initial commit

author: tv <tv@shackspace.de> 2014-08-21 13:28:19 +0200
committer: tv <tv@shackspace.de> 2014-08-21 13:28:19 +0200
commit: 3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 (patch)
tree: 77cc15d9b1ce1e0f82120dd4c85550b1a992b6bb
11 files changed, 419 insertions, 0 deletions
diff --git a/cd-system/cd-exim.conf b/cd-system/cd-exim.conf
new file mode 100644
index 0000000..c2f4835
--- /dev/null
+++ b/cd-system/cd-exim.conf
@@ -0,0 +1,133 @@
+RETIOLUM_HOSTNAME = cd.retiolum
+
+primary_hostname = RETIOLUM_HOSTNAME
+
+HOST_REDIR = /etc/exim4/host_redirect
+INTERNET_ALIASES = /etc/exim4/internet_aliases
+
+
+# Domains not listed in local_domains need to be deliverable remotely.
+# XXX We abuse local_domains to mean "domains, we're the gateway for".
+domainlist local_domains    = @ : localhost
+domainlist relay_to_domains =
+hostlist   relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37
+
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+
+never_users = root
+
+host_lookup = *
+
+rfc1413_hosts = *
+rfc1413_query_timeout = 5s
+
+
+log_selector = -queue_run +address_rewrite +all_parents +queue_time
+log_file_path = syslog
+syslog_timestamp = false
+syslog_duplication = false
+
+begin acl
+
+acl_check_rcpt:
+  accept  hosts = :
+          control = dkim_disable_verify
+
+  deny    message       = Restricted characters in address
+          domains       = +local_domains
+          local_parts   = ^[.] : ^.*[@%!/|]
+
+  deny    message       = Restricted characters in address
+          domains       = !+local_domains
+          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+  accept  local_parts   = postmaster
+          domains       = +local_domains
+
+
+  accept  hosts         = +relay_from_hosts
+          control       = submission
+          # debian: control = submission/sender_retain
+          # arch & debian:
+          control       = dkim_disable_verify
+
+  accept  authenticated = *
+          control       = submission
+          control       = dkim_disable_verify
+
+  accept message = relay not permitted 2
+          recipients = lsearch;INTERNET_ALIASES
+
+  require message = relay not permitted
+          domains = +local_domains : +relay_to_domains
+
+  require
+    message = unknown user
+    verify = recipient/callout
+
+  accept
+
+
+acl_check_data:
+  accept
+
+
+begin routers
+
+retiolum:
+  debug_print = "R: retiolum for $local_part@$domain"
+  driver = manualroute
+  domains = ! RETIOLUM_HOSTNAME : *.retiolum
+  transport = retiolum_smtp
+  route_list = ^.* $0 byname
+  no_more
+
+internet_aliases:
+  debug_print = "R: internet_aliases for $local_part@$domain"
+  driver = redirect
+  data = ${lookup{$local_part@$domain}lsearch{INTERNET_ALIASES}}
+
+dnslookup:
+  debug_print = "R: dnslookup for $local_part@$domain"
+  driver = dnslookup
+  domains = ! +local_domains
+  transport = remote_smtp
+  ignore_target_hosts = <; 0.0.0.0 ;: 127.0.0.0/8 ; ::1
+  no_more
+
+
+begin transports
+
+retiolum_smtp:
+  driver = smtp
+  retry_include_ip_address = false
+
+remote_smtp:
+  driver = smtp
+
+
+home_maildir:
+  driver = appendfile
+
+  #file = /var/mail/$local_part
+  maildir_format
+  maildir_use_size_file
+  directory = $home/Maildir
+  directory_mode = 0700
+
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
+
+
+begin retry
+
+*.retiolum             *           F,42d,1m
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+begin rewrite
+
+begin authenticators 
diff --git a/cd-system/cd-iptables.rules b/cd-system/cd-iptables.rules
new file mode 100644
index 0000000..c9af7d5
--- /dev/null
+++ b/cd-system/cd-iptables.rules
@@ -0,0 +1,5 @@
+...
+
+-A INPUT -p tcp -m conntrack --ctstate NEW --syn --dport smtp -j ACCEPT
+
+...
diff --git a/cd-system/host_redirect b/cd-system/host_redirect
new file mode 100644
index 0000000..5cdf180
--- /dev/null
+++ b/cd-system/host_redirect
@@ -0,0 +1 @@
+oneofmypublicdomains.com: oneofmyretiolumhosts.retiolum
diff --git a/cd-system/internet_aliases b/cd-system/internet_aliases
new file mode 100644
index 0000000..f07559c
--- /dev/null
+++ b/cd-system/internet_aliases
@@ -0,0 +1,2 @@
+me@mypublicdomain.com: me@myretiolumdomain.retiolum
+me@myotherretiolumdomain.retiolum: me@myevenotherretiolumdomain.retiolum
diff --git a/nomic-system/nomic-exim.conf b/nomic-system/nomic-exim.conf
new file mode 100644
index 0000000..1589b53
--- /dev/null
+++ b/nomic-system/nomic-exim.conf
@@ -0,0 +1,84 @@
+# Retiolum-only Exim configuration
+
+# primary_hostname =
+
+domainlist local_domains    = @
+domainlist relay_to_domains = *.retiolum
+hostlist   relay_from_hosts = <; 127.0.0.1 ; ::1 ; *.retiolum
+
+never_users = root
+
+log_selector = -queue_run
+log_file_path = syslog
+syslog_timestamp = false
+syslog_duplication = false
+
+acl_smtp_rcpt = acl_check_rcpt
+
+host_lookup = *
+
+
+begin acl
+
+  acl_check_rcpt:
+
+    accept
+      domains = +local_domains
+      verify = sender
+      verify = recipient
+
+    accept
+      domains = +relay_to_domains
+      hosts = +relay_from_hosts
+      verify = sender
+      verify = recipient/callout
+
+
+begin routers
+
+  remote_retiolum:
+    driver = manualroute
+    domains = ! +local_domains : *.retiolum
+    transport = retiolum_smtp
+    route_list = ^.* $0 byname
+    no_more
+
+  remote_internet:
+    driver = redirect
+    domains = ! +local_domains
+    allow_fail
+    data = :fail: relay not permitted
+    cannot_route_message = relay not permitted
+    no_more
+
+  local_maildir:
+    driver = accept
+    check_local_user
+    transport = home_maildir
+    cannot_route_message = unknown local user
+
+
+begin transports
+
+  retiolum_smtp:
+    driver = smtp
+    retry_include_ip_address = false
+
+  home_maildir:
+    driver = appendfile
+    maildir_format
+    maildir_use_size_file
+    directory = $home/Mail
+    directory_mode = 0700
+    delivery_date_add
+    envelope_to_add
+    return_path_add
+
+
+begin retry
+
+  *.retiolum  *   F,42d,1m
+  *           *   F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+begin authenticators
diff --git a/wu-system/wu-exim.configuration.nix b/wu-system/wu-exim.configuration.nix
new file mode 100644
index 0000000..7aaf58e
--- /dev/null
+++ b/wu-system/wu-exim.configuration.nix
@@ -0,0 +1,126 @@
+
+{
+  ...
+
+
+  services.exim =
+    let
+      retiolumHostname = "wu.retiolum"; # TODO "${networking.hostName}.retiolum";
+    in
+      { enable = true;
+        extraConfig = ''
+          primary_hostname = ${retiolumHostname}
+          domainlist local_domains    = @ : localhost
+          domainlist relay_to_domains =
+          hostlist   relay_from_hosts = <; 127.0.0.1 ; ::1
+
+          acl_smtp_rcpt = acl_check_rcpt
+          acl_smtp_data = acl_check_data
+
+          host_lookup = *
+          rfc1413_hosts = *
+          rfc1413_query_timeout = 5s
+
+          log_file_path = syslog
+          syslog_timestamp = false
+          syslog_duplication = false
+
+
+          begin acl
+
+          acl_check_rcpt:
+            accept  hosts = :
+                    control = dkim_disable_verify
+
+            deny    message       = Restricted characters in address
+                    domains       = +local_domains
+                    local_parts   = ^[.] : ^.*[@%!/|]
+
+            deny    message       = Restricted characters in address
+                    domains       = !+local_domains
+                    local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+            accept  local_parts   = postmaster
+                    domains       = +local_domains
+
+            #accept
+            #  hosts = *.retiolum
+            #  domains = *.retiolum
+            #  control = dkim_disable_verify
+
+            #require verify        = sender
+
+            accept  hosts         = +relay_from_hosts
+                    control       = submission
+                    control       = dkim_disable_verify
+
+            accept  authenticated = *
+                    control       = submission
+                    control       = dkim_disable_verify
+
+            require message = relay not permitted
+                    domains = +local_domains : +relay_to_domains
+
+            require verify = recipient
+
+            accept
+
+
+          acl_check_data:
+            accept
+
+
+          begin routers
+
+          retiolum:
+            driver = manualroute
+            domains = ! ${retiolumHostname} : *.retiolum
+            transport = remote_smtp
+            route_list = ^.* $0 byname
+            no_more
+
+          nonlocal:
+            debug_print = "R: nonlocal for $local_part@$domain"
+            driver = redirect
+            domains = ! +local_domains
+            allow_fail
+            data = :fail: Mailing to remote domains not supported
+            no_more
+
+          local_user:
+            # debug_print = "R: local_user for $local_part@$domain"
+            driver = accept
+            check_local_user
+          # local_part_suffix = +* : -*
+          # local_part_suffix_optional
+            transport = home_maildir
+            cannot_route_message = Unknown user
+
+
+          begin transports
+
+          remote_smtp:
+            driver = smtp
+
+          home_maildir:
+            driver = appendfile
+            maildir_format
+            directory = $home/Maildir
+            directory_mode = 0700
+            delivery_date_add
+            envelope_to_add
+            return_path_add
+          # group = mail
+          # mode = 0660
+
+          begin retry
+          *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+          begin rewrite
+
+          begin authenticators
+        '';
+      };
+
+  ...
+}
diff --git a/wu-system/wu-iptables.sh b/wu-system/wu-iptables.sh
new file mode 100644
index 0000000..67b06d4
--- /dev/null
+++ b/wu-system/wu-iptables.sh
@@ -0,0 +1,17 @@
+#? /bin/sh
+
+# reset tables
+ipXtables -P INPUT DROP
+ipXtables -P FORWARD DROP
+ipXtables -F
+ipXtables -X
+
+
+ipXtables -N Retiolum
+
+ipXtables -A INPUT -j Retiolum -i retiolum
+
+ipXtables -A Retiolum -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW
+
+
+etc.
diff --git a/wu-user/.config/alot/config b/wu-user/.config/alot/config
new file mode 100644
index 0000000..d649fe0
--- /dev/null
+++ b/wu-user/.config/alot/config
@@ -0,0 +1,13 @@
+[accounts]
+  [[tv@sh-via-cd]]
+    realname = tv
+    address = tv@shackspace.de
+    sendmail_command = msmtp --account=cd -t --read-envelope-from
+    sent_box = maildir:///home/tv/Maildir/.Sent
+    draft_box = maildir:///home/tv/Maildir/.Drafts
+  [[tv@wu]]
+    realname = tv
+    address = tv@wu.retiolum
+    sendmail_command = msmtp -a wu -t --read-envelope-from
+    sent_box = maildir:///home/tv/Maildir/.Sent
+    draft_box = maildir:///home/tv/Maildir/.Drafts
diff --git a/wu-user/.msmtprc b/wu-user/.msmtprc
new file mode 100644
index 0000000..0d27ca7
--- /dev/null
+++ b/wu-user/.msmtprc
@@ -0,0 +1,11 @@
+defaults
+  logfile ~/.msmtp.log
+
+account cd
+  host cd.retiolum
+
+account wu
+  host wu.retiolum
+
+account nomic
+  host nomic.retiolum
diff --git a/wu-user/.notmuch-config b/wu-user/.notmuch-config
new file mode 100644
index 0000000..4209119
--- /dev/null
+++ b/wu-user/.notmuch-config
@@ -0,0 +1,18 @@
+[database]
+path=/home/tv/Maildir
+
+[user]
+name=
+primary_email=
+other_email=tv@shackspace.de;
+
+[new]
+tags=unread;inbox;
+ignore=
+
+[search]
+exclude_tags=deleted;spam;
+
+[maildir]
+synchronize_flags=true
+
diff --git a/wu-user/README b/wu-user/README
new file mode 100644
index 0000000..1c92036
--- /dev/null
+++ b/wu-user/README
@@ -0,0 +1,9 @@
+# how to use?
+
+    terminal-1$ alot
+
+    terminal-2$ journalctl --follow --all # this is optional, of course...
+
+    terminal-3$ notmuch new   # whenever you got new mail
+                              # TODO automatize me eventually :)
+
author	tv <tv@shackspace.de>	2014-08-21 13:28:19 +0200
committer	tv <tv@shackspace.de>	2014-08-21 13:28:19 +0200
commit	3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 (patch)
tree	77cc15d9b1ce1e0f82120dd4c85550b1a992b6bb