Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: add more fishing protection to mail server

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2026-02-18 09:12:15 +01:00
parent 479b52edf9
commit 0cd882602e
2 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/mail/modules/postfix.nix
View file

@ -180,6 +180,7 @@ in
smtpd_helo_restrictions = " smtpd_helo_restrictions = "
permit_mynetworks, permit_mynetworks,
permit_sasl_authenticated, permit_sasl_authenticated,
check_helo_access regexp:/var/lib/postfix/conf/helo_access,
reject_unauth_pipelining, reject_unauth_pipelining,
reject_non_fqdn_hostname, reject_non_fqdn_hostname,
reject_invalid_hostname, reject_invalid_hostname,

20
hosts/mail/modules/rspamd.nix
View file

@ -52,6 +52,13 @@ let
} }
} }
} }
dmarc {
actions {
reject = "reject";
quarantine = "add header";
softfail = "no action";
}
}
''; '';
sieve-spam-filter = pkgs.callPackage ../pkgs/sieve-spam-filter { }; sieve-spam-filter = pkgs.callPackage ../pkgs/sieve-spam-filter { };
@ -63,6 +70,19 @@ in
.include(priority=1,duplicate=merge) "${localConfig}" .include(priority=1,duplicate=merge) "${localConfig}"
''; '';
locals."groups.conf".text = ''
symbols {
"R_SPF_DNSFAIL" {
weight = 2.0;
description = "SPF DNS failure";
}
"DMARC_DNSFAIL" {
weight = 2.0;
description = "DMARC DNS failure";
}
}
'';
postfix.enable = true; postfix.enable = true;
workers.controller = { workers.controller = {
extraConfig = '' extraConfig = ''