Go to file
Robin Raymond d905be86d5 fix multidomain dkim signing fixes #24 2017-11-11 16:06:28 +01:00
logo add logo 2017-09-13 14:03:04 +02:00
mail-server fix multidomain dkim signing fixes #24 2017-11-11 16:06:28 +01:00
nixops Fix syntax error in sample nixops config 2017-11-11 09:53:35 +00:00
tests add second domain to test 2017-11-11 14:12:16 +01:00
.editorconfig Remove makefile section from editorconfig 2017-11-11 09:47:25 +00:00
.travis.yml Switch to nixpkgs-unstable channel. 2017-09-22 12:50:06 -05:00
LICENSE Initial commit 2016-07-21 18:09:04 +02:00
README.md fix tables 2017-11-10 17:17:53 +01:00
default.nix Change domain to fqdn and extraDomains to domains 2017-11-11 09:45:06 +00:00

README.md

Simple Nixos MailServer

license status

Stable Releases

None so far.

Latest Release Candidate

Features

v1.1

  • Postfix MTA
    • smtp on port 25
    • submission port 587
    • lmtp with dovecot
  • Dovecot
    • maildir folders
    • imap starttls on port 143
    • pop3 starttls on port 110
  • Certificates
    • manual certificates
    • on the fly creation
  • Spam Filtering
    • via rspamd
    • hard coded sieve script to move spam into Junk folder
  • Virus Scanning
    • via clamav
  • DKIM Signing
    • via opendkim
  • User Management
    • declarative user management
    • declarative password management

v1.2

  • Certificates
    • Let's Encrypt
  • Sieves
    • Allow user defined sieve scripts
  • User Aliases
    • More complete alias support

v2.0

  • Multiple Domains

Changelog

v1.0 -> v1.1

  • Changed structure to Nix Modules
  • Adds Sieve support

How to Deploy

{ config, pkgs, ... }:
{
  imports = [
    (builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/releases/tag/v1.1-rc3")
  ];

  mailserver = {
    enable = true;
    domain = "example.com";
    login_accounts = {
      user1 = {
        name = "test";
        hashedPassword = "$6$Mmmx1U68$Twd8acMxqHoqFyfz3SPz1pzjY/D36gayAdpUTFMvfrHQUwObF3acuLz2GYAGFzsjHLEK/dPIv3pCwj3kZ5T2u.";
      };
    };
    virtualAliases = {
      admin = "user1";
    };
  };
}

For a complete list of options, see default.nix.

How to Test

You can test the setup via nixops. After installation, do

nixops create nixops/single-server.nix nixops/vbox.nix -d mail
nixops deploy -d mail
nixops info -d mail

You can then test the server via e.g. telnet. To log into it, use

nixops ssh -d mail mailserver

To test imap manually use

openssl s_client -host mail.example.com -port 143 -starttls imap

How to Set Up a 10/10 Mail Server

Mail servers can be a tricky thing to set up. This guide is supposed to run you through the most important steps to achieve a 10/10 score on mail-tester.com.

Fully Qualified Domain Name

No matter how many domains you want to serve on your mail server, you need to settle on a Fully Qualified Domain Name (FQDN) where your server is reachable, so that other servers can find yours. Common FQDN include mx.example.com (where example.com is a domain you own) or mail.example.com.

After you settled on a FQDN (we will assume mx.example.com henceforth) you need to

  • Set a DNS entry on your domain to point to the IP of the server. For this add a DNS record such as

    Name (Subdomain) TTL Type Priority Value
    mx.example.com 10800 A xxx.xxx.xxx.xxx

    to your domain, where xxx.xxx.xxx.xxx is the IP of your server.

  • Set a rDNS (reverse DNS) entry for your FQDN. You need to do so wherever you have rented your server. Make sure that xxx.xxx.xxx.xxx resolves to mx.example.com.

MX Record

Name (Subdomain) TTL Type Priority Value
domain1.com MX 10 mx.exmaple.com

Spf record

Name (Subdomain) TTL Type Priority Value
domain1.com 10800 TXT v=spf1 ip4:xxx.xxx.xxx.xxx -all

DKIM signature

Name (Subdomain) TTL Type Priority Value
dkim._domainkey.domain1.com 10800 TXT v=DKIM1; p=yyyyyyyyyyyy

where yyyyyyyyyyyy is the DKIM signature

A Complete Mail Server Without Moving Parts

Used Technologies

  • Nixos
  • Nixpkgs
  • Dovecot
  • Postfix
  • Rmilter
  • Rspamd
  • Clamav
  • Opendkim
  • Pam

Features

  • one domain
  • unlimited mail accounts
  • unlimited aliases for every mail account
  • spam and virus checking
  • dkim signing of outgoing emails
  • imap (optionally pop3)
  • startTLS

Nonfeatures

  • moving parts
  • SQL databases
  • configurations that need to be made after nixos-rebuild switch
  • complicated storage schemes
  • webclients / http-servers

Contributors

  • Special thanks to @Infinisil for the module rewrite
  • @danbst
  • @phdoerfler
  • @eqyiel

Credits