend to
change this default location when enabling the fts feature.
2021-04-07 22:22:38 +02:00
Emmanouil Kampitakis d75614a653 Feature/configurable delimiter 2021-03-22 19:05:34 +00:00
Matt Votava d0a2e74574 Use services.clamav.daemon.settings if it is available 2021-03-21 14:32:54 +00:00
Andreas Rammhold 7627c29268
Store FTS index in directory per domain & user to avoid collisions
Previously all the xapian files and logs would be stored in the same
folder for all users. This couid probably lead to weird situations where
all users get the same search results.
2021-03-07 11:26:35 +01:00
Symphorien Gibol 06b989c1e7 add full text search support 2021-03-04 22:17:25 +01:00
Simon Žlender 0c4b9a8985 Make opening ports in the firewall optional 2021-02-09 21:09:36 +01:00
Antoine Eiche 5f431207b3 postfix: forwarding emails of login accounts with keeping local copy
When a local account address is forwarded, the mails were not locally
kept. This was due to the way lookup tables were internally managed.

Instead of using lists to represent Postfix lookup tables, we now use
attribute sets: they can then be easily merged.

A regression test for
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/
has been added: it sets a forward on a local address and ensure an
email sent to this address is locally kept.

Fixes #205
2021-02-06 08:17:43 +00:00
Izorkin 17eec31cae rspamd: disable dkim signing 2021-01-31 19:36:07 +00:00
Antoine Eiche ee3d38a157 Set mailserver.policydSPFExtraConfig in a debug module
The line type of this option make its concatenation cleaner: the user
doesn't have to manually add `\n` to its policydSPFExtraConfig value
when debug in set.
2020-12-23 09:39:55 +01:00
Naïm Favier 7c06f610f1 Update systemd.nix 2020-12-04 08:20:25 +00:00
Naïm Favier de84ba1aeb Do not hardcode paths to acme certificates 2020-11-30 19:49:48 +00:00
Henri Menke 89bd89c706 Recommend bcrypt passwords everywhere 2020-11-29 20:19:46 +01:00
Henri Menke c00fc587f5
Configurable sieve script directory 2020-11-21 14:39:49 +01:00
Antoine Eiche 4818b57a92 test.dovecot: ensure port 143 is closed when enableImap is not set
The test also checks the connection on the imap port 993 is a SSL
connection.
2020-10-05 21:18:36 +02:00
Milan Pässler cc526a2700 add full support for tls wrapped mode 2020-10-05 20:54:46 +02:00
Antoine Eiche 9d7f02e67b Support sandboxed opendkim 2020-10-04 10:49:57 +02:00
Antoine Eiche 24600377af Add `forwards` option
This option allow to forward mails to external addresses.
2020-09-28 20:50:45 +02:00
James ‘Twey’ Kay 5cd6f8e7b3 Add a separate sendingFqdn option 2020-09-18 21:38:15 +00:00
Xavier Vello 45f80def41 Setup rspamd controller to serve web UI assets 2020-07-06 23:14:33 +02:00
Brian Olsen eb70dd1f55
Fix passwfile update
Currently oneshot services are not re-run on NixOS activate and that
meant that you needed to manually restart `gen-passwd-file` for new
users to be available.

This commit removes the `gen-passwd-file` service and instead simply
calls the same script in the dovecot2 preStart.
2020-06-19 16:02:21 +02:00
Benjamin Asbach fb8886547b Enable dovecot option to prefer server ciphers
This might prevent misconfigured clients to use a weak cipher when stronger ciphers are available.
2020-05-27 10:10:59 +02:00
Benjamin Asbach 9b98746515 Set TLSv1.2 as minimal TLS version for dovecot
TLSv1 and TLSv1.1 are commonly opinioned as deprecated.
2020-05-27 10:10:59 +02:00
Ryan Trinkle 066dba1b2f Fix spelling of `lmtp` in option 2020-05-25 18:19:32 -04:00
Brian Olsen aed5d9e523
Switch from using postfix extraConfig to config
`services.postfix.extraConfig` is just a string while the
`services.postfix.config` option configures the same thing but with a
typed attrset instead which is easier to manipulate and override in Nix.
2020-05-22 12:19:50 +02:00
Benjamin Asbach c2ee9f217a Enabled TLS 1.3 support 2020-05-13 00:20:22 +00:00
Antoine Eiche 7788eccc24 Merge branch 'eqyiel/nixos-mailserver-feat/make-lmtp_save_to_detail_mailbox-optional' 2020-05-08 21:02:55 +02:00
Antoine Eiche 41219cc690 Rename rejectMessage to sendOnlyRejectMessage 2020-05-08 20:43:46 +02:00
Galen Abell d47e4ead88 Add send-only accounts 2020-05-08 20:43:46 +02:00
Symphorien Gibol 9e772d166c rspamd: configure redis backend
The sqlite backed is deprecated, and the redis backend is the default
since rspamd 2.0.

Not having redis started results in such errors:
rspamd_redis_init: cannot init redis backend for BAYES_SPAM

To migrate the sqlite database, run

rspamadm statconvert --spam-db /var/lib/rspamd/bayes.spam.sqlite --ham-db /var/lib/rspamd/bayes.ham.sqlite -h 127.0.0.1:6379 --symbol-ham BAYES_HAM --symbol-spam BAYES_SPAM

The current module implements the recommended configuration that this
utility prints out.
2020-05-05 19:07:46 +00:00
Galen Abell 6563abc1c4 Fix password hash file generation behavior
- Move the "create password hash file from hashed password" behavior to
  a separate variable, since having it in the default field of config
  would always cause the warning to trigger
- Change type of hashedPassword to `nullOr str`
2020-03-06 17:27:47 +00:00
Maximilian Bosch 14cabd62e5
Trigger restart of postfix if passwords of mail accounts change 2019-10-18 21:21:01 +02:00
JosephTheEngineer b866182532 Remove use of the deprecated string type 2019-09-22 13:32:37 +00:00
Martin Milata ab33e87cea Delete leftover services.nix 2019-09-16 18:14:20 +02:00
Ruben Maher b4f6d96365 fix: make surprising lmtp_save_to_detail_mailbox behaviour optional 2019-09-01 20:21:11 +09:00
Robin Raymond 4b480d1445 Merge branch 'metapensiero/nixos-mailserver-delimiter-master' 2019-08-13 19:57:31 +02:00
Robin Raymond ee7bb07f25 Merge branch 'scintill/nixos-mailserver-dkim-bits' 2019-08-13 19:56:18 +02:00
Robin Raymond 0bf2bb0b54 Merge branch 'scintill/nixos-mailserver-fix-tests' 2019-08-13 19:51:16 +02:00
Alberto Berti 76922632ca Merge branch 'verbose-spam-header' into verbose-spam-header-master 2019-07-26 19:37:18 +02:00
Alberto Berti 6033364d0b Merge branch 'delimiter' into delimiter-master 2019-07-26 19:28:51 +02:00
Alberto Berti 05bb5518ad Let the milter add to headers the reason for tagging a message as spam 2019-07-26 19:01:54 +02:00
Alberto Berti 0ff81a9593 Make the delimiter configuration work 2019-07-26 19:00:32 +02:00
Alberto Berti fad71d9948 Fix typo 2019-07-25 17:55:01 +02:00
Alberto Berti 253c8732b4 Add subaddresses configuration 2019-07-25 17:30:20 +02:00
Joey Hewitt f789f7a80c add dkimKeyBits configuration 2019-07-09 21:59:28 -06:00
Joey Hewitt 7e718e0e33 dkim: transition to PermissionsStartOnly=false
That's how nixpkgs-unstable is now, so to be compatible with both we
have to force that setting. Use systemd tmpfiles to provision
directory with correct owner.
2019-07-07 21:47:09 -06:00
Joey Hewitt 93660eabcd fixes to tests
- restructure rspamd config. It's nicer now, and it was getting
overridden the old way.
- "scan_mime_parts = false" apparently must be used in rspamd for ClamAV
to work
- refactor the clamav test a bit for cleanliness
- wait for rspamd and clamd sockets to open, before testing
- use clamdscan for speed, and verify that the virus was found
- verify msmtp returns virus scan result
2019-07-07 21:47:09 -06:00