From 05e3a47208de9cc5984ab78c647e3b50fbb10c4b Mon Sep 17 00:00:00 2001 From: Egor Savkin Date: Thu, 22 Aug 2024 12:22:20 +0800 Subject: [PATCH] Use postfix options for routing mails through ssh tunnel Signed-off-by: Egor Savkin --- nixbld-etc-nixos/configuration.nix | 34 +++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 3db1d77..9df28c9 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -1248,6 +1248,32 @@ in ExecStart = "${pkgs.bash}/bin/bash -c 'PATH=${pkgs.rt}/bin HOME=/tmp ${pkgs.fetchmail}/bin/fetchmail -f /etc/nixos/secret/rt_fetchmailrc'"; }; }; + systemd.services.ssh-tunnel-intl = { + description = "SSH Tunnel to Intl"; + wantedBy = [ "multi-user.target" ]; + after = [ "sockets.service" ]; + serviceConfig = { + Restart = "on-failure"; + User = "hydra-queue-runner"; # TODO needs new user both here and there + Group = "hydra"; + ExecStart = "${pkgs.openssh}/bin/ssh -N -L 127.0.0.1:1587:5.78.86.156:1587 zolaupd@5.78.86.156"; + }; + }; + + environment.etc."postfix/sender_relay".text = '' + @m-labs-intl.com [localhost]:1587 + @m-labs.hk : + @m-labs.ph : + @193thz.com : + @malloctech.fr : + ''; + systemd.services.postfix-rebuild-sender-relay = { + description = "Postfix Rebuild Sender Dependent Relayhost Maps"; + serviceConfig = { + ExecStart = "${pkgs.postfix}/sbin/postmap /etc/postfix/sender_relay"; + }; + wantedBy = [ "multi-user.target" ]; + }; mailserver = { enable = true; @@ -1257,8 +1283,14 @@ in enablePop3 = true; enablePop3Ssl = true; certificateScheme = "acme-nginx"; - policydSPFExtraConfig = "skip_addresses = 5.78.86.156,2a01:4ff:1f0:83de::1"; } // (import /etc/nixos/secret/email_settings.nix); + services.postfix = { + config = { + sender_dependent_relayhost_maps = "hash:/etc/postfix/sender_relay"; + postscreen_upstream_proxy_protocol = "haproxy"; + postscreen_upstream_proxy_timeout = "5s"; + }; + }; services.roundcube = { enable = true; hostName = "mail.m-labs.hk";