feat: changes for macher.solutions

2026-04-03 13:28:14 +02:00 · 2026-04-03 13:28:14 +02:00 · 8c5aac0f07
commit 8c5aac0f07
parent 856761d407
4 changed files with 139 additions and 3 deletions
--- a/hosts/mail/modules/postfix.nix
+++ b/hosts/mail/modules/postfix.nix
@ -78,10 +78,67 @@ let
    debuglevel        = 0
  '';

+  mailboxesFallback = pkgs.writeText "mailboxes-fallback.cf" ''
+    server_host       = ldap://${ldapServer}
+    search_base       = ou=users,dc=cloonar,dc=com
+    version           = 3
+    bind              = yes
+    start_tls         = yes
+    bind_dn           = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
+    bind_pw           = @ldap-password@
+    scope             = sub
+    query_filter      = (&(mail=%s)(objectClass=mailAccount)(!(mailSendOnly=TRUE)))
+    result_attribute  = mail
+    debuglevel        = 0
+  '';
+
+  accountsmapFallback = pkgs.writeText "accountsmap-fallback.cf" ''
+    server_host       = ldap://${ldapServer}
+    search_base       = ou=users,dc=cloonar,dc=com
+    version           = 3
+    bind              = yes
+    start_tls         = yes
+    bind_dn           = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
+    bind_pw           = @ldap-password@
+    scope             = sub
+    query_filter      = (&(objectClass=mailAccount)(mail=%s))
+    result_attribute  = mail
+    debuglevel        = 0
+  '';
+
+  aliasesFallback = pkgs.writeText "aliases-fallback.cf" ''
+    server_host       = ldap://${ldapServer}
+    search_base       = ou=aliases,dc=cloonar,dc=com
+    version           = 3
+    bind              = yes
+    start_tls         = yes
+    bind_dn           = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
+    bind_pw           = @ldap-password@
+    scope             = one
+    query_filter      = (&(objectClass=mailAlias)(mail=%s)(!(mailSendOnly=TRUE)))
+    result_attribute  = maildrop
+    debuglevel        = 0
+  '';
+
+  senderLoginMapsFallback = pkgs.writeText "sender_login_maps-fallback.cf" ''
+    server_host       = ldap://${ldapServer}
+    search_base       = dc=cloonar,dc=com
+    version           = 3
+    bind              = yes
+    start_tls         = yes
+    bind_dn           = cn=vmail,ou=system,ou=users,dc=cloonar,dc=com
+    bind_pw           = @ldap-password@
+    scope             = sub
+    query_filter      = (|(&(objectClass=mailAccount)(mail=%s))(&(objectClass=mailAlias)(mail=%s)))
+    result_attribute  = maildrop, mail
+    debuglevel        = 0
+  '';
+
  helo_access = pkgs.writeText "helo_access" ''
    /^([0-9\.]+)$/ REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
    cloonar.com REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
    ghetto.at REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
+    macher.solutions REJECT ACCESS DENIED. Your email was rejected because the sending mail server sent non RFC compliant HELO identity (''${1})
  '';
 in
 {
@ -116,10 +173,10 @@ in
      # smtp_bind_address6 = "2a01:4f9:2b:1605::1";
      mailbox_transport = "lmtp:unix:private/dovecot-lmtp";
      virtual_mailbox_domains = "ldap:/run/postfix/domains.cf";
-      virtual_mailbox_maps = "ldap:/run/postfix/mailboxes.cf";
-      virtual_alias_maps = "ldap:/run/postfix/accountsmap.cf,ldap:/run/postfix/aliases.cf";
+      virtual_mailbox_maps = "ldap:/run/postfix/mailboxes.cf,ldap:/run/postfix/mailboxes-fallback.cf";
+      virtual_alias_maps = "ldap:/run/postfix/accountsmap.cf,ldap:/run/postfix/accountsmap-fallback.cf,ldap:/run/postfix/aliases.cf,ldap:/run/postfix/aliases-fallback.cf";
      virtual_transport = "lmtp:unix:private/dovecot-lmtp";
-      smtpd_sender_login_maps = "ldap:/run/postfix/sender_login_maps.cf";
+      smtpd_sender_login_maps = "ldap:/run/postfix/sender_login_maps.cf,ldap:/run/postfix/sender_login_maps-fallback.cf";

      # Do not display the name of the recipient table in the "User unknown" responses.
      # The extra detail makes trouble shooting easier but also reveals information
@ -222,6 +279,10 @@ in
    sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${accountsmap} > /run/postfix/accountsmap.cf
    sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${aliases} > /run/postfix/aliases.cf
    sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${senderLoginMaps} > /run/postfix/sender_login_maps.cf
+    sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${mailboxesFallback} > /run/postfix/mailboxes-fallback.cf
+    sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${accountsmapFallback} > /run/postfix/accountsmap-fallback.cf
+    sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${aliasesFallback} > /run/postfix/aliases-fallback.cf
+    sed -e "s/@ldap-password@/$(cat ${config.sops.secrets.dovecot-ldap-password.path})/" ${senderLoginMapsFallback} > /run/postfix/sender_login_maps-fallback.cf
  '';

  security.dhparams = {