From 617d239160c7708bb4f727e5f7f0448708bee1b5 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Jun 2024 19:17:09 +0200 Subject: [PATCH] email tweaks --- pastila/imap.nix | 2 +- pastila/smtp.nix | 22 +++++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/pastila/imap.nix b/pastila/imap.nix index 44bb85b..8449dbf 100644 --- a/pastila/imap.nix +++ b/pastila/imap.nix @@ -35,6 +35,6 @@ "imap.tremeg.net" "imap.gueneau.me" ]; - # group = config.services.dovecot2.group; + group = config.services.dovecot2.group; }; } \ No newline at end of file diff --git a/pastila/smtp.nix b/pastila/smtp.nix index 67af28a..8ab9ab2 100644 --- a/pastila/smtp.nix +++ b/pastila/smtp.nix @@ -224,8 +224,8 @@ host_lookup = * # connection, leading to delays on starting up SMTP sessions. (The default was # reduced from 30s to 5s for release 4.61.) -rfc1413_hosts = * -rfc1413_query_timeout = 5s +rfc1413_hosts = +# rfc1413_query_timeout = 5s # By default, Exim expects all envelope addresses to be fully qualified, that @@ -306,6 +306,9 @@ timeout_frozen_after = 7d # accept_8bitmime = false +slow_lookup_log = 500 +log_selector = +ident_timeout + ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # @@ -712,7 +715,7 @@ remote_smtp: driver = smtp # hosts_require_tls = * dkim_domain = $sender_address_domain - dkim_selector = 27112015 + dkim_selector = ${opendkim_selector} dkim_private_key = /var/lib/opendkim/keys/${opendkim_selector}.private dkim_canon = relaxed dkim_strict = 0 @@ -916,10 +919,11 @@ dovecot_plain: "smtp.tremeg.net" "smtp.gueneau.me" ]; - # group = config.services.exim.group; + group = config.services.exim.group; }; # FIXME + environment.systemPackages = [ pkgs.acl ]; system.activationScripts."secrets-permissions" = lib.mkForce '' # Default to restrictive permissions on secrets. # Root can alway read/write/traverse directories no matter the permissions @@ -938,12 +942,20 @@ dovecot_plain: mkdir -p /etc/secrets/exim/virtual mkdir -p /etc/secrets/exim/domains + chmod 700 /etc/secrets/exim + chmod 700 /etc/secrets/exim/virtual + chmod 700 /etc/secrets/exim/domains chown --recursive ${config.services.exim.user}:${config.services.exim.group} /etc/secrets/exim mkdir -p /etc/secrets/dovecot + chmod -R 700 /etc/secrets/dovecot chown --recursive ${config.services.dovecot2.user}:${config.services.dovecot2.group} /etc/secrets/dovecot - # XXX + # XXX clean this up chmod g+r /var/lib/opendkim/keys/${opendkim_selector}.private + chmod g+rx /var/lib/opendkim/ + ${pkgs.acl}/bin/setfacl -m g:exim:x /var/lib/opendkim/ + ${pkgs.acl}/bin/setfacl -m g:exim:x /var/lib/opendkim/keys/ + ${pkgs.acl}/bin/setfacl -m g:exim:r /var/lib/opendkim/keys/21062024.private ''; } \ No newline at end of file