blob: b596d0e46875f294fb4c1679dc4c95f57c463e10 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
{...}:
/*
Known issues:
- when the acme cert gets refreshed, you need to manually restart dovecot
- when restarting dovecot, it might hang, in that case do:
systemctl --job-mode=ignore-dependencies restart dovecot2 postfix
*/
{
mailserver = {
enable = true;
monitoring = {
enable = true;
alertAddress = "bsima@icloud.com";
};
fqdn = "bensima.com";
domains = ["bensima.com" "simatime.com" "bsima.me"];
certificateScheme = "acme-nginx"; # let's encrypt, using named scheme instead of number
enableImap = true;
enablePop3 = true;
enableImapSsl = true;
enablePop3Ssl = true;
enableManageSieve = true;
virusScanning = false; # ur on ur own
localDnsResolver = true;
dmarcReporting = {
enable = true;
organizationName = "Ben Sima";
domain = "bensima.com";
localpart = "dmarc";
};
# Define proper virtual aliases instead of placeholder
extraVirtualAliases = {
"blocked@bensima.com" = "ben@bensima.com";
# forward old addresses to new domain
"ben@bsima.me" = "ben@bensima.com";
"ben@simatime.com" = "ben@bensima.com";
};
loginAccounts = {
"ben@bensima.com" = {
hashedPasswordFile = "/home/ben/hashed-mail-password";
aliases = [
# my old emails
"ben@simatime.com"
"ben@bsima.me"
# admin stuff, necessary i think?
"postmaster@bensima.com"
"abuse@bensima.com"
];
catchAll = ["bensima.com" "simatime.com" "bsima.me"];
quota = "10G";
};
"dev@bensima.com" = {
hashedPasswordFile = "/home/ben/hashed-mail-password";
aliases = ["dev@simatime.com" "dev@bsima.me"];
quota = "10G";
};
"monica@bensima.com" = {
hashedPasswordFile = "/home/ben/hashed-mail-password";
quota = "1G";
};
};
};
# Configure Postfix to block unwanted domains using the NixOS services.postfix.headerChecks option
services.postfix.headerChecks = [
# Block perfora.net
{
pattern = "^Received:.*perfora\\.net";
action = "REJECT Domain perfora.net is blocked";
}
{
pattern = "^From:.*perfora\\.net";
action = "REJECT Domain perfora.net is blocked";
}
# Block novastells.com.es domain
{
pattern = "^Received:.*novastells\\.com\\.es";
action = "REJECT Domain novastells.com.es is blocked";
}
{
pattern = "^From:.*novastells\\.com\\.es";
action = "REJECT Domain novastells.com.es is blocked";
}
{
pattern = "^Return-Path:.*novastells\\.com\\.es";
action = "REJECT Domain novastells.com.es is blocked";
}
{
pattern = "^Sender:.*novastells\\.com\\.es";
action = "REJECT Domain novastells.com.es is blocked";
}
# Block optaltechtld.com domain
{
pattern = "^Received:.*optaltechtld\\.com";
action = "REJECT Domain optaltechtld.com is blocked";
}
{
pattern = "^From:.*optaltechtld\\.com";
action = "REJECT Domain optaltechtld.com is blocked";
}
{
pattern = "^Return-Path:.*optaltechtld\\.com";
action = "REJECT Domain optaltechtld.com is blocked";
}
{
pattern = "^Sender:.*optaltechtld\\.com";
action = "REJECT Domain optaltechtld.com is blocked";
}
];
# Increase memory limits for mbsync, otherwise it runs out of space trying to
# sync large mailboxes (like dev/INBOX)
services.dovecot2.extraConfig = ''
service imap {
vsz_limit = 4G
}
service quota-status {
vsz_limit = 4G
}
'';
}
|
