mailserver/dovecot: Use nixpkgs sieve options

This commit is contained in:
Simon Bruder 2024-06-02 13:25:25 +02:00
parent 043c367b19
commit 4ed5738a78
Signed by: simon
GPG key ID: 347FF8699CDA0776

View file

@ -1,4 +1,4 @@
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de> # SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
# #
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
@ -38,7 +38,13 @@ lib.mkIf cfg.enable {
Spam = { specialUse = "Junk"; auto = "subscribe"; }; Spam = { specialUse = "Junk"; auto = "subscribe"; };
}; };
sieveScripts = { mailPlugins.perProtocol = {
imap.enable = [ "imap_sieve" ];
lmtp.enable = [ "sieve" ];
};
sieve = {
scripts = {
before = pkgs.writeText "spam.sieve" '' before = pkgs.writeText "spam.sieve" ''
require "fileinto"; require "fileinto";
@ -47,6 +53,44 @@ lib.mkIf cfg.enable {
} }
''; '';
}; };
extensions = [ "fileinto" ];
pipeBins = lib.mkIf cfg.spam.enable [
"${pkgs.rspamd}/bin/rspamc"
];
};
imapsieve.mailbox = lib.mkIf cfg.spam.enable [
{
name = "Spam";
causes = [ "COPY" ];
before = pkgs.writeText "learn-spam.sieve" ''
require ["vnd.dovecot.pipe", "copy", "imapsieve"];
pipe :copy "rspamc" ["learn_spam"];
'';
}
{
name = "*";
from = "Spam";
causes = [ "COPY" ];
before = pkgs.writeText "learn-ham.sieve" ''
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "''${1}";
}
if string "''${mailbox}" "Trash" {
stop;
}
pipe :copy "rspamc" ["learn_ham"];
'';
}
];
pluginSettings = {
sieve = "file:/var/lib/sieve/%d/%n/scripts;active=/var/lib/sieve/%d/%n/active.sieve";
};
extraConfig = '' extraConfig = ''
# generated 2021-02-04, Mozilla Guideline v5.6, Dovecot 2.3.13, OpenSSL 1.1.1i, intermediate configuration # generated 2021-02-04, Mozilla Guideline v5.6, Dovecot 2.3.13, OpenSSL 1.1.1i, intermediate configuration
@ -56,14 +100,6 @@ lib.mkIf cfg.enable {
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = no ssl_prefer_server_ciphers = no
protocol imap {
mail_plugins = $mail_plugins imap_sieve
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
service imap-login { service imap-login {
inet_listener imap { inet_listener imap {
} }
@ -98,25 +134,6 @@ lib.mkIf cfg.enable {
lda_mailbox_autosubscribe = yes lda_mailbox_autosubscribe = yes
lda_mailbox_autocreate = yes lda_mailbox_autocreate = yes
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve = file:/var/lib/sieve/%d/%n/scripts;active=/var/lib/sieve/%d/%n/active.sieve
${lib.optionalString cfg.spam.enable ''
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/learn-spam.sieve
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/learn-ham.sieve
sieve_pipe_bin_dir = ${pkgs.symlinkJoin { name = "sieve-pipe-bin-dir"; paths = with pkgs; [ rspamd ]; } }/bin
''}
sieve_global_extensions = +vnd.dovecot.pipe
}
service managesieve-login { service managesieve-login {
inet_listener sieve { inet_listener sieve {
port = 4190 port = 4190
@ -127,33 +144,6 @@ lib.mkIf cfg.enable {
systemd.services.dovecot2 = { systemd.services.dovecot2 = {
wants = [ "acme-finished-${cfg.fqdn}.target" ]; wants = [ "acme-finished-${cfg.fqdn}.target" ];
after = [ "acme-finished-${cfg.fqdn}.target" ]; after = [ "acme-finished-${cfg.fqdn}.target" ];
preStart = lib.mkIf cfg.spam.enable
(lib.mkAfter
(lib.concatStrings
(lib.mapAttrsToList
(name: content: ''
cp ${pkgs.writeText name content} /var/lib/dovecot/sieve/${name}
'')
{
"learn-spam.sieve" = ''
require ["vnd.dovecot.pipe", "copy", "imapsieve"];
pipe :copy "rspamc" ["learn_spam"];
'';
"learn-ham.sieve" = ''
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "''${1}";
}
if string "''${mailbox}" "Trash" {
stop;
}
pipe :copy "rspamc" ["learn_ham"];
'';
})));
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [