diff options
Diffstat (limited to 'krebs/3modules')
-rw-r--r-- | krebs/3modules/exim-smarthost.nix | 40 | ||||
-rw-r--r-- | krebs/3modules/htgen.nix | 21 |
2 files changed, 57 insertions, 4 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 38cc828bb..7c176d224 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,6 +12,8 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + enableSPFVerification = mkEnableOption "SPF verification"; + authenticators = mkOption { type = types.attrsOf types.str; default = {}; @@ -126,8 +128,9 @@ let domainlist sender_domains = ${concatStringsSep ":" cfg.sender_domains} hostlist relay_from_hosts = <;${concatStringsSep ";" cfg.relay_from_hosts} - acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_data + acl_smtp_mail = acl_check_mail + acl_smtp_rcpt = acl_check_rcpt never_users = root @@ -179,6 +182,41 @@ let accept + acl_check_mail: + ${if cfg.enableSPFVerification then indent /* exim */ '' + accept + authenticated = * + accept + hosts = +relay_from_hosts + deny + spf = fail : softfail + log_message = spf=$spf_result + message = SPF validation failed: \ + $sender_host_address is not allowed to send mail from \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + deny + spf = permerror + log_message = spf=$spf_result + message = SPF validation failed: \ + syntax error in SPF record(s) for \ + ''${if def:sender_address_domain\ + {$sender_address_domain}\ + {$sender_helo_name}} + defer + spf = temperror + log_message = spf=$spf_result; deferred + message = temporary error during SPF validation; \ + please try again later + warn + spf = none : neutral + log_message = spf=$spf_result + accept + add_header = $spf_received + '' else indent /* exim */ '' + accept + ''} begin routers diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index 375e26974..1e7e69927 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -2,6 +2,12 @@ with import <stockholm/lib>; let + optionalAttr = name: value: + if name != null then + { ${name} = value; } + else + {}; + cfg = config.krebs.htgen; out = { @@ -30,8 +36,15 @@ let }; script = mkOption { - type = types.str; + type = types.nullOr types.str; + default = null; + }; + + scriptFile = mkOption { + type = types.nullOr types.str; + default = null; }; + user = mkOption { type = types.user; default = { @@ -54,8 +67,10 @@ let after = [ "network.target" ]; environment = { HTGEN_PORT = toString htgen.port; - HTGEN_SCRIPT = htgen.script; - }; + } + // optionalAttr "HTGEN_SCRIPT" htgen.script + // optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile + ; serviceConfig = { SyslogIdentifier = "htgen"; User = htgen.user.name; |