hosts/prefect/services/mailserver/session.nix at dc503dfb275f70603f9d184eab6f231a54afcac6 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / prefect / services / mailserver / session.nix

at dc503dfb275f70603f9d184eab6f231a54afcac6 1.3 kB view raw

 1{
 2  isAuthenticated,
 3  otherwise,
 4  ifThen,
 5}:
 6# MTA Settings
 7# https://stalw.art/docs/mta/overview
 8{
 9  # Inbound
10  # https://stalw.art/docs/mta/inbound/overview
11  # # EHLO Stage
12  # # https://stalw.art/docs/mta/inbound/ehlo
13  ehlo = {
14    require = true;
15    reject-non-fqdn = [
16      (ifThen "protocol = 'smtp'" true)
17      (otherwise false)
18    ];
19  };
20  # # RCPT Stage
21  # # https://stalw.art/docs/mta/inbound/rcpt
22  rcpt = {
23    relay = [
24      (isAuthenticated true)
25      (otherwise false)
26    ];
27    subaddressing = true;
28  };
29  auth = {
30    mechanisms = [
31      (ifThen "local_port != 40025 && is_tls" "[plain, login, oauthbearer, xoauth2]")
32      (ifThen "local_port != 40025" "[oauthbearer, xoauth2]")
33      (otherwise false)
34    ];
35    directory = "'default'";
36    require = [
37      (ifThen "local_port != 40025" true)
38      (otherwise false)
39    ];
40    must-match-sender = true;
41  };
42  extensions =
43    let
44      ifAuthed = [
45        (isAuthenticated true)
46        (otherwise false)
47      ];
48    in
49    {
50      pipelining = true;
51      chunking = true;
52      requiretls = true;
53      no-soliciting = "";
54      dsn = ifAuthed;
55      deliver-by = [
56        (isAuthenticated "15d")
57        (otherwise false)
58      ];
59      mt-priority = false;
60      vrfy = ifAuthed;
61      expn = ifAuthed;
62    };
63}