system-configuration/modules/config/mail.scm

mail.scm

1
;;; Tyreunom's system administration and configuration tools.
2
;;;
3
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4
;;;
5
;;; This program is free software: you can redistribute it and/or modify
6
;;; it under the terms of the GNU General Public License as published by
7
;;; the Free Software Foundation, either version 3 of the License, or
8
;;; (at your option) any later version.
9
;;;
10
;;; This program is distributed in the hope that it will be useful,
11
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
;;; GNU General Public License for more details.
14
;;;
15
;;; You should have received a copy of the GNU General Public License
16
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
18
;;
19
;; Email configuration
20
;;
21
22
(define-module (config mail)
23
  #:use-module (data dns)
24
  #:use-module (gnu services)
25
  #:use-module (gnu services mail)
26
  #:use-module (guix gexp)
27
  #:export (lepiller-mail-services))
28
29
(define aliases-file
30
  (plain-file "aliases" "postmaster root
31
32
@ tyreunom
33
"))
34
35
(define relays-file
36
  (plain-file "other-relays"
37
    (string-append ene-ip4 "\n" hermes-ip4 "\n" hermes-ip6 "\n" )))
38
39
(define blacklist-file
40
  (plain-file "blacklist" "
41
@yahoo.com.cn
42
@qq.com"))
43
44
(define opensmtpd-conf
45
  (mixed-text-file "smtpd.conf" "
46
# This is the smtpd server system-wide configuration file.
47
# See smtpd.conf(5) for more information.
48
49
# My TLS certificate and key
50
pki lepiller.eu certificate \"/etc/letsencrypt/live/lepiller.eu/fullchain.pem\"
51
pki lepiller.eu key \"/etc/letsencrypt/live/lepiller.eu/privkey.pem\"
52
53
# Edit this file to add more virtual users (passwords are read in that file
54
# instead of /etc/passwd.
55
table passwd file:/etc/mail/passwd
56
57
# port 25 is used only for receiving from external servers, and they may start a
58
# TLS session if the want.
59
listen on ens18 port 25 tls pki lepiller.eu
60
# For sending messages from outside of this server, you need to authenticate and
61
# use TLS.
62
listen on ens18 port 587 tls-require pki lepiller.eu auth <passwd>
63
# On this server, you only need to authenticate on one of the available ports,
64
# and you may use TLS.
65
listen on lo port 25 tls pki lepiller.eu auth <passwd>
66
listen on lo port 587 tls pki lepiller.eu auth <passwd>
67
68
# TODO: manage these files directly in the configuration?
69
# If you edit the file, you have to run \"smtpctl update table aliases\"
70
table aliases file:" aliases-file "
71
72
table other-relays file:" relays-file "
73
table blacklist file:" blacklist-file "
74
75
# We accept to relay any mail from authenticated users
76
accept for any authenticated relay
77
78
# Then, we reject on some other conditions:
79
80
# If the mail tries to impersonate us
81
reject from ! source <other-relays> sender \"@lepiller.eu\" for any
82
# If it comes from someone on the blacklist
83
reject from any sender <blacklist> for any
84
85
# Finaly, if we accept incoming messages
86
accept from any for domain \"lepiller.eu\" virtual <aliases> deliver to maildir
87
accept for local alias <aliases> deliver to maildir
88
"))
89
90
(define lepiller-imap-service
91
  (service dovecot-service-type
92
           (dovecot-configuration
93
	     (mail-location "maildir:~/Maildir")
94
	     (ssl-cert "</etc/letsencrypt/live/lepiller.eu/fullchain.pem")
95
	     (ssl-key  "</etc/letsencrypt/live/lepiller.eu/privkey.pem"))))
96
97
(define lepiller-smtp-service
98
  (service opensmtpd-service-type
99
	   (opensmtpd-configuration
100
	     (config-file opensmtpd-conf))))
101
102
(define lepiller-mail-services
103
  (list
104
    lepiller-smtp-service
105
    lepiller-imap-service))
106