Improve mailserver config
This commit is contained in:
parent
c1eee01d37
commit
e53b8ede89
|
@ -12,8 +12,8 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
imports =
|
imports = [ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
|
||||||
[ ../../roles "${(import ../../../nix/sources.nix).nixos-mailserver}" ];
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
rspamd = {
|
rspamd = {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -36,7 +36,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
postfix = {
|
postfix = {
|
||||||
networks = [ "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
networks = [ "[::1]/128" "127.0.0.1/32" "[${config.m-0.prefix}::]/64" "10.0.0.0/24" ];
|
||||||
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
|
transport = "email2matrix.maralorn.de smtp:[::1]:2525";
|
||||||
config = {
|
config = {
|
||||||
# Allow TLSv1 because we need to be able to receive mail from legacy servers.
|
# Allow TLSv1 because we need to be able to receive mail from legacy servers.
|
||||||
|
@ -44,12 +44,13 @@ in
|
||||||
"TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
|
"TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, !SSLv2, !SSLv3";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
opendkim.keyPath = "/var/dkim";
|
|
||||||
};
|
};
|
||||||
mailserver = {
|
mailserver = {
|
||||||
|
dkimKeyDirectory = "/var/lib/opendkim/keys";
|
||||||
enable = true;
|
enable = true;
|
||||||
enableImapSsl = true;
|
enableImapSsl = true;
|
||||||
fqdn = "hera.m-0.eu";
|
fqdn = "hera.m-0.eu";
|
||||||
|
rewriteMessageId = true;
|
||||||
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
|
domains = [ "m-0.eu" "maralorn.de" "choreutes.de" "mathechor.de" ];
|
||||||
forwards = pkgs.privateValue { } "mail/forwards";
|
forwards = pkgs.privateValue { } "mail/forwards";
|
||||||
loginAccounts = pkgs.privateValue { } "mail/users";
|
loginAccounts = pkgs.privateValue { } "mail/users";
|
||||||
|
|
Loading…
Reference in a new issue