From 3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Aug 2014 13:28:19 +0200 Subject: initial commit --- cd-system/cd-exim.conf | 133 ++++++++++++++++++++++++++++++++++++ cd-system/cd-iptables.rules | 5 ++ cd-system/host_redirect | 1 + cd-system/internet_aliases | 2 + nomic-system/nomic-exim.conf | 84 +++++++++++++++++++++++ wu-system/wu-exim.configuration.nix | 126 ++++++++++++++++++++++++++++++++++ wu-system/wu-iptables.sh | 17 +++++ wu-user/.config/alot/config | 13 ++++ wu-user/.msmtprc | 11 +++ wu-user/.notmuch-config | 18 +++++ wu-user/README | 9 +++ 11 files changed, 419 insertions(+) create mode 100644 cd-system/cd-exim.conf create mode 100644 cd-system/cd-iptables.rules create mode 100644 cd-system/host_redirect create mode 100644 cd-system/internet_aliases create mode 100644 nomic-system/nomic-exim.conf create mode 100644 wu-system/wu-exim.configuration.nix create mode 100644 wu-system/wu-iptables.sh create mode 100644 wu-user/.config/alot/config create mode 100644 wu-user/.msmtprc create mode 100644 wu-user/.notmuch-config create mode 100644 wu-user/README diff --git a/cd-system/cd-exim.conf b/cd-system/cd-exim.conf new file mode 100644 index 0000000..c2f4835 --- /dev/null +++ b/cd-system/cd-exim.conf @@ -0,0 +1,133 @@ +RETIOLUM_HOSTNAME = cd.retiolum + +primary_hostname = RETIOLUM_HOSTNAME + +HOST_REDIR = /etc/exim4/host_redirect +INTERNET_ALIASES = /etc/exim4/internet_aliases + + +# Domains not listed in local_domains need to be deliverable remotely. +# XXX We abuse local_domains to mean "domains, we're the gateway for". +domainlist local_domains = @ : localhost +domainlist relay_to_domains = +hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37 + +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data + +never_users = root + +host_lookup = * + +rfc1413_hosts = * +rfc1413_query_timeout = 5s + + +log_selector = -queue_run +address_rewrite +all_parents +queue_time +log_file_path = syslog +syslog_timestamp = false +syslog_duplication = false + +begin acl + +acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + accept local_parts = postmaster + domains = +local_domains + + + accept hosts = +relay_from_hosts + control = submission + # debian: control = submission/sender_retain + # arch & debian: + control = dkim_disable_verify + + accept authenticated = * + control = submission + control = dkim_disable_verify + + accept message = relay not permitted 2 + recipients = lsearch;INTERNET_ALIASES + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + require + message = unknown user + verify = recipient/callout + + accept + + +acl_check_data: + accept + + +begin routers + +retiolum: + debug_print = "R: retiolum for $local_part@$domain" + driver = manualroute + domains = ! RETIOLUM_HOSTNAME : *.retiolum + transport = retiolum_smtp + route_list = ^.* $0 byname + no_more + +internet_aliases: + debug_print = "R: internet_aliases for $local_part@$domain" + driver = redirect + data = ${lookup{$local_part@$domain}lsearch{INTERNET_ALIASES}} + +dnslookup: + debug_print = "R: dnslookup for $local_part@$domain" + driver = dnslookup + domains = ! +local_domains + transport = remote_smtp + ignore_target_hosts = <; 0.0.0.0 ;: 127.0.0.0/8 ; ::1 + no_more + + +begin transports + +retiolum_smtp: + driver = smtp + retry_include_ip_address = false + +remote_smtp: + driver = smtp + + +home_maildir: + driver = appendfile + + #file = /var/mail/$local_part + maildir_format + maildir_use_size_file + directory = $home/Maildir + directory_mode = 0700 + + delivery_date_add + envelope_to_add + return_path_add + + + +begin retry + +*.retiolum * F,42d,1m +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + +begin rewrite + +begin authenticators diff --git a/cd-system/cd-iptables.rules b/cd-system/cd-iptables.rules new file mode 100644 index 0000000..c9af7d5 --- /dev/null +++ b/cd-system/cd-iptables.rules @@ -0,0 +1,5 @@ +... + +-A INPUT -p tcp -m conntrack --ctstate NEW --syn --dport smtp -j ACCEPT + +... diff --git a/cd-system/host_redirect b/cd-system/host_redirect new file mode 100644 index 0000000..5cdf180 --- /dev/null +++ b/cd-system/host_redirect @@ -0,0 +1 @@ +oneofmypublicdomains.com: oneofmyretiolumhosts.retiolum diff --git a/cd-system/internet_aliases b/cd-system/internet_aliases new file mode 100644 index 0000000..f07559c --- /dev/null +++ b/cd-system/internet_aliases @@ -0,0 +1,2 @@ +me@mypublicdomain.com: me@myretiolumdomain.retiolum +me@myotherretiolumdomain.retiolum: me@myevenotherretiolumdomain.retiolum diff --git a/nomic-system/nomic-exim.conf b/nomic-system/nomic-exim.conf new file mode 100644 index 0000000..1589b53 --- /dev/null +++ b/nomic-system/nomic-exim.conf @@ -0,0 +1,84 @@ +# Retiolum-only Exim configuration + +# primary_hostname = + +domainlist local_domains = @ +domainlist relay_to_domains = *.retiolum +hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; *.retiolum + +never_users = root + +log_selector = -queue_run +log_file_path = syslog +syslog_timestamp = false +syslog_duplication = false + +acl_smtp_rcpt = acl_check_rcpt + +host_lookup = * + + +begin acl + + acl_check_rcpt: + + accept + domains = +local_domains + verify = sender + verify = recipient + + accept + domains = +relay_to_domains + hosts = +relay_from_hosts + verify = sender + verify = recipient/callout + + +begin routers + + remote_retiolum: + driver = manualroute + domains = ! +local_domains : *.retiolum + transport = retiolum_smtp + route_list = ^.* $0 byname + no_more + + remote_internet: + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: relay not permitted + cannot_route_message = relay not permitted + no_more + + local_maildir: + driver = accept + check_local_user + transport = home_maildir + cannot_route_message = unknown local user + + +begin transports + + retiolum_smtp: + driver = smtp + retry_include_ip_address = false + + home_maildir: + driver = appendfile + maildir_format + maildir_use_size_file + directory = $home/Mail + directory_mode = 0700 + delivery_date_add + envelope_to_add + return_path_add + + +begin retry + + *.retiolum * F,42d,1m + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + +begin authenticators diff --git a/wu-system/wu-exim.configuration.nix b/wu-system/wu-exim.configuration.nix new file mode 100644 index 0000000..7aaf58e --- /dev/null +++ b/wu-system/wu-exim.configuration.nix @@ -0,0 +1,126 @@ + +{ + ... + + + services.exim = + let + retiolumHostname = "wu.retiolum"; # TODO "${networking.hostName}.retiolum"; + in + { enable = true; + extraConfig = '' + primary_hostname = ${retiolumHostname} + domainlist local_domains = @ : localhost + domainlist relay_to_domains = + hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 + + acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data + + host_lookup = * + rfc1413_hosts = * + rfc1413_query_timeout = 5s + + log_file_path = syslog + syslog_timestamp = false + syslog_duplication = false + + + begin acl + + acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + accept local_parts = postmaster + domains = +local_domains + + #accept + # hosts = *.retiolum + # domains = *.retiolum + # control = dkim_disable_verify + + #require verify = sender + + accept hosts = +relay_from_hosts + control = submission + control = dkim_disable_verify + + accept authenticated = * + control = submission + control = dkim_disable_verify + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + require verify = recipient + + accept + + + acl_check_data: + accept + + + begin routers + + retiolum: + driver = manualroute + domains = ! ${retiolumHostname} : *.retiolum + transport = remote_smtp + route_list = ^.* $0 byname + no_more + + nonlocal: + debug_print = "R: nonlocal for $local_part@$domain" + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: Mailing to remote domains not supported + no_more + + local_user: + # debug_print = "R: local_user for $local_part@$domain" + driver = accept + check_local_user + # local_part_suffix = +* : -* + # local_part_suffix_optional + transport = home_maildir + cannot_route_message = Unknown user + + + begin transports + + remote_smtp: + driver = smtp + + home_maildir: + driver = appendfile + maildir_format + directory = $home/Maildir + directory_mode = 0700 + delivery_date_add + envelope_to_add + return_path_add + # group = mail + # mode = 0660 + + begin retry + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + begin rewrite + + begin authenticators + ''; + }; + + ... +} diff --git a/wu-system/wu-iptables.sh b/wu-system/wu-iptables.sh new file mode 100644 index 0000000..67b06d4 --- /dev/null +++ b/wu-system/wu-iptables.sh @@ -0,0 +1,17 @@ +#? /bin/sh + +# reset tables +ipXtables -P INPUT DROP +ipXtables -P FORWARD DROP +ipXtables -F +ipXtables -X + + +ipXtables -N Retiolum + +ipXtables -A INPUT -j Retiolum -i retiolum + +ipXtables -A Retiolum -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW + + +etc. diff --git a/wu-user/.config/alot/config b/wu-user/.config/alot/config new file mode 100644 index 0000000..d649fe0 --- /dev/null +++ b/wu-user/.config/alot/config @@ -0,0 +1,13 @@ +[accounts] + [[tv@sh-via-cd]] + realname = tv + address = tv@shackspace.de + sendmail_command = msmtp --account=cd -t --read-envelope-from + sent_box = maildir:///home/tv/Maildir/.Sent + draft_box = maildir:///home/tv/Maildir/.Drafts + [[tv@wu]] + realname = tv + address = tv@wu.retiolum + sendmail_command = msmtp -a wu -t --read-envelope-from + sent_box = maildir:///home/tv/Maildir/.Sent + draft_box = maildir:///home/tv/Maildir/.Drafts diff --git a/wu-user/.msmtprc b/wu-user/.msmtprc new file mode 100644 index 0000000..0d27ca7 --- /dev/null +++ b/wu-user/.msmtprc @@ -0,0 +1,11 @@ +defaults + logfile ~/.msmtp.log + +account cd + host cd.retiolum + +account wu + host wu.retiolum + +account nomic + host nomic.retiolum diff --git a/wu-user/.notmuch-config b/wu-user/.notmuch-config new file mode 100644 index 0000000..4209119 --- /dev/null +++ b/wu-user/.notmuch-config @@ -0,0 +1,18 @@ +[database] +path=/home/tv/Maildir + +[user] +name= +primary_email= +other_email=tv@shackspace.de; + +[new] +tags=unread;inbox; +ignore= + +[search] +exclude_tags=deleted;spam; + +[maildir] +synchronize_flags=true + diff --git a/wu-user/README b/wu-user/README new file mode 100644 index 0000000..1c92036 --- /dev/null +++ b/wu-user/README @@ -0,0 +1,9 @@ +# how to use? + + terminal-1$ alot + + terminal-2$ journalctl --follow --all # this is optional, of course... + + terminal-3$ notmuch new # whenever you got new mail + # TODO automatize me eventually :) + -- cgit v1.2.3