Allow unpacking stalwart's webadmin interface

Delete directive proxy_interface
This directive is supposed to prevent mail delivery loops that would be caused by portforwarding to itself. Behind this ip address, however, there is our general mail vm and not immediately the mailinglist setup.
2025-02-28 11:13:59 +01:00 · 2025-02-28 11:11:58 +01:00
2 changed files with 2 additions and 1 deletions
--- a/nixos/modules/mail.nix
+++ b/nixos/modules/mail.nix
@ -148,6 +148,7 @@ in {
            # In order to accept mail that we only forward
            # without having to generate an account.
            # Invalid addresses are filtered by DFN beforehand.
            # See also https://stalw.art/docs/smtp/inbound/rcpt/#catch-all-addresses
            catch-all = true;
            relay = [
              {
@ -267,6 +268,7 @@ in {
        "stalwart-mail" = {
          restartTriggers = lib.attrsets.mapAttrsToList (_: aliaslist: aliaslist.sopsFile) config.sops.secrets; # restart if secrets, especially alias files, have changed.
          serviceConfig.PrivateTmp = lib.mkForce false; # enable access to generated Sieve script
          serviceConfig.ProtectSystem = lib.mkForce "full"; # "strict" does not allow writing to /tmp which we need for unpacking the webadmin interface. "full" is less strict.
        };
        "virt-aliases-generator" = {
          description = "Virtual Aliases Generator: Generate a sieve script from the virtual alias file";
--- a/nixos/modules/mailman.nix
+++ b/nixos/modules/mailman.nix
@ -32,7 +32,6 @@ in {
        config = {
          transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
          local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
          proxy_interfaces = "130.83.2.184";
          smtputf8_enable = "no"; # HRZ does not know SMTPUTF8
        };
        relayHost = "mathebau.de"; # Relay to mail vm which relays to HRZ (see https://www.hrz.tu-darmstadt.de/services/it_services/email_infrastruktur/index.de.jsp)