mail.scm
| 1 | ;;; Tyreunom's system administration and configuration tools. |
| 2 | ;;; |
| 3 | ;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu> |
| 4 | ;;; |
| 5 | ;;; This program is free software: you can redistribute it and/or modify |
| 6 | ;;; it under the terms of the GNU General Public License as published by |
| 7 | ;;; the Free Software Foundation, either version 3 of the License, or |
| 8 | ;;; (at your option) any later version. |
| 9 | ;;; |
| 10 | ;;; This program is distributed in the hope that it will be useful, |
| 11 | ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | ;;; GNU General Public License for more details. |
| 14 | ;;; |
| 15 | ;;; You should have received a copy of the GNU General Public License |
| 16 | ;;; along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 17 | |
| 18 | ;; |
| 19 | ;; Email configuration |
| 20 | ;; |
| 21 | |
| 22 | (define-module (config mail) |
| 23 | #:use-module (data dns) |
| 24 | #:use-module (gnu services) |
| 25 | #:use-module (gnu services mail) |
| 26 | #:use-module (guix gexp) |
| 27 | #:use-module (services mail) |
| 28 | #:export (lepiller-mail-services)) |
| 29 | |
| 30 | (define aliases-file |
| 31 | (plain-file "aliases" "postmaster root |
| 32 | |
| 33 | @ tyreunom |
| 34 | ")) |
| 35 | |
| 36 | (define relays-file |
| 37 | (plain-file "other-relays" |
| 38 | (string-append ene-ip4 "\n" hermes-ip4 "\n" hermes-ip6 "\n" ))) |
| 39 | |
| 40 | (define blacklist-file |
| 41 | (plain-file "blacklist" " |
| 42 | @yahoo.com.cn |
| 43 | @qq.com")) |
| 44 | |
| 45 | (define (opensmtpd-conf interface domain) |
| 46 | (mixed-text-file "smtpd.conf" " |
| 47 | # This is the smtpd server system-wide configuration file. |
| 48 | # See smtpd.conf(5) for more information. |
| 49 | |
| 50 | # My TLS certificate and key |
| 51 | pki lepiller.eu certificate \"/etc/letsencrypt/live/" domain "/fullchain.pem\" |
| 52 | pki lepiller.eu key \"/etc/letsencrypt/live/" domain "/privkey.pem\" |
| 53 | |
| 54 | # Edit this file to add more virtual users (passwords are read in that file |
| 55 | # instead of /etc/passwd. |
| 56 | table passwd file:/etc/mail/passwd |
| 57 | |
| 58 | # port 25 is used only for receiving from external servers, and they may start a |
| 59 | # TLS session if the want. |
| 60 | listen on " interface " port 25 tls pki lepiller.eu |
| 61 | # For sending messages from outside of this server, you need to authenticate and |
| 62 | # use TLS. |
| 63 | listen on " interface " port 587 tls-require pki lepiller.eu mask-source auth <passwd> |
| 64 | # On this server, you only need to authenticate on one of the available ports, |
| 65 | # and you may use TLS. |
| 66 | listen on lo port 25 tls pki lepiller.eu mask-source auth <passwd> |
| 67 | listen on lo port 587 tls pki lepiller.eu mask-source auth <passwd> |
| 68 | listen on lo port 10028 tag DKIM_OUT # DKIMproxy |
| 69 | |
| 70 | # Maybe it'll work better if we connect to gmail only with v4? |
| 71 | limit mta for domain gmail.com inet4 |
| 72 | |
| 73 | # TODO: manage these files directly in the configuration? |
| 74 | # If you edit the file, you have to run \"smtpctl update table aliases\" |
| 75 | table aliases file:" aliases-file " |
| 76 | |
| 77 | table other-relays file:" relays-file " |
| 78 | table blacklist file:" blacklist-file " |
| 79 | |
| 80 | # We accept to relay any mail from authenticated users |
| 81 | accept for any authenticated relay via smtp://127.0.0.1:10027 |
| 82 | accept tagged DKIM_OUT for any relay |
| 83 | |
| 84 | # Then, we reject on some other conditions: |
| 85 | |
| 86 | # If the mail tries to impersonate us |
| 87 | reject from ! source <other-relays> sender \"@lepiller.eu\" for any |
| 88 | # If it comes from someone on the blacklist |
| 89 | reject from any sender <blacklist> for any |
| 90 | |
| 91 | # Finaly, if we accept incoming messages |
| 92 | accept from any for domain \"lepiller.eu\" virtual <aliases> deliver to maildir |
| 93 | accept for local alias <aliases> deliver to maildir |
| 94 | ")) |
| 95 | |
| 96 | (define (dkimproxy-conf domain) |
| 97 | (mixed-text-file "dkimproxy.out.conf" " |
| 98 | # specify what address/port DKIMproxy should listen on |
| 99 | listen 127.0.0.1:10027 |
| 100 | # specify what address/port DKIMproxy forwards mail to |
| 101 | relay 127.0.0.1:10028 |
| 102 | # specify what domains DKIMproxy can sign for (comma-separated, no spaces) |
| 103 | domain " domain " |
| 104 | # specify what signatures to add |
| 105 | signature dkim(c=relaxed) |
| 106 | signature domainkeys(c=nofws) |
| 107 | # specify location of the private key |
| 108 | keyfile /etc/mail/dkim/private.key |
| 109 | # specify the selector (i.e. the name of the key record put in DNS) |
| 110 | selector dkim |
| 111 | ")) |
| 112 | |
| 113 | (define (lepiller-imap-service domain) |
| 114 | (service dovecot-service-type |
| 115 | (dovecot-configuration |
| 116 | (mail-location "maildir:~/Maildir") |
| 117 | (ssl-cert (string-append |
| 118 | "</etc/letsencrypt/live/" domain "/fullchain.pem")) |
| 119 | (ssl-key (string-append |
| 120 | "</etc/letsencrypt/live/" domain "/privkey.pem"))))) |
| 121 | |
| 122 | (define (lepiller-smtp-service interface domain) |
| 123 | (service opensmtpd-service-type |
| 124 | (opensmtpd-configuration |
| 125 | (config-file (opensmtpd-conf interface domain))))) |
| 126 | |
| 127 | (define (lepiller-dkim-service domain) |
| 128 | (service dkimproxy-out-service-type |
| 129 | (dkimproxy-out-configuration |
| 130 | (config-file (dkimproxy-conf domain))))) |
| 131 | |
| 132 | (define* (lepiller-mail-services #:key interface domain) |
| 133 | (list |
| 134 | (lepiller-smtp-service interface domain) |
| 135 | (lepiller-imap-service domain) |
| 136 | (lepiller-dkim-service domain))) |
| 137 | |
| 138 |