Fix DKIM config

2025-03-25 21:03:15 +01:00 · 2025-03-25 21:03:15 +01:00 · 88d7a40000
commit 88d7a40000
parent c078a05ad0
1 changed files with 4 additions and 3 deletions
--- a/nixos/modules/mail.nix
+++ b/nixos/modules/mail.nix
@ -66,6 +66,7 @@ in {
        openFirewall = true;
        settings = {
          server = {
+            tracer.stdout.level = "trace";
            hostname = "fb04184.mathematik.tu-darmstadt.de"; # Because the DNS PTR of 130.83.2.184 is this and this should be used in SMTP EHLO.
            listener = {
              "smtp" = {
@ -240,7 +241,7 @@ in {
                private-key = "%{file:/run/secrets/dkim_rsa}%";
                domain = "${domain}";
                selector = "rsa-default";
-                headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "User-Agent" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures
+                headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures except "User-Agent" which somehow breaks
                algorithm = "rsa-sha256";
                canonicalization = "relaxed/relaxed";
              };
@ -248,13 +249,13 @@ in {
                private-key = "%{file:/run/secrets/dkim_ed25519}%";
                domain = "${domain}";
                selector = "ed-default";
-                headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "User-Agent" "Thread-Topic" "Thread-Index"];
+                headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures except "User-Agent" which somehow breaks
                algorithm = "ed25519-sha256";
                canonicalization = "relaxed/relaxed";
              };
            };
          in
-            map signatureTemplate (["lists.mathebau.de"] ++ (map ({domain, ...}: domain) cfg.domains));
+            lib.attrsets.mergeAttrsList (map signatureTemplate (["lists.mathebau.de"] ++ (map ({domain, ...}: domain) cfg.domains)));

          authentication.fallback-admin = {
            user = "admin";