summaryrefslogtreecommitdiffstats
path: root/wu-system
diff options
context:
space:
mode:
authortv <tv@shackspace.de>2014-08-21 13:28:19 +0200
committertv <tv@shackspace.de>2014-08-21 13:28:19 +0200
commit3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 (patch)
tree77cc15d9b1ce1e0f82120dd4c85550b1a992b6bb /wu-system
initial commit
Diffstat (limited to 'wu-system')
-rw-r--r--wu-system/wu-exim.configuration.nix126
-rw-r--r--wu-system/wu-iptables.sh17
2 files changed, 143 insertions, 0 deletions
diff --git a/wu-system/wu-exim.configuration.nix b/wu-system/wu-exim.configuration.nix
new file mode 100644
index 0000000..7aaf58e
--- /dev/null
+++ b/wu-system/wu-exim.configuration.nix
@@ -0,0 +1,126 @@
+
+{
+ ...
+
+
+ services.exim =
+ let
+ retiolumHostname = "wu.retiolum"; # TODO "${networking.hostName}.retiolum";
+ in
+ { enable = true;
+ extraConfig = ''
+ primary_hostname = ${retiolumHostname}
+ domainlist local_domains = @ : localhost
+ domainlist relay_to_domains =
+ hostlist relay_from_hosts = <; 127.0.0.1 ; ::1
+
+ acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_data = acl_check_data
+
+ host_lookup = *
+ rfc1413_hosts = *
+ rfc1413_query_timeout = 5s
+
+ log_file_path = syslog
+ syslog_timestamp = false
+ syslog_duplication = false
+
+
+ begin acl
+
+ acl_check_rcpt:
+ accept hosts = :
+ control = dkim_disable_verify
+
+ deny message = Restricted characters in address
+ domains = +local_domains
+ local_parts = ^[.] : ^.*[@%!/|]
+
+ deny message = Restricted characters in address
+ domains = !+local_domains
+ local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
+
+ accept local_parts = postmaster
+ domains = +local_domains
+
+ #accept
+ # hosts = *.retiolum
+ # domains = *.retiolum
+ # control = dkim_disable_verify
+
+ #require verify = sender
+
+ accept hosts = +relay_from_hosts
+ control = submission
+ control = dkim_disable_verify
+
+ accept authenticated = *
+ control = submission
+ control = dkim_disable_verify
+
+ require message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+ require verify = recipient
+
+ accept
+
+
+ acl_check_data:
+ accept
+
+
+ begin routers
+
+ retiolum:
+ driver = manualroute
+ domains = ! ${retiolumHostname} : *.retiolum
+ transport = remote_smtp
+ route_list = ^.* $0 byname
+ no_more
+
+ nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
+
+ local_user:
+ # debug_print = "R: local_user for $local_part@$domain"
+ driver = accept
+ check_local_user
+ # local_part_suffix = +* : -*
+ # local_part_suffix_optional
+ transport = home_maildir
+ cannot_route_message = Unknown user
+
+
+ begin transports
+
+ remote_smtp:
+ driver = smtp
+
+ home_maildir:
+ driver = appendfile
+ maildir_format
+ directory = $home/Maildir
+ directory_mode = 0700
+ delivery_date_add
+ envelope_to_add
+ return_path_add
+ # group = mail
+ # mode = 0660
+
+ begin retry
+ * * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+ begin rewrite
+
+ begin authenticators
+ '';
+ };
+
+ ...
+}
diff --git a/wu-system/wu-iptables.sh b/wu-system/wu-iptables.sh
new file mode 100644
index 0000000..67b06d4
--- /dev/null
+++ b/wu-system/wu-iptables.sh
@@ -0,0 +1,17 @@
+#? /bin/sh
+
+# reset tables
+ipXtables -P INPUT DROP
+ipXtables -P FORWARD DROP
+ipXtables -F
+ipXtables -X
+
+
+ipXtables -N Retiolum
+
+ipXtables -A INPUT -j Retiolum -i retiolum
+
+ipXtables -A Retiolum -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW
+
+
+etc.