From 19351ef31652e0c4184a4e948bd097df28c8670f Mon Sep 17 00:00:00 2001 From: Gonne Date: Tue, 4 Mar 2025 07:39:36 +0100 Subject: [PATCH 1/3] Hack around sieve execution for multiple recipients. --- nixos/modules/mail.nix | 4 ++++ nixos/modules/mailman.nix | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix index 24d144c..88bc59e 100644 --- a/nixos/modules/mail.nix +++ b/nixos/modules/mail.nix @@ -184,6 +184,10 @@ in { } {"else" = false;} ]; + # The sieve script only handles the last RCPT TO command (https://stalw.art/docs/sieve/variables). + # Since we want it to run for every recipient, we need to accept them one at a time. :-( + # This setting throws a temporary error for the second RCPT TO command after which the HRZ retries in a new connection. + max-recipients = 1; }; data.script = "'redirects'"; }; diff --git a/nixos/modules/mailman.nix b/nixos/modules/mailman.nix index 1c8eaba..b090ef0 100644 --- a/nixos/modules/mailman.nix +++ b/nixos/modules/mailman.nix @@ -43,7 +43,11 @@ in { webHosts = [cfg.hostName]; serve.enable = true; # # Don't include confirmation tokens in reply addresses, because we would need to send them to HRZ otherwise. - settings.mta.verp_confirmations = "no"; + settings.mta = { + verp_confirmations = "no"; + max_recipients = "1"; # We can only send to one recipient at a time due to how forwarding currently works. See also the mail module. + max_sessions_per_connection = "1"; + }; }; }; From 7ac5fc4e387f3171a353f6bf3e67b45334a7f011 Mon Sep 17 00:00:00 2001 From: Gonne Date: Mon, 17 Mar 2025 15:57:23 +0100 Subject: [PATCH 2/3] Update to redirect script that works for multiple recipients --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index ab4a759..9f419bc 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1740490964, - "narHash": "sha256-05mpcJZCX631rNCxJohUu+nhVOlAc3EfcNPBzOFSHMo=", + "lastModified": 1742221722, + "narHash": "sha256-qa1LVV4d3uW2l8G1YRpcIaYCF2Ct8/oAAj7ZxWUDLfI=", "ref": "refs/heads/main", - "rev": "c37b6ec8654db4c6e3d79acaeeccb577a9fb66ce", - "revCount": 21, + "rev": "2ee713ff92cfae28c1e5fa328c99096589b41e81", + "revCount": 22, "type": "git", "url": "https://gitea.mathebau.de/fachschaft/alias_to_sieve" }, From cb87976ce8ee6e99d5252be980c1cd9086619932 Mon Sep 17 00:00:00 2001 From: Gonne Date: Mon, 17 Mar 2025 15:59:16 +0100 Subject: [PATCH 3/3] Include stalwart's patch for redirect to sender instead of our own --- flake-module.nix | 3 ++- patches/sieve-rs.patch | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/flake-module.nix b/flake-module.nix index 789d7b8..2ee8b48 100644 --- a/flake-module.nix +++ b/flake-module.nix @@ -88,7 +88,8 @@ ./patches/sieve-rs.patch ]; # Replace the string with `lib.fakeHash` after version changes in order to get the new hash value. - cargoHash = "sha256-gb2oFlVA/vE6DoWWW8SCFA3l7rtV2RuosPUY+6IcKNM="; + cargoHash = "sha256-0U0Z13a2vRxMFnaaHeXBjvYDjKStgqmuDboUVssVMQw="; + doCheck = false; # some test that does not look adjacent fails during build, so I disabled them. This also halves build time. } ); }; diff --git a/patches/sieve-rs.patch b/patches/sieve-rs.patch index b706d03..b0882f4 100644 --- a/patches/sieve-rs.patch +++ b/patches/sieve-rs.patch @@ -8,7 +8,7 @@ index be36759b..b4316639 100644 version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15ac54053752c25a0e545dd1953de716abcc80b12cfe0b6c2f2c1c73759d4f45" -+source = "git+https://gitea.mathebau.de/fachschaft/sieve-rs.git#71324550504c0f84fe3e814d05cbe22f90a3b228" ++source = "git+https://github.com/stalwartlabs/sieve.git#56450c6ccdf76f1de95931db24896599159efc53" dependencies = [ "ahash 0.8.11", "bincode", @@ -23,5 +23,5 @@ index f055474f..2b64c9ac 100644 + + +[patch.crates-io] -+sieve-rs = { git = 'https://gitea.mathebau.de/fachschaft/sieve-rs.git' } ++sieve-rs = { git = 'https://github.com/stalwartlabs/sieve.git' }