system-configuration/modules/config/mail.scm

mail.scm

1
;;; Tyreunom's system administration and configuration tools.
2
;;;
3
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4
;;;
5
;;; This program is free software: you can redistribute it and/or modify
6
;;; it under the terms of the GNU General Public License as published by
7
;;; the Free Software Foundation, either version 3 of the License, or
8
;;; (at your option) any later version.
9
;;;
10
;;; This program is distributed in the hope that it will be useful,
11
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
;;; GNU General Public License for more details.
14
;;;
15
;;; You should have received a copy of the GNU General Public License
16
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
18
;;
19
;; Email configuration
20
;;
21
22
(define-module (config mail)
23
  #:use-module (data dns)
24
  #:use-module (gnu packages mail)
25
  #:use-module (gnu services)
26
  #:use-module (gnu services mail)
27
  #:use-module (guix gexp)
28
  #:use-module (services mail)
29
  #:export (lepiller-mail-services))
30
31
(define aliases-file
32
  (plain-file "aliases" "postmaster root
33
34
@ tyreunom
35
"))
36
37
(define relays-file
38
  (plain-file "other-relays"
39
    (string-append ene-ip4 "\n" hermes-ip4 "\n" hermes-ip6 "\n" )))
40
41
(define blacklist-file
42
  (plain-file "blacklist" "
43
@yahoo.com.cn
44
@qq.com
45
@fnac.com
46
@just-aero.us
47
@elitetorrent1.com"))
48
49
(define (opensmtpd-conf interface domain)
50
  (mixed-text-file "smtpd.conf" "
51
# This is the smtpd server system-wide configuration file.
52
# See smtpd.conf(5) for more information.
53
54
# My TLS certificate and key
55
pki lepiller.eu cert \"/etc/letsencrypt/live/" domain "/fullchain.pem\"
56
pki lepiller.eu key \"/etc/letsencrypt/live/" domain "/privkey.pem\"
57
58
# Edit this file to add more virtual users (passwords are read in that file
59
# instead of /etc/passwd.
60
table passwd file:/etc/mail/passwd
61
62
table other-relays file:" relays-file "
63
table blacklist file:" blacklist-file "
64
65
# A simple spam filter
66
filter spam-filter phase mail-from match mail-from <blacklist> reject \"555 Your spam level is over NINE THOUSAND!\"
67
68
# port 25 is used only for receiving from external servers, and they may start a
69
# TLS session if the want.
70
listen on " interface " port 25 tls pki lepiller.eu filter spam-filter
71
# For sending messages from outside of this server, you need to authenticate and
72
# use TLS.
73
listen on " interface " port 587 tls-require pki lepiller.eu mask-src auth <passwd>
74
# Localhost is used by the .onion, so we use the same configuration for
75
# local connections.
76
listen on lo port 25 tls pki lepiller.eu filter spam-filter
77
# Since incoming connection uses tor, we don't need tls, but still require
78
# authentication; we're not a relay
79
listen on lo port 587 tls pki lepiller.eu mask-src auth <passwd>
80
81
# DKIMproxy
82
listen on lo port 10028 tag DKIM_OUT
83
84
# The socket is considered an internal connection
85
listen on socket mask-src
86
87
# Maybe it'll work better if we connect to gmail only with v4?
88
#limit mta for domain gmail.com inet4
89
90
# TODO: manage these files directly in the configuration?
91
# If you edit the file, you have to run \"smtpctl update table aliases\"
92
table aliases file:" aliases-file "
93
94
# We define some actions
95
action receive maildir virtual <aliases>
96
action outbound relay
97
action godkim relay host smtp://127.0.0.1:10027
98
99
# We accept to relay any mail from authenticated users
100
match for any from any auth action godkim
101
match tag DKIM_OUT for any action outbound
102
103
# Then, we reject on some other conditions:
104
105
# If the mail tries to impersonate us
106
match !from src <other-relays> mail-from \"@lepiller.eu\" for any reject
107
# If it comes from someone on the blacklist
108
match from any mail-from <blacklist> reject
109
110
# Finaly, if we accept incoming messages
111
match from any for domain \"lepiller.eu\" action receive
112
match for local action receive
113
"))
114
115
(define (lepiller-imap-service domain)
116
  (service dovecot-service-type
117
           (dovecot-configuration
118
             (mail-location "maildir:~/Maildir")
119
             (ssl-cert (string-append
120
                         "</etc/letsencrypt/live/" domain "/fullchain.pem"))
121
             (ssl-key  (string-append
122
                         "</etc/letsencrypt/live/" domain "/privkey.pem")))))
123
124
(define (lepiller-smtp-service interface domain)
125
  (service opensmtpd-service-type
126
           (opensmtpd-configuration
127
             (config-file (opensmtpd-conf interface domain)))))
128
129
(define (lepiller-dkim-service domain)
130
  (service dkimproxy-out-service-type
131
           (dkimproxy-out-configuration
132
             (listen "127.0.0.1:10027")
133
             (relay "127.0.0.1:10028")
134
             (sender-map
135
               `((,domain
136
                  (,(dkimproxy-out-signature-configuration
137
                      (type 'dkim)
138
                      (key "/etc/mail/dkim/private.key")
139
                      (algorithm "rsa-sha256")
140
                      (method "relaxed")
141
                      (selector "dkim"))
142
                   ,(dkimproxy-out-signature-configuration
143
                      (type 'domainkeys)
144
                      (method "nofws")))))))))
145
146
(define* (lepiller-mail-services #:key interface domain)
147
  (list
148
    (lepiller-smtp-service interface domain)
149
    (lepiller-imap-service domain)
150
    (lepiller-dkim-service domain)))
151
152