email tweaks

This commit is contained in:
root 2024-06-21 19:17:09 +02:00
parent 976dd1d597
commit 617d239160
2 changed files with 18 additions and 6 deletions

View file

@ -35,6 +35,6 @@
"imap.tremeg.net"
"imap.gueneau.me"
];
# group = config.services.dovecot2.group;
group = config.services.dovecot2.group;
};
}

View file

@ -224,8 +224,8 @@ host_lookup = *
# connection, leading to delays on starting up SMTP sessions. (The default was
# reduced from 30s to 5s for release 4.61.)
rfc1413_hosts = *
rfc1413_query_timeout = 5s
rfc1413_hosts =
# rfc1413_query_timeout = 5s
# By default, Exim expects all envelope addresses to be fully qualified, that
@ -306,6 +306,9 @@ timeout_frozen_after = 7d
# accept_8bitmime = false
slow_lookup_log = 500
log_selector = +ident_timeout
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
@ -712,7 +715,7 @@ remote_smtp:
driver = smtp
# hosts_require_tls = *
dkim_domain = $sender_address_domain
dkim_selector = 27112015
dkim_selector = ${opendkim_selector}
dkim_private_key = /var/lib/opendkim/keys/${opendkim_selector}.private
dkim_canon = relaxed
dkim_strict = 0
@ -916,10 +919,11 @@ dovecot_plain:
"smtp.tremeg.net"
"smtp.gueneau.me"
];
# group = config.services.exim.group;
group = config.services.exim.group;
};
# FIXME
environment.systemPackages = [ pkgs.acl ];
system.activationScripts."secrets-permissions" = lib.mkForce ''
# Default to restrictive permissions on secrets.
# Root can alway read/write/traverse directories no matter the permissions
@ -938,12 +942,20 @@ dovecot_plain:
mkdir -p /etc/secrets/exim/virtual
mkdir -p /etc/secrets/exim/domains
chmod 700 /etc/secrets/exim
chmod 700 /etc/secrets/exim/virtual
chmod 700 /etc/secrets/exim/domains
chown --recursive ${config.services.exim.user}:${config.services.exim.group} /etc/secrets/exim
mkdir -p /etc/secrets/dovecot
chmod -R 700 /etc/secrets/dovecot
chown --recursive ${config.services.dovecot2.user}:${config.services.dovecot2.group} /etc/secrets/dovecot
# XXX
# XXX clean this up
chmod g+r /var/lib/opendkim/keys/${opendkim_selector}.private
chmod g+rx /var/lib/opendkim/
${pkgs.acl}/bin/setfacl -m g:exim:x /var/lib/opendkim/
${pkgs.acl}/bin/setfacl -m g:exim:x /var/lib/opendkim/keys/
${pkgs.acl}/bin/setfacl -m g:exim:r /var/lib/opendkim/keys/21062024.private
'';
}