public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Put restrictions list together into string

This commit is contained in:
niten 2023-09-25 09:51:46 -07:00
parent 07b7b50d63
commit 53be472194
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
postfix.nix
View File

@ -235,7 +235,9 @@ in {
pcreFile = name: "pcre:/var/lib/postfix/conf/${name}"; pcreFile = name: "pcre:/var/lib/postfix/conf/${name}";
mappedFile = name: "hash:/var/lib/postfix/conf/${name}"; mappedFile = name: "hash:/var/lib/postfix/conf/${name}";
sender-restrictions = [ makeRestrictionsList = concatStringsSep "\n";
sender-restrictions = makeRestrictionsList ([
"check_sender_access ${mappedFile "reject_senders"}" "check_sender_access ${mappedFile "reject_senders"}"
"reject_sender_login_mismatch" "reject_sender_login_mismatch"
"reject_non_fqdn_sender" "reject_non_fqdn_sender"
@ -243,9 +245,9 @@ in {
"permit_mynetworks" "permit_mynetworks"
"permit_sasl_authenticated" "permit_sasl_authenticated"
] ++ (map (blacklist: "reject_rbl_client ${blacklist}") ] ++ (map (blacklist: "reject_rbl_client ${blacklist}")
cfg.blacklist.dns) ++ [ "reject" ]; cfg.blacklist.dns) ++ [ "reject" ]);
relay-restrictions = [ relay-restrictions = makeRestrictionsList ([
"reject_unauth_destination" "reject_unauth_destination"
"reject_unauth_pipelining" "reject_unauth_pipelining"
"reject_unauth_destination" "reject_unauth_destination"
@ -253,9 +255,9 @@ in {
"permit_mynetworks" "permit_mynetworks"
"permit_sasl_authenticated" "permit_sasl_authenticated"
] ++ (map (blacklist: "reject_rbl_client ${blacklist}") ] ++ (map (blacklist: "reject_rbl_client ${blacklist}")
cfg.blacklist.dns) ++ [ "reject" ]; cfg.blacklist.dns) ++ [ "reject" ]);
recipient-restrictions = [ recipient-restrictions = makeRestrictionsList ([
"check_sender_access ${mappedFile "reject_recipients"}" "check_sender_access ${mappedFile "reject_recipients"}"
"reject_unknown_sender_domain" "reject_unknown_sender_domain"
"reject_unknown_recipient_domain" "reject_unknown_recipient_domain"
@ -268,18 +270,21 @@ in {
"check_policy_service unix:private/policy-spf" "check_policy_service unix:private/policy-spf"
] ++ (map (blacklist: "reject_rbl_client ${blacklist}") ] ++ (map (blacklist: "reject_rbl_client ${blacklist}")
cfg.blacklist.dns) cfg.blacklist.dns)
++ [ "permit_mynetworks" "permit_sasl_authenticated" "reject" ]; ++ [ "permit_mynetworks" "permit_sasl_authenticated" "reject" ]);
client-restrictions = client-restrictions = makeRestrictionsList [
[ "permit_sasl_authenticated" "permit_mynetworks" "reject" ]; "permit_sasl_authenticated"
"permit_mynetworks"
"reject"
];
helo-restrictions = [ helo-restrictions = makeRestrictionsList ([
"permit_mynetworks" "permit_mynetworks"
"reject_invalid_hostname" "reject_invalid_hostname"
"reject_non_fqdn_helo_hostname" "reject_non_fqdn_helo_hostname"
"reject_unknown_helo_hostname" "reject_unknown_helo_hostname"
] ++ (map (blacklist: "reject_rbl_client ${blacklist}") ] ++ (map (blacklist: "reject_rbl_client ${blacklist}")
cfg.blacklist.dns) ++ [ "permit" ]; cfg.blacklist.dns) ++ [ "permit" ]);
in { in {
enable = true; enable = true;