Nope, imap does need net access

2023-10-02 13:56:50 -07:00 · 2023-10-02 13:56:50 -07:00 · 186589dd5f
parent 76333c0a7c
commit 186589dd5f
2 changed files with 7 additions and 5 deletions
--- a/mail-server.nix
+++ b/mail-server.nix
@ -322,7 +322,8 @@ in {
          };
          imap = {
            service = {
-              networks = [ "internal_network" "ldap_network" ];
+              networks =
+                [ "internal_network" "external_network" "ldap_network" ];
              ports = [ "143:143" "993:993" ];
              volumes = [
                "${cfg.state-directory}/dovecot:/state"
--- a/postfix.nix
+++ b/postfix.nix
@ -243,12 +243,13 @@ in {
          cfg.blacklist.dns) ++ [ "reject" ];

        relay-restrictions = [
-          "reject_unauth_pipelining"
-          "reject_unknown_sender_domain"
          "permit_sasl_authenticated"
+          "permit_mynetworks"
+          "reject_unknown_sender_domain"
+          "reject_unauth_destination"
+          "reject_unauth_pipelining"
        ] ++ (map (blacklist: "reject_rbl_client ${blacklist}")
-          cfg.blacklist.dns)
-          ++ [ "permit_mynetworks" "reject_unauth_destination" "permit" ];
+          cfg.blacklist.dns) ++ [ "permit" ];

        recipient-restrictions = [
          "check_recipient_access ${mappedFile "reject_recipients"}"