system-configuration/modules/config/mail.scm

mail.scm

1
;;; Tyreunom's system administration and configuration tools.
2
;;;
3
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4
;;;
5
;;; This program is free software: you can redistribute it and/or modify
6
;;; it under the terms of the GNU General Public License as published by
7
;;; the Free Software Foundation, either version 3 of the License, or
8
;;; (at your option) any later version.
9
;;;
10
;;; This program is distributed in the hope that it will be useful,
11
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
;;; GNU General Public License for more details.
14
;;;
15
;;; You should have received a copy of the GNU General Public License
16
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
18
;;
19
;; Email configuration
20
;;
21
22
(define-module (config mail)
23
  #:use-module (data dns)
24
  #:use-module (gnu services)
25
  #:use-module (gnu services mail)
26
  #:use-module (guix gexp)
27
  #:export (lepiller-mail-services))
28
29
(define aliases-file
30
  (plain-file "aliases" "postmaster root
31
32
@ tyreunom
33
"))
34
35
(define relays-file
36
  (plain-file "other-relays"
37
    (string-append ene-ip4 "\n" hermes-ip4 "\n" hermes-ip6 "\n" )))
38
39
(define blacklist-file
40
  (plain-file "blacklist" "
41
@yahoo.com.cn
42
@qq.com"))
43
44
(define (opensmtpd-conf interface domain)
45
  (mixed-text-file "smtpd.conf" "
46
# This is the smtpd server system-wide configuration file.
47
# See smtpd.conf(5) for more information.
48
49
# My TLS certificate and key
50
pki lepiller.eu certificate \"/etc/letsencrypt/live/" domain "/fullchain.pem\"
51
pki lepiller.eu key \"/etc/letsencrypt/live/" domain "/privkey.pem\"
52
53
# Edit this file to add more virtual users (passwords are read in that file
54
# instead of /etc/passwd.
55
table passwd file:/etc/mail/passwd
56
57
# port 25 is used only for receiving from external servers, and they may start a
58
# TLS session if the want.
59
listen on " interface " port 25 tls pki lepiller.eu
60
# For sending messages from outside of this server, you need to authenticate and
61
# use TLS.
62
listen on " interface " port 587 tls-require pki lepiller.eu auth <passwd>
63
# On this server, you only need to authenticate on one of the available ports,
64
# and you may use TLS.
65
listen on lo port 25 tls pki lepiller.eu auth <passwd>
66
listen on lo port 587 tls pki lepiller.eu auth <passwd>
67
68
# TODO: manage these files directly in the configuration?
69
# If you edit the file, you have to run \"smtpctl update table aliases\"
70
table aliases file:" aliases-file "
71
72
table other-relays file:" relays-file "
73
table blacklist file:" blacklist-file "
74
75
# We accept to relay any mail from authenticated users
76
accept for any authenticated relay
77
78
# Then, we reject on some other conditions:
79
80
# If the mail tries to impersonate us
81
reject from ! source <other-relays> sender \"@lepiller.eu\" for any
82
# If it comes from someone on the blacklist
83
reject from any sender <blacklist> for any
84
85
# Finaly, if we accept incoming messages
86
accept from any for domain \"lepiller.eu\" virtual <aliases> deliver to maildir
87
accept for local alias <aliases> deliver to maildir
88
"))
89
90
(define (lepiller-imap-service domain)
91
  (service dovecot-service-type
92
           (dovecot-configuration
93
	     (mail-location "maildir:~/Maildir")
94
	     (ssl-cert (string-append
95
			 "</etc/letsencrypt/live/" domain "/fullchain.pem"))
96
	     (ssl-key  (string-append
97
			 "</etc/letsencrypt/live/" domain "/privkey.pem")))))
98
99
(define (lepiller-smtp-service interface domain)
100
  (service opensmtpd-service-type
101
	   (opensmtpd-configuration
102
	     (config-file (opensmtpd-conf interface domain)))))
103
104
(define* (lepiller-mail-services #:key interface domain)
105
  (list
106
    (lepiller-smtp-service interface domain)
107
    (lepiller-imap-service domain)))
108