maxwell/email.nix

{ config, ... }:

{
  imports = [
    (builtins.fetchTarball {
      url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-22.11/nixos-mailserver-nixos-22.11.tar.gz";
      sha256 = "1h1r4x2ffqwyk0ql6kjvcpg1bdiimyzhrsvn49702fsgzpx57fhd";
    })
  ];

  mailserver = {
    enable = true;
    fqdn = "mail.eurofusion.eu";
    domains = [ "eurofusion.eu" ];

    messageSizeLimit = 78643200;  # ~50MiB of base64 binary

    loginAccounts = config.secrets.emailAccounts;
    extraVirtualAliases = config.secrets.emailAliases;

    # store state under /var
    mailDirectory    = "/var/lib/mail";
    dkimKeyDirectory = "/var/lib/dkim";

    mailboxes = {
      # default IMAP folders
      Sent   = { specialUse = "Sent";   auto = "subscribe"; };
      Drafts = { specialUse = "Drafts"; auto = "subscribe"; };
      Spam   = { specialUse = "Junk";   auto = "subscribe"; };
      Trash  = { specialUse = "Trash";  auto = "no"; };
    };

    # Use Let's Encrypt certificate
    certificateScheme = 3;

    # There is one already (pdns-recursor)
    localDnsResolver = false;

    # Enable IMAPS (993), SMTPS (465)
    enableImapSsl = true;
    enableImap = false;
    enableSubmissionSsl = true;
    enableSubmission = false;
  };

  services.dovecot2.extraConfig = ''
    # Improve hashing speed
    auth_cache_verify_password_with_worker = yes
  '';

  services.postfix.extraConfig = ''
    # Prefer IPv6
    smtp_address_preference = ipv6
    # Prevent binding on temporary addresses
    smtp_bind_address6 = 2001:470:c8e8:0:230:48ff:fefa:91e1
  '';

}
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`{ config, ... }:`

			`{`
			`imports = [`
			`(builtins.fetchTarball {`
update to NixOS 22.11 2023-02-25 01:24:08 +01:00			`url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-22.11/nixos-mailserver-nixos-22.11.tar.gz";`
			`sha256 = "1h1r4x2ffqwyk0ql6kjvcpg1bdiimyzhrsvn49702fsgzpx57fhd";`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`})`
			`];`

			`mailserver = {`
			`enable = true;`
			`fqdn = "mail.eurofusion.eu";`
email: fix SPF HELO check Postfix was using a temporary address instead of the EUI-64, which is the one associated to the mailserver domain. 2021-03-07 12:24:03 +01:00			`domains = [ "eurofusion.eu" ];`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00
email: set message size limit 2022-08-22 16:41:05 +02:00			`messageSizeLimit = 78643200; # ~50MiB of base64 binary`

configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`loginAccounts = config.secrets.emailAccounts;`
update to NixOS 22.11 2023-02-25 01:24:08 +01:00			`extraVirtualAliases = config.secrets.emailAliases;`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00
email: move state to /var/lib 2022-10-17 23:55:36 +02:00			`# store state under /var`
			`mailDirectory = "/var/lib/mail";`
			`dkimKeyDirectory = "/var/lib/dkim";`

email: rename folder Junk->Spam 2021-04-02 19:19:48 +02:00			`mailboxes = {`
			`# default IMAP folders`
			`Sent = { specialUse = "Sent"; auto = "subscribe"; };`
			`Drafts = { specialUse = "Drafts"; auto = "subscribe"; };`
			`Spam = { specialUse = "Junk"; auto = "subscribe"; };`
			`Trash = { specialUse = "Trash"; auto = "no"; };`
			`};`

configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`# Use Let's Encrypt certificate`
			`certificateScheme = 3;`

			`# There is one already (pdns-recursor)`
			`localDnsResolver = false;`

email: disable non-TLS access 2022-08-11 02:47:27 +02:00			`# Enable IMAPS (993), SMTPS (465)`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`enableImapSsl = true;`
email: disable non-TLS access 2022-08-11 02:47:27 +02:00			`enableImap = false;`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`enableSubmissionSsl = true;`
email: disable non-TLS access 2022-08-11 02:47:27 +02:00			`enableSubmission = false;`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`};`

			`services.dovecot2.extraConfig = ''`
email: fix SPF HELO check Postfix was using a temporary address instead of the EUI-64, which is the one associated to the mailserver domain. 2021-03-07 12:24:03 +01:00			`# Improve hashing speed`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`auth_cache_verify_password_with_worker = yes`
			`'';`
email: fix SPF HELO check Postfix was using a temporary address instead of the EUI-64, which is the one associated to the mailserver domain. 2021-03-07 12:24:03 +01:00
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`services.postfix.extraConfig = ''`
email: fix SPF HELO check Postfix was using a temporary address instead of the EUI-64, which is the one associated to the mailserver domain. 2021-03-07 12:24:03 +01:00			`# Prefer IPv6`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`smtp_address_preference = ipv6`
email: fix SPF HELO check Postfix was using a temporary address instead of the EUI-64, which is the one associated to the mailserver domain. 2021-03-07 12:24:03 +01:00			`# Prevent binding on temporary addresses`
			`smtp_bind_address6 = 2001:470:c8e8:0:230:48ff:fefa:91e1`
configure eurofusion.eu mailserver 2021-02-17 18:06:00 +01:00			`'';`

			`}`