d905be86d5 | ||
---|---|---|
logo | ||
mail-server | ||
nixops | ||
tests | ||
.editorconfig | ||
.travis.yml | ||
LICENSE | ||
README.md | ||
default.nix |
README.md
Stable Releases
None so far.
Features
v1.1
- Postfix MTA
- smtp on port 25
- submission port 587
- lmtp with dovecot
- Dovecot
- maildir folders
- imap starttls on port 143
- pop3 starttls on port 110
- Certificates
- manual certificates
- on the fly creation
- Spam Filtering
- via rspamd
- hard coded sieve script to move spam into Junk folder
- Virus Scanning
- via clamav
- DKIM Signing
- via opendkim
- User Management
- declarative user management
- declarative password management
v1.2
- Certificates
- Let's Encrypt
- Sieves
- Allow user defined sieve scripts
- User Aliases
- More complete alias support
v2.0
- Multiple Domains
Changelog
v1.0 -> v1.1
- Changed structure to Nix Modules
- Adds Sieve support
How to Deploy
{ config, pkgs, ... }:
{
imports = [
(builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/releases/tag/v1.1-rc3")
];
mailserver = {
enable = true;
domain = "example.com";
login_accounts = {
user1 = {
name = "test";
hashedPassword = "$6$Mmmx1U68$Twd8acMxqHoqFyfz3SPz1pzjY/D36gayAdpUTFMvfrHQUwObF3acuLz2GYAGFzsjHLEK/dPIv3pCwj3kZ5T2u.";
};
};
virtualAliases = {
admin = "user1";
};
};
}
For a complete list of options, see default.nix
.
How to Test
You can test the setup via nixops
. After installation, do
nixops create nixops/single-server.nix nixops/vbox.nix -d mail
nixops deploy -d mail
nixops info -d mail
You can then test the server via e.g. telnet
. To log into it, use
nixops ssh -d mail mailserver
To test imap manually use
openssl s_client -host mail.example.com -port 143 -starttls imap
How to Set Up a 10/10 Mail Server
Mail servers can be a tricky thing to set up. This guide is supposed to run you
through the most important steps to achieve a 10/10 score on mail-tester.com
.
Fully Qualified Domain Name
No matter how many domains you want to serve on your mail server, you need to
settle on a Fully Qualified Domain Name (FQDN) where your server is reachable,
so that other servers can find yours. Common FQDN include mx.example.com
(where example.com
is a domain you own) or mail.example.com
.
After you settled on a FQDN (we will assume mx.example.com
henceforth) you
need to
-
Set a DNS entry on your domain to point to the IP of the server. For this add a DNS record such as
Name (Subdomain) TTL Type Priority Value mx.example.com 10800 A xxx.xxx.xxx.xxx
to your domain, where
xxx.xxx.xxx.xxx
is the IP of your server. -
Set a
rDNS
(reverse DNS) entry for your FQDN. You need to do so wherever you have rented your server. Make sure thatxxx.xxx.xxx.xxx
resolves tomx.example.com
.
MX Record
Name (Subdomain) | TTL | Type | Priority | Value |
---|---|---|---|---|
domain1.com | MX | 10 | mx.exmaple.com |
Spf record
Name (Subdomain) | TTL | Type | Priority | Value |
---|---|---|---|---|
domain1.com | 10800 | TXT | v=spf1 ip4:xxx.xxx.xxx.xxx -all |
DKIM signature
Name (Subdomain) | TTL | Type | Priority | Value |
---|---|---|---|---|
dkim._domainkey.domain1.com | 10800 | TXT | v=DKIM1; p=yyyyyyyyyyyy |
where yyyyyyyyyyyy
is the DKIM
signature
A Complete Mail Server Without Moving Parts
Used Technologies
- Nixos
- Nixpkgs
- Dovecot
- Postfix
- Rmilter
- Rspamd
- Clamav
- Opendkim
- Pam
Features
- one domain
- unlimited mail accounts
- unlimited aliases for every mail account
- spam and virus checking
- dkim signing of outgoing emails
- imap (optionally pop3)
- startTLS
Nonfeatures
- moving parts
- SQL databases
- configurations that need to be made after
nixos-rebuild switch
- complicated storage schemes
- webclients / http-servers
Contributors
- Special thanks to @Infinisil for the module rewrite
- @danbst
- @phdoerfler
- @eqyiel
Credits
- send mail graphic by tnp_dreamingmao from TheNounProject is licensed under CC BY 3.0
- Logo made with Logomakr.com