system-configuration/modules/config/mail.scm

mail.scm

1
;;; Tyreunom's system administration and configuration tools.
2
;;;
3
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4
;;;
5
;;; This program is free software: you can redistribute it and/or modify
6
;;; it under the terms of the GNU General Public License as published by
7
;;; the Free Software Foundation, either version 3 of the License, or
8
;;; (at your option) any later version.
9
;;;
10
;;; This program is distributed in the hope that it will be useful,
11
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
;;; GNU General Public License for more details.
14
;;;
15
;;; You should have received a copy of the GNU General Public License
16
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
18
;;
19
;; Email configuration
20
;;
21
22
(define-module (config mail)
23
  #:use-module (data dns)
24
  #:use-module (gnu services)
25
  #:use-module (gnu services mail)
26
  #:use-module (guix gexp)
27
  #:export (lepiller-mail-services))
28
29
(define aliases-file
30
  (plain-file "aliases" "@ tyreunom"))
31
32
(define relays-file
33
  (plain-file "other-relays"
34
    (string-append ene-ip4 "\n" hermes-ip4 "\n" hermes-ip6 "\n" )))
35
36
(define blacklist-file
37
  (plain-file "blacklist" "
38
@yahoo.com.cn
39
@qq.com"))
40
41
(define opensmtpd-conf
42
  (mixed-text-file "smtpd.conf" "
43
# This is the smtpd server system-wide configuration file.
44
# See smtpd.conf(5) for more information.
45
46
# My TLS certificate and key
47
pki lepiller.eu certificate \"/etc/letsencrypt/live/lepiller.eu/fullchain.pem\"
48
pki lepiller.eu key \"/etc/letsencrypt/live/lepiller.eu/privkey.pem\"
49
50
# Edit this file to add more virtual users (passwords are read in that file
51
# instead of /etc/passwd.
52
table passwd file:/etc/mail/passwd
53
54
# port 25 is used only for receiving from external servers, and they may start a
55
# TLS session if the want.
56
listen on ens18 port 25 tls pki lepiller.eu
57
# For sending messages from outside of this server, you need to authenticate and
58
# use TLS.
59
listen on ens18 port 587 tls-require pki lepiller.eu auth <passwd>
60
# On this server, you only need to authenticate on one of the available ports,
61
# and you may use TLS.
62
listen on lo port 25 tls pki lepiller.eu auth <passwd>
63
listen on lo port 587 tls pki lepiller.eu auth <passwd>
64
65
# TODO: manage these files directly in the configuration?
66
# If you edit the file, you have to run \"smtpctl update table aliases\"
67
table aliases file:" aliases-file "
68
69
table other-relays file:" relays-file "
70
table blacklist file:" blacklist-file "
71
72
# We accept to relay any mail from authenticated users
73
accept for any authenticated relay
74
75
# Then, we reject on some other conditions:
76
77
# If the mail tries to impersonate us
78
reject from ! source <other-relays> sender \"@lepiller.eu\" for any
79
# If it comes from someone on the blacklist
80
reject from any sender <blacklist> for any
81
82
# Finaly, if we accept incoming messages
83
accept from any for domain \"lepiller.eu\" virtual <aliases> deliver to maildir
84
accept for local alias <aliases> deliver to maildir
85
"))
86
87
(define lepiller-imap-service
88
  (service dovecot-service-type
89
           (dovecot-configuration
90
	     (mail-location "maildir:~/Maildir")
91
	     (ssl-cert "</etc/letsencrypt/live/lepiller.eu/fullchain.pem")
92
	     (ssl-key  "</etc/letsencrypt/live/lepiller.eu/privkey.pem"))))
93
94
(define lepiller-smtp-service
95
  (service opensmtpd-service-type
96
	   (opensmtpd-configuration
97
	     (config-file opensmtpd-conf))))
98
99
(define lepiller-mail-services
100
  (list
101
    lepiller-smtp-service
102
    lepiller-imap-service))
103