summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2014-08-21 13:28:19 +0200
committertv <tv@shackspace.de>2014-08-21 13:28:19 +0200
commit3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 (patch)
tree77cc15d9b1ce1e0f82120dd4c85550b1a992b6bb
initial commit
-rw-r--r--cd-system/cd-exim.conf133
-rw-r--r--cd-system/cd-iptables.rules5
-rw-r--r--cd-system/host_redirect1
-rw-r--r--cd-system/internet_aliases2
-rw-r--r--nomic-system/nomic-exim.conf84
-rw-r--r--wu-system/wu-exim.configuration.nix126
-rw-r--r--wu-system/wu-iptables.sh17
-rw-r--r--wu-user/.config/alot/config13
-rw-r--r--wu-user/.msmtprc11
-rw-r--r--wu-user/.notmuch-config18
-rw-r--r--wu-user/README9
11 files changed, 419 insertions, 0 deletions
diff --git a/cd-system/cd-exim.conf b/cd-system/cd-exim.conf
new file mode 100644
index 0000000..c2f4835
--- /dev/null
+++ b/cd-system/cd-exim.conf
@@ -0,0 +1,133 @@
+RETIOLUM_HOSTNAME = cd.retiolum
+
+primary_hostname = RETIOLUM_HOSTNAME
+
+HOST_REDIR = /etc/exim4/host_redirect
+INTERNET_ALIASES = /etc/exim4/internet_aliases
+
+
+# Domains not listed in local_domains need to be deliverable remotely.
+# XXX We abuse local_domains to mean "domains, we're the gateway for".
+domainlist local_domains = @ : localhost
+domainlist relay_to_domains =
+hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37
+
+acl_smtp_rcpt = acl_check_rcpt
+acl_smtp_data = acl_check_data
+
+never_users = root
+
+host_lookup = *
+
+rfc1413_hosts = *
+rfc1413_query_timeout = 5s
+
+
+log_selector = -queue_run +address_rewrite +all_parents +queue_time
+log_file_path = syslog
+syslog_timestamp = false
+syslog_duplication = false
+
+begin acl
+
+acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ # debian: control = submission/sender_retain
+ # arch & debian:
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ accept message = relay not permitted 2
+ recipients = lsearch;INTERNET_ALIASES
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require
+ message = unknown user
+ verify = recipient/callout
+
+ accept
+
+
+acl_check_data:
+ accept
+
+
+begin routers
+
+retiolum:
+ debug_print = "R: retiolum for $local_part@$domain"
+ driver = manualroute
+ domains = ! RETIOLUM_HOSTNAME : *.retiolum
+ transport = retiolum_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+internet_aliases:
+ debug_print = "R: internet_aliases for $local_part@$domain"
+ driver = redirect
+ data = ${lookup{$local_part@$domain}lsearch{INTERNET_ALIASES}}
+
+dnslookup:
+ debug_print = "R: dnslookup for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = remote_smtp
+ ignore_target_hosts = <; 0.0.0.0 ;: 127.0.0.0/8 ; ::1
+ no_more
+
+
+begin transports
+
+retiolum_smtp:
+ driver = smtp
+ retry_include_ip_address = false
+
+remote_smtp:
+ driver = smtp
+
+
+home_maildir:
+ driver = appendfile
+
+ #file = /var/mail/$local_part
+ maildir_format
+ maildir_use_size_file
+ directory = $home/Maildir
+ directory_mode = 0700
+
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+
+
+
+begin retry
+
+*.retiolum * F,42d,1m
+* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+begin rewrite
+
+begin authenticators
diff --git a/cd-system/cd-iptables.rules b/cd-system/cd-iptables.rules
new file mode 100644
index 0000000..c9af7d5
--- /dev/null
+++ b/cd-system/cd-iptables.rules
@@ -0,0 +1,5 @@
+...
+
+-A INPUT -p tcp -m conntrack --ctstate NEW --syn --dport smtp -j ACCEPT
+
+...
diff --git a/cd-system/host_redirect b/cd-system/host_redirect
new file mode 100644
index 0000000..5cdf180
--- /dev/null
+++ b/cd-system/host_redirect
@@ -0,0 +1 @@
+oneofmypublicdomains.com: oneofmyretiolumhosts.retiolum
diff --git a/cd-system/internet_aliases b/cd-system/internet_aliases
new file mode 100644
index 0000000..f07559c
--- /dev/null
+++ b/cd-system/internet_aliases
@@ -0,0 +1,2 @@
+me@mypublicdomain.com: me@myretiolumdomain.retiolum
+me@myotherretiolumdomain.retiolum: me@myevenotherretiolumdomain.retiolum
diff --git a/nomic-system/nomic-exim.conf b/nomic-system/nomic-exim.conf
new file mode 100644
index 0000000..1589b53
--- /dev/null
+++ b/nomic-system/nomic-exim.conf
@@ -0,0 +1,84 @@
+# Retiolum-only Exim configuration
+
+# primary_hostname =
+
+domainlist local_domains = @
+domainlist relay_to_domains = *.retiolum
+hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; *.retiolum
+
+never_users = root
+
+log_selector = -queue_run
+log_file_path = syslog
+syslog_timestamp = false
+syslog_duplication = false
+
+acl_smtp_rcpt = acl_check_rcpt
+
+host_lookup = *
+
+
+begin acl
+
+ acl_check_rcpt:
+
+ accept
+ domains = +local_domains
+ verify = sender
+ verify = recipient
+
+ accept
+ domains = +relay_to_domains
+ hosts = +relay_from_hosts
+ verify = sender
+ verify = recipient/callout
+
+
+begin routers
+
+ remote_retiolum:
+ driver = manualroute
+ domains = ! +local_domains : *.retiolum
+ transport = retiolum_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ remote_internet:
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: relay not permitted
+ cannot_route_message = relay not permitted
+ no_more
+
+ local_maildir:
+ driver = accept
+ check_local_user
+ transport = home_maildir
+ cannot_route_message = unknown local user
+
+
+begin transports
+
+ retiolum_smtp:
+ driver = smtp
+ retry_include_ip_address = false
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ maildir_use_size_file
+ directory = $home/Mail
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+
+
+begin retry
+
+ *.retiolum * F,42d,1m
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+begin authenticators
diff --git a/wu-system/wu-exim.configuration.nix b/wu-system/wu-exim.configuration.nix
new file mode 100644
index 0000000..7aaf58e
--- /dev/null
+++ b/wu-system/wu-exim.configuration.nix
@@ -0,0 +1,126 @@
+
+{
+ ...
+
+
+ services.exim =
+ let
+ retiolumHostname = "wu.retiolum"; # TODO "${networking.hostName}.retiolum";
+ in
+ { enable = true;
+ extraConfig = ''
+ primary_hostname = ${retiolumHostname}
+ domainlist local_domains = @ : localhost
+ domainlist relay_to_domains =
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
+
+ host_lookup = *
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
+
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
+
+
+ begin acl
+
+ acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
+
+ #require verify = sender
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require verify = recipient
+
+ accept
+
+
+ acl_check_data:
+ accept
+
+
+ begin routers
+
+ retiolum:
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = remote_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
+
+ local_user:
+ # debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
+
+
+ begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ directory = $home/Maildir
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ # group = mail
+ # mode = 0660
+
+ begin retry
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+ begin rewrite
+
+ begin authenticators
+ '';
+ };
+
+ ...
+}
diff --git a/wu-system/wu-iptables.sh b/wu-system/wu-iptables.sh
new file mode 100644
index 0000000..67b06d4
--- /dev/null
+++ b/wu-system/wu-iptables.sh
@@ -0,0 +1,17 @@
+#? /bin/sh
+
+# reset tables
+ipXtables -P INPUT DROP
+ipXtables -P FORWARD DROP
+ipXtables -F
+ipXtables -X
+
+
+ipXtables -N Retiolum
+
+ipXtables -A INPUT -j Retiolum -i retiolum
+
+ipXtables -A Retiolum -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW
+
+
+etc.
diff --git a/wu-user/.config/alot/config b/wu-user/.config/alot/config
new file mode 100644
index 0000000..d649fe0
--- /dev/null
+++ b/wu-user/.config/alot/config
@@ -0,0 +1,13 @@
+[accounts]
+ [[tv@sh-via-cd]]
+ realname = tv
+ address = tv@shackspace.de
+ sendmail_command = msmtp --account=cd -t --read-envelope-from
+ sent_box = maildir:///home/tv/Maildir/.Sent
+ draft_box = maildir:///home/tv/Maildir/.Drafts
+ [[tv@wu]]
+ realname = tv
+ address = tv@wu.retiolum
+ sendmail_command = msmtp -a wu -t --read-envelope-from
+ sent_box = maildir:///home/tv/Maildir/.Sent
+ draft_box = maildir:///home/tv/Maildir/.Drafts
diff --git a/wu-user/.msmtprc b/wu-user/.msmtprc
new file mode 100644
index 0000000..0d27ca7
--- /dev/null
+++ b/wu-user/.msmtprc
@@ -0,0 +1,11 @@
+defaults
+ logfile ~/.msmtp.log
+
+account cd
+ host cd.retiolum
+
+account wu
+ host wu.retiolum
+
+account nomic
+ host nomic.retiolum
diff --git a/wu-user/.notmuch-config b/wu-user/.notmuch-config
new file mode 100644
index 0000000..4209119
--- /dev/null
+++ b/wu-user/.notmuch-config
@@ -0,0 +1,18 @@
+[database]
+path=/home/tv/Maildir
+
+[user]
+name=
+primary_email=
+other_email=tv@shackspace.de;
+
+[new]
+tags=unread;inbox;
+ignore=
+
+[search]
+exclude_tags=deleted;spam;
+
+[maildir]
+synchronize_flags=true
+
diff --git a/wu-user/README b/wu-user/README
new file mode 100644
index 0000000..1c92036
--- /dev/null
+++ b/wu-user/README
@@ -0,0 +1,9 @@
+# how to use?
+
+ terminal-1$ alot
+
+ terminal-2$ journalctl --follow --all # this is optional, of course...
+
+ terminal-3$ notmuch new # whenever you got new mail
+ # TODO automatize me eventually :)
+