From 90817bb15560010614a27678730e3944f70b7639 Mon Sep 17 00:00:00 2001 From: niten Date: Wed, 27 Sep 2023 17:56:06 -0700 Subject: [PATCH] Open firewalls --- mail-server.nix | 12 +++++++++++- postfix.nix | 4 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/mail-server.nix b/mail-server.nix index 1205f12..e9bc73a 100644 --- a/mail-server.nix +++ b/mail-server.nix @@ -412,6 +412,11 @@ in { imports = [ ./rspamd.nix ]; boot.tmp.useTmpfs = true; system.nssModules = lib.mkForce [ ]; + networking.firewall = { + enabled = true; + allowedTCPPorts = [ metricsPort antispamPort ]; + allowedUDPPorts = [ antispamPort ]; + }; fudo.mail.rspamd = { enable = true; ports = { @@ -443,10 +448,15 @@ in { imports = [ ./clamav.nix ]; boot.tmp.useTmpfs = true; system.nssModules = lib.mkForce [ ]; + networking.firewall = { + enabled = true; + allowedTCPPorts = [ antivirusPort ]; + allowedUDPPorts = [ antivirusPort ]; + }; fudo.mail.clamav = { enable = true; state-directory = "/state"; - port = antispamPort; + port = antivirusPort; }; }; }; diff --git a/postfix.nix b/postfix.nix index 4f3668d..913bf81 100644 --- a/postfix.nix +++ b/postfix.nix @@ -452,7 +452,7 @@ in { smtpd_sasl_type = "dovecot"; smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_security_options = "noanonymous"; - smtpd_sasl_local_domain = cfg.domain; + smtpd_sasl_local_domain = cfg.sasl-domain; smtpd_helo_restrictions = makeRestrictionsString outgoing-helo-restrictions; smtpd_client_restrictions = @@ -472,7 +472,7 @@ in { smtpd_sasl_type = "dovecot"; smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_security_options = "noanonymous"; - smtpd_sasl_local_domain = cfg.domain; + smtpd_sasl_local_domain = cfg.sasl-domain; smtpd_helo_restrictions = makeRestrictionsString outgoing-helo-restrictions; smtpd_client_restrictions =