Commit Graph

108 Commits

Author SHA1 Message Date
Alvar Penning 3f526c08e8
postfix: SMTP Smuggling Protection
Enable Postfix SMTP Smuggling protection, introduced in Postfix 3.8.4,
which is, currently, only available within the nixpkgs' master branch.

- https://github.com/NixOS/nixpkgs/pull/276104
- https://github.com/NixOS/nixpkgs/pull/276264

For information about SMTP Smuggling:

- https://www.postfix.org/smtp-smuggling.html
- https://www.postfix.org/postconf.5.html#smtpd_forbid_bare_newline
2023-12-23 20:15:16 +01:00
Lafiel 008d78cc21
dovecot: add support store mailbox names on disk using UTF-8 2023-11-16 01:02:33 +03:00
Jean-Baptiste Giraudeau 93221e4b25
Add support for regex (PCRE) aliases. 2023-09-05 14:58:10 +02:00
Antoine Eiche 6775502be3 ldap: set assertions to forbid ldap and loginAccounts simultaneously 2023-07-11 19:31:20 +00:00
Antoine Eiche 7695c856f1 ldap: improve the documentation 2023-07-11 19:31:20 +00:00
Antoine Eiche fb3210b932 ldap: do not write password to the Nix store 2023-07-11 19:31:20 +00:00
Antoine Eiche 33554e57ce Make the ldap test working
- The smtp/imap user name is now user@domain.tld
- Make the test_lookup function much more robust: it was now getting
  the correct file from the store.
2023-07-11 19:31:20 +00:00
Martin Weinelt 08f077c5ca Add support for LDAP users
Allow configuring lookups for users and their mail addresses from an
LDAP directory. The LDAP username will be used as an accountname as
opposed to the email address used as the `loginName` for declarative
accounts. Mailbox for LDAP users will be stored below
`/var/vmail/ldap/<account>`.

Configuring domains is out of scope, since domains require further
configuration within the NixOS mailserver construct to set up all
related services accordingly.

Aliases can already be configured using `mailserver.forwards` but could
be supported using LDAP at a later point.
2023-07-11 19:31:20 +00:00
Antoine Eiche 290d00f6db Improve the certificateScheme number deprecation warning message 2023-06-11 07:29:18 +00:00
Naïm Favier a948c49ca7 Allow using existing ACME certificates
Add a certificate scheme for using an existing ACME certificate without
setting up Nginx.

Also use names instead of magic numbers for certificate schemes.
2023-05-24 21:10:02 +00:00
Naïm Favier 4fcab839d7
docs: use MarkDown for option docs 2022-12-22 20:45:01 +01:00
Naïm Favier 694e7d34f6
docs: option docs improvements
- add missing description and defaultText fields
- add dmarcReporting option group
- render examples
2022-11-30 12:30:29 +01:00
Martin Weinelt fe36e7ae0d rspamd: allow configuring dmarc reporting
Enabling collects DMARC results in Redis and sends out aggregated
reports (RUA) on a daily basis.
2022-11-27 20:34:38 +00:00
Linus Heckemann a40e9c3abb htpasswd -> mkpasswd 2022-11-27 19:14:22 +00:00
Ryan Mulligan 15cf252a0d monit/rspamd: monitor by process name 2022-05-24 20:15:37 +00:00
Naïm Favier 4ed684481b Update nixos-unstable and drop 21.11 2022-02-24 20:51:40 +00:00
Naïm Favier ef03562eba make option documentation compatible with nixos-search 2022-02-24 20:51:40 +00:00
Izorkin f3d967f830
nginx: generate certificates for custom domains and subdomains 2021-12-05 20:53:21 +03:00
Lionello ef8ca96c5d Fix typos in indexDir example 2021-11-01 23:18:18 +00:00
Ero Sennin 0d9a880c0e Set DKIM policy to relaxed/relaxed
And make this policy configurable.
2021-10-14 18:45:21 +00:00
Antoine Eiche 9578dbac69 Remove non longer supported configurations (<21.05) 2021-07-24 09:57:44 +02:00
Evan Hanson 190ac7ca60 Remove duplicate `default` attribute on mailserver.forwards option 2021-05-31 18:29:11 +12:00
Antoine Eiche 93330c5453 Move indexDir option to the mailserver scope
This option has been initially in the mailserver.fullTextSearch
scope. However, this option modifies the location of all index files
of dovecot and not only those used by the full text search feature. It
is then more relevant to have this option in the mailserver top level
scope.

Moreover, the default option has been changed to null in order to keep
existing index files where they are: changing the index location means
recreating all index files. The fts documentation however recommend to
change this default location when enabling the fts feature.
2021-04-07 22:22:38 +02:00
Emmanouil Kampitakis d75614a653 Feature/configurable delimiter 2021-03-22 19:05:34 +00:00
Symphorien Gibol 06b989c1e7 add full text search support 2021-03-04 22:17:25 +01:00
Simon Žlender 0c4b9a8985 Make opening ports in the firewall optional 2021-02-09 21:09:36 +01:00
Antoine Eiche ee3d38a157 Set mailserver.policydSPFExtraConfig in a debug module
The line type of this option make its concatenation cleaner: the user
doesn't have to manually add `\n` to its policydSPFExtraConfig value
when debug in set.
2020-12-23 09:39:55 +01:00
Naïm Favier 7c06f610f1 Update systemd.nix 2020-12-04 08:20:25 +00:00
Henri Menke 89bd89c706 Recommend bcrypt passwords everywhere 2020-11-29 20:19:46 +01:00
Henri Menke c00fc587f5
Configurable sieve script directory 2020-11-21 14:39:49 +01:00
Milan Pässler cc526a2700 add full support for tls wrapped mode 2020-10-05 20:54:46 +02:00
Antoine Eiche 24600377af Add `forwards` option
This option allow to forward mails to external addresses.
2020-09-28 20:50:45 +02:00
James ‘Twey’ Kay 5cd6f8e7b3 Add a separate sendingFqdn option 2020-09-18 21:38:15 +00:00
Matt Votava 358cfcdfbe Declare default dovecot2 mailboxes as attrset for 20.09+ 2020-09-14 10:49:32 -07:00
Matt Votava e2ed4541d4 remove deprecated types.loaOf 2020-09-13 06:12:14 -07:00
Ryan Trinkle 066dba1b2f Fix spelling of `lmtp` in option 2020-05-25 18:19:32 -04:00
Antoine Eiche 7788eccc24 Merge branch 'eqyiel/nixos-mailserver-feat/make-lmtp_save_to_detail_mailbox-optional' 2020-05-08 21:02:55 +02:00
Antoine Eiche 41219cc690 Rename rejectMessage to sendOnlyRejectMessage 2020-05-08 20:43:46 +02:00
Galen Abell d47e4ead88 Add send-only accounts 2020-05-08 20:43:46 +02:00
Symphorien Gibol 9e772d166c rspamd: configure redis backend
The sqlite backed is deprecated, and the redis backend is the default
since rspamd 2.0.

Not having redis started results in such errors:
rspamd_redis_init: cannot init redis backend for BAYES_SPAM

To migrate the sqlite database, run

rspamadm statconvert --spam-db /var/lib/rspamd/bayes.spam.sqlite --ham-db /var/lib/rspamd/bayes.ham.sqlite -h 127.0.0.1:6379 --symbol-ham BAYES_HAM --symbol-spam BAYES_SPAM

The current module implements the recommended configuration that this
utility prints out.
2020-05-05 19:07:46 +00:00
Galen Abell 6563abc1c4 Fix password hash file generation behavior
- Move the "create password hash file from hashed password" behavior to
  a separate variable, since having it in the default field of config
  would always cause the warning to trigger
- Change type of hashedPassword to `nullOr str`
2020-03-06 17:27:47 +00:00
JosephTheEngineer b866182532 Remove use of the deprecated string type 2019-09-22 13:32:37 +00:00
Ruben Maher b4f6d96365 fix: make surprising lmtp_save_to_detail_mailbox behaviour optional 2019-09-01 20:21:11 +09:00
Joey Hewitt f789f7a80c add dkimKeyBits configuration 2019-07-09 21:59:28 -06:00
Michishige Kaito c2ca4d1bb0 postfix: allow configuring message_size_limit 2018-11-23 14:29:23 +00:00
Robin Raymond acd65c0803 New Feature >>rejectSender<<
Authored by tokudan
2018-11-10 14:29:16 +01:00
plchldr fa0541b96b remove Diffie Hillman parameter creation as it is handled by the upstream dovecot2 module as of 18.09 2018-10-30 17:56:25 +01:00
Brian Olsen 88e292c5b7 postfix: Support setting options for policyd-spf 2018-06-29 21:36:34 +09:30
Brian Olsen 616d779e1f Move from rmilter to rspamd #25 2018-06-29 21:36:34 +09:30
Brian Olsen 7036371f75 Use OpenDKIM instead of rmilter for DKIM
As part of #61 this moves DKIM handling from rmilter to OpenDKIM.
2018-06-29 21:35:16 +09:30