WIP: nyarlathotep: cleanup after deployment #55

Gonne · 2025-03-02T10:49:09Z

Gonne commented

2025-03-02 10:49:09 +00:00

No description provided.

Gonne added 9 commits 2025-03-02 10:49:10 +00:00

Delete directive proxy_interface f086234f51

This directive is supposed to prevent mail delivery loops that would be caused by portforwarding to itself.
Behind this ip address, however, there is our general mail vm and not immediately the mailinglist setup.

Allow unpacking stalwart's webadmin interface 22b15d0eef

Disable matheball.de forwards and submission to mail allowlist until we actually handle it 0cc1a1fb85

Rename config option after update beyond version 0.11.2 2dda609464

Add mathebau.de to certificate bdd88e748b

Accept mail from our badly configured VMs b2c89091d8

Set sender and increase redirect limit for our alias file 32716973d0

Filter out catch-all addresses of the form "@domain.tld" from the allowlist that are not intended for HRZ 836971cac4

Enable DKIM signing 5dfd352edd

Gonne added 1 commit 2025-03-02 10:57:34 +00:00

Group config parameters 590ea741d0

requested review from Server-Minions

2025-03-02 11:01:47 +00:00

Gonne force-pushed nyarlathotep from 590ea741d0 to d7f4598be3

2025-03-02 12:39:18 +00:00

Compare

Gonne force-pushed nyarlathotep from d7f4598be3 to b3ac11ddc9

2025-03-02 13:06:28 +00:00

Compare

Gonne force-pushed nyarlathotep from b3ac11ddc9 to 9c26820b8f

2025-03-02 13:14:39 +00:00

Compare

Gonne force-pushed nyarlathotep from 9c26820b8f to c5849b8695

2025-03-02 19:38:05 +00:00

Compare

nerf requested changes 2025-03-03 10:38:07 +00:00

nerf left a comment

First few comments

nixos/modules/mail.nix Outdated

					
				@ -187,0 +214,4 @@

				            ++ ["sieve.trusted.*"]; #for macros to be able to include our redirection script

				          sieve.trusted = {

				            scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script

				            trusted.from-addr = "sender"; # set the from-address to the original sender as specified in the MAIL FROM.

nerf commented

2025-03-02 16:03:00 +00:00

the trusted part is to much, also see the comment at from-name below

the `trusted` part is to much, also see the comment at `from-name` below

👍 1

Gonne marked this conversation as resolved

nixos/modules/mail.nix Outdated

					
				@ -187,0 +215,4 @@

				          sieve.trusted = {

				            scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script

				            trusted.from-addr = "sender"; # set the from-address to the original sender as specified in the MAIL FROM.

				            from-name = "sender";

nerf commented

2025-03-02 16:05:15 +00:00

I couldn't figure out what from-name or from-addr actually do. Reading the documentation I believe combined they
set the default value for the From: header of a generated mail. But I couldn't verify this in tests.
Maybe it does something different that has to do with the MAIL FROM: see comment below

I couldn't figure out what `from-name` or `from-addr` actually do. Reading the documentation I believe combined they set the default value for the `From:` header of a generated mail. But I couldn't verify this in tests. Maybe it does something different that has to do with the `MAIL FROM:` see comment below

Gonne marked this conversation as resolved

nixos/modules/mail.nix Outdated

					
				@ -187,0 +216,4 @@

				            scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script

				            trusted.from-addr = "sender"; # set the from-address to the original sender as specified in the MAIL FROM.

				            from-name = "sender";

				            return-path = "sender";

nerf commented

2025-03-02 16:06:36 +00:00

This seems to do what we want, even though the documentation reads like it sets the Return-Path: header. But it seems to set the reverse path (which is the argument to the MAIL FROM: smtp command). Maybe it does both?

This seems to do what we want, even though the documentation reads like it sets the `Return-Path:` header. But it seems to set the reverse path (which is the argument to the `MAIL FROM:` smtp command). Maybe it does both?

nerf commented

2025-03-03 10:36:53 +00:00

This parameter seems to control the MAIL FROM: and with this all the headers we want to set.
The documentation reads to me as if it sets the Return-Path: header. I'm unsure if it actually does it.

This parameter seems to control the `MAIL FROM:` and with this all the headers we want to set. The documentation reads to me as if it sets the `Return-Path:` header. I'm unsure if it actually does it.

Gonne marked this conversation as resolved

Gonne commented

2025-03-03 11:56:04 +00:00

So we want this?

sieve.trusted = {
            # […]
#            from-addr = "sender";  # unset
#            from-name = "sender"; # unset
            return-path = "sender"; # set the outgoing MAIL FROM to the original sender as specified in the incoming MAIL FROM.
            # […]
          };

So we want this? ```nix sieve.trusted = { # […] # from-addr = "sender"; # unset # from-name = "sender"; # unset return-path = "sender"; # set the outgoing MAIL FROM to the original sender as specified in the incoming MAIL FROM. # […] }; ```

Gonne added 1 commit 2025-03-03 11:59:26 +00:00

Alias file update b3a0936e30

Gonne added 1 commit 2025-03-03 13:50:06 +00:00

Only set original sender for MAIL FROM 67d8132606

requested review from nerf

2025-03-03 14:46:05 +00:00

Gonne added 1 commit 2025-03-04 06:40:04 +00:00

Hack around sieve execution for multiple recipients. 4c946968e1

Gonne force-pushed nyarlathotep from 4c946968e1 to 5e0cb9ebcc

2025-03-04 08:06:09 +00:00

Compare

Gonne force-pushed nyarlathotep from 5e0cb9ebcc to d27f4b942e