public/mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Open firewalls

Browse Source
This commit is contained in:
niten 2023-09-27 17:56:06 -07:00
parent 52524b595f
commit 90817bb155
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mail-server.nix
View File

@ -412,6 +412,11 @@ in {
imports = [ ./rspamd.nix ]; imports = [ ./rspamd.nix ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
system.nssModules = lib.mkForce [ ]; system.nssModules = lib.mkForce [ ];
networking.firewall = {
enabled = true;
allowedTCPPorts = [ metricsPort antispamPort ];
allowedUDPPorts = [ antispamPort ];
};
fudo.mail.rspamd = { fudo.mail.rspamd = {
enable = true; enable = true;
ports = { ports = {
@ -443,10 +448,15 @@ in {
imports = [ ./clamav.nix ]; imports = [ ./clamav.nix ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
system.nssModules = lib.mkForce [ ]; system.nssModules = lib.mkForce [ ];
networking.firewall = {
enabled = true;
allowedTCPPorts = [ antivirusPort ];
allowedUDPPorts = [ antivirusPort ];
};
fudo.mail.clamav = { fudo.mail.clamav = {
enable = true; enable = true;
state-directory = "/state"; state-directory = "/state";
port = antispamPort; port = antivirusPort;
}; };
}; };
}; };

4
postfix.nix
View File

@ -452,7 +452,7 @@ in {
smtpd_sasl_type = "dovecot"; smtpd_sasl_type = "dovecot";
smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_path = "/run/dovecot2/auth";
smtpd_sasl_security_options = "noanonymous"; smtpd_sasl_security_options = "noanonymous";
smtpd_sasl_local_domain = cfg.domain; smtpd_sasl_local_domain = cfg.sasl-domain;
smtpd_helo_restrictions = smtpd_helo_restrictions =
makeRestrictionsString outgoing-helo-restrictions; makeRestrictionsString outgoing-helo-restrictions;
smtpd_client_restrictions = smtpd_client_restrictions =
@ -472,7 +472,7 @@ in {
smtpd_sasl_type = "dovecot"; smtpd_sasl_type = "dovecot";
smtpd_sasl_path = "/run/dovecot2/auth"; smtpd_sasl_path = "/run/dovecot2/auth";
smtpd_sasl_security_options = "noanonymous"; smtpd_sasl_security_options = "noanonymous";
smtpd_sasl_local_domain = cfg.domain; smtpd_sasl_local_domain = cfg.sasl-domain;
smtpd_helo_restrictions = smtpd_helo_restrictions =
makeRestrictionsString outgoing-helo-restrictions; makeRestrictionsString outgoing-helo-restrictions;
smtpd_client_restrictions = smtpd_client_restrictions =