From 3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Aug 2014 13:28:19 +0200 Subject: initial commit --- wu-system/wu-exim.configuration.nix | 126 ++++++++++++++++++++++++++++++++++++ wu-system/wu-iptables.sh | 17 +++++ 2 files changed, 143 insertions(+) create mode 100644 wu-system/wu-exim.configuration.nix create mode 100644 wu-system/wu-iptables.sh (limited to 'wu-system') diff --git a/wu-system/wu-exim.configuration.nix b/wu-system/wu-exim.configuration.nix new file mode 100644 index 0000000..7aaf58e --- /dev/null +++ b/wu-system/wu-exim.configuration.nix @@ -0,0 +1,126 @@ + +{ + ... + + + services.exim = + let + retiolumHostname = "wu.retiolum"; # TODO "${networking.hostName}.retiolum"; + in + { enable = true; + extraConfig = '' + primary_hostname = ${retiolumHostname} + domainlist local_domains = @ : localhost + domainlist relay_to_domains = + hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 + + acl_smtp_rcpt = acl_check_rcpt + acl_smtp_data = acl_check_data + + host_lookup = * + rfc1413_hosts = * + rfc1413_query_timeout = 5s + + log_file_path = syslog + syslog_timestamp = false + syslog_duplication = false + + + begin acl + + acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + accept local_parts = postmaster + domains = +local_domains + + #accept + # hosts = *.retiolum + # domains = *.retiolum + # control = dkim_disable_verify + + #require verify = sender + + accept hosts = +relay_from_hosts + control = submission + control = dkim_disable_verify + + accept authenticated = * + control = submission + control = dkim_disable_verify + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + require verify = recipient + + accept + + + acl_check_data: + accept + + + begin routers + + retiolum: + driver = manualroute + domains = ! ${retiolumHostname} : *.retiolum + transport = remote_smtp + route_list = ^.* $0 byname + no_more + + nonlocal: + debug_print = "R: nonlocal for $local_part@$domain" + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: Mailing to remote domains not supported + no_more + + local_user: + # debug_print = "R: local_user for $local_part@$domain" + driver = accept + check_local_user + # local_part_suffix = +* : -* + # local_part_suffix_optional + transport = home_maildir + cannot_route_message = Unknown user + + + begin transports + + remote_smtp: + driver = smtp + + home_maildir: + driver = appendfile + maildir_format + directory = $home/Maildir + directory_mode = 0700 + delivery_date_add + envelope_to_add + return_path_add + # group = mail + # mode = 0660 + + begin retry + * * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + begin rewrite + + begin authenticators + ''; + }; + + ... +} diff --git a/wu-system/wu-iptables.sh b/wu-system/wu-iptables.sh new file mode 100644 index 0000000..67b06d4 --- /dev/null +++ b/wu-system/wu-iptables.sh @@ -0,0 +1,17 @@ +#? /bin/sh + +# reset tables +ipXtables -P INPUT DROP +ipXtables -P FORWARD DROP +ipXtables -F +ipXtables -X + + +ipXtables -N Retiolum + +ipXtables -A INPUT -j Retiolum -i retiolum + +ipXtables -A Retiolum -j ACCEPT -p tcp --dport smtp -m conntrack --ctstate NEW + + +etc. -- cgit v1.2.3