system-configuration/modules/config/mail.scm

mail.scm

1
;;; Tyreunom's system administration and configuration tools.
2
;;;
3
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4
;;;
5
;;; This program is free software: you can redistribute it and/or modify
6
;;; it under the terms of the GNU General Public License as published by
7
;;; the Free Software Foundation, either version 3 of the License, or
8
;;; (at your option) any later version.
9
;;;
10
;;; This program is distributed in the hope that it will be useful,
11
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
;;; GNU General Public License for more details.
14
;;;
15
;;; You should have received a copy of the GNU General Public License
16
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
18
;;
19
;; Email configuration
20
;;
21
22
(define-module (config mail)
23
  #:use-module (data dns)
24
  #:use-module (gnu packages mail)
25
  #:use-module (gnu services)
26
  #:use-module (gnu services mail)
27
  #:use-module (guix gexp)
28
  #:use-module (services mail)
29
  #:export (lepiller-mail-services))
30
31
(define aliases-file
32
  (plain-file "aliases" "postmaster root
33
34
@ tyreunom
35
"))
36
37
(define relays-file
38
  (plain-file "other-relays"
39
    (string-append ene-rennes-ip4 "\n" ene-kb-ip4 "\n" ene-kb-ip6 "\n"
40
                   hermes-ip4 "\n" hermes-ip6 "\n" )))
41
42
(define blacklist-file
43
  (plain-file "blacklist" "
44
@yahoo.com.cn
45
@qq.com
46
@fnac.com
47
@just-aero.us
48
@elitetorrent1.com"))
49
50
(define (opensmtpd-conf interface domain)
51
  (mixed-text-file "smtpd.conf" "
52
# This is the smtpd server system-wide configuration file.
53
# See smtpd.conf(5) for more information.
54
55
# My TLS certificate and key
56
pki lepiller.eu cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"
57
pki lepiller.eu key \"/etc/letsencrypt/live/" domain "/privkey.pem\"
58
59
# Edit this file to add more virtual users (passwords are read in that file
60
# instead of /etc/passwd.
61
table passwd file:/etc/mail/passwd
62
63
table other-relays file:" relays-file "
64
table blacklist file:" blacklist-file "
65
66
# A simple spam filter
67
filter spam-filter phase mail-from match mail-from <blacklist> reject \"555 Your spam level is over NINE THOUSAND!\"
68
69
# port 25 is used only for receiving from external servers, and they may start a
70
# TLS session if the want.
71
listen on " interface " port 25 tls pki lepiller.eu filter spam-filter
72
# For sending messages from outside of this server, you need to authenticate and
73
# use TLS.
74
listen on " interface " port 587 tls-require pki lepiller.eu mask-src auth <passwd>
75
# Localhost is used by the .onion, so we use the same configuration for
76
# local connections.
77
listen on lo port 25 tls pki lepiller.eu filter spam-filter
78
# Since incoming connection uses tor, we don't need tls, but still require
79
# authentication; we're not a relay
80
listen on lo port 587 tls pki lepiller.eu mask-src auth <passwd>
81
82
# DKIMproxy
83
listen on lo port 10028 tag DKIM_OUT
84
85
# The socket is considered an internal connection
86
listen on socket mask-src
87
88
# Maybe it'll work better if we connect to gmail only with v4?
89
#limit mta for domain gmail.com inet4
90
91
# TODO: manage these files directly in the configuration?
92
# If you edit the file, you have to run \"smtpctl update table aliases\"
93
table aliases file:" aliases-file "
94
95
# We define some actions
96
action receive maildir virtual <aliases>
97
action outbound relay
98
action godkim relay host smtp://127.0.0.1:10027
99
100
# We accept to relay any mail from authenticated users
101
match for any from any auth action godkim
102
match tag DKIM_OUT for any action outbound
103
104
# Then, we reject on some other conditions:
105
106
# If the mail tries to impersonate us
107
match !from src <other-relays> mail-from \"@lepiller.eu\" for any reject
108
# If it comes from someone on the blacklist
109
match from any mail-from <blacklist> reject
110
111
# Finaly, if we accept incoming messages
112
match from any for domain \"lepiller.eu\" action receive
113
match for local action receive
114
"))
115
116
(define (lepiller-imap-service domain)
117
  (service dovecot-service-type
118
           (dovecot-configuration
119
             (mail-location "maildir:~/Maildir")
120
             (ssl-cert (string-append
121
                         "</etc/letsencrypt/live/" domain "/fullchain.pem"))
122
             (ssl-key  (string-append
123
                         "</etc/letsencrypt/live/" domain "/privkey.pem")))))
124
125
(define (lepiller-smtp-service interface domain)
126
  (service opensmtpd-service-type
127
           (opensmtpd-configuration
128
             (config-file (opensmtpd-conf interface domain)))))
129
130
(define (lepiller-dkim-service domain)
131
  (service dkimproxy-out-service-type
132
           (dkimproxy-out-configuration
133
             (listen "127.0.0.1:10027")
134
             (relay "127.0.0.1:10028")
135
             (sender-map
136
               `((,domain
137
                  (,(dkimproxy-out-signature-configuration
138
                      (type 'dkim)
139
                      (key "/etc/mail/dkim/private.key")
140
                      (algorithm "rsa-sha256")
141
                      (method "relaxed")
142
                      (selector "dkim"))
143
                   ,(dkimproxy-out-signature-configuration
144
                      (type 'domainkeys)
145
                      (method "nofws")))))))))
146
147
(define* (lepiller-mail-services #:key interface domain)
148
  (list
149
    (lepiller-smtp-service interface domain)
150
    (lepiller-imap-service domain)
151
    (lepiller-dkim-service domain)))
152
153