{ nglib, nixpkgs }: nglib.makeSystem { system = "x86_64-linux"; name = "nixng-postfix"; inherit nixpkgs; config = ({ pkgs, config, ... }: { config = { dumb-init = { enable = true; type.services = {}; }; init.services.postfix = { shutdownOnExit = true; }; services.postfix = { enable = true; masterConfig = { pickup = { type = "unix"; private = "n"; chroot = "n"; wakeup = "60"; maxproc = "1"; command = "pickup"; }; cleanup = { type = "unix"; private = "n"; chroot = "n"; maxproc = "0"; command = "cleanup"; }; qmgr = { type = "unix"; private = "n"; chroot = "n"; wakeup = "300"; maxproc = "1"; command = "qmgr"; }; tlsmgr = { type = "unix"; wakeup = "1000?"; maxproc = 1; command = "tlsmgr"; }; rewrite = { type = "unix"; chroot = "n"; command = "trivial-rewrite"; }; bounce = { type = "unix"; chroot = "n"; maxproc = 0; command = "bounce"; }; defer = { type = "unix"; chroot = "n"; maxproc = 0; command = "bounce"; }; trace = { type = "unix"; chroot = "n"; maxproc = 0; command = "bounce"; }; verify = { type = "unix"; chroot = "n"; maxproc = 1; command = "verify"; }; flush = { type = "unix"; chroot = "n"; wakeup = "1000?"; maxproc = "0"; command = "flush"; }; proxymap = { type = "unix"; chroot = "n"; command = "proxymap"; }; proxywrite = { type = "unix"; chroot = "n"; maxproc = "1"; command = "proxymap"; }; smtp = [ { type = "unix"; chroot = "n"; command = "smtp"; } { type = "inet"; private = "n"; chroot = "n"; command = "smtpd"; } ]; relay = { type = "unix"; chroot = "n"; command = '' smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 ''; }; showq = { type = "unix"; private = "n"; chroot = "n"; command = "showq"; }; error = { type = "unix"; chroot = "n"; command = "error"; }; retry = { type = "unix"; chroot = "n"; command = "error"; }; discard = { type = "unix"; chroot = "n"; command = "discard"; }; local = { type = "unix"; unpriv = "n"; chroot = "n"; command = "local"; }; virtual = { type = "unix"; unpriv = "n"; chroot = "n"; command = "virtual"; }; lmtp = { type = "unix"; chroot = "n"; command = "lmtp"; }; anvil = { type = "unix"; chroot = "n"; maxproc = 1; command = "anvil"; }; scache = { type = "unix"; chroot = "n"; maxproc = 1; command = "scache"; }; postlog = { type = "unix-dgram"; private = "n"; chroot = "n"; maxproc = "1"; command = "postlogd"; }; }; mainConfig = { smptd_banner = [ "$myhostname" "ESMTP" "$mail_name" "(Ubuntu)" ]; biff = "no"; # delay_warning_time = "4h"; append_dot_mydomain = "no"; readme_directory = "no"; compatibility_level = 2; smtpd_tls_cert_file = "/etc/letsencrypt/live/example.com/fullchain.pem"; smtpd_tls_key_file = "/etc/letsencrypt/live/example.com/privkey.pem"; smtpd_use_tls = "yes"; smtpd_tls_auth_only = "yes"; smtp_tls_security_level = "may"; smtpd_tls_security_level = "may"; smtpd_sasl_security_options = [ "noanonymous" "noplaintext" ]; smtpd_sasl_tls_security_options = "noanonymous"; smtpd_sasl_type = "dovecot"; smtpd_sasl_path = "private/auth"; smtpd_sals_auth_enable = "yes"; smtpd_helo_restrictions = [ "permit_mynetworks" "permit_sals_authenticated" "reject_invalid_helo_hostname" "reject_non_fqdn_helo_hostname" ]; smtpd_recipient_restrictions = [ "permit_mynetworks" "permit_sasl_authenticated" "reject_non_fqdn_recipient" "reject_unknown_recipient_domain" "reject_unlisted_recipient" "reject_unauth_destination" ]; smtpd_sender_restrictions = [ "permit_mynetworks" "permit_sasl_authenticated" "reject_non_fqdn_sender" "reject_unknown_sender_domain" ]; smtpd_relay_restrictions = [ "permit_mynetworks" "permit_sasl_authenticated" "defer_unauth_destination" ]; myhostname = "example.org"; alias_maps = "hash:/etc/aliases"; alias_database = "hash:/etc/aliases"; mydoamin = "example.org"; myorigin = "$mydomain"; mydestination = "localhost"; relayhost = ""; mynetworks = [ "127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" ]; mailbox_size_limit = 0; recipient_delimiter = "+"; inet_interfaces = "all"; inet_protocols = "all"; virtual_transport = "lmtp:unix:private/dovecot-lmtp"; virtual_mailbox_domains = "mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf"; virtual_mailbox_maps = "mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf"; virtual_alias_maps = [ "mysql:/etc/postfix/mysql-virtual-alias-maps.cf" "mysql:/etc/postfix/mysql-virtual-email2email.cf" ]; disable_vrfy_command = "yes"; strict_rfc821_envelopes = "yes"; # smtpd_etrn_restrictions = "yes"; # smtpd_reject_unlisted_sender = "yes"; # smtpd_reject_unlisted_recipient = "yes"; smtpd_delay_reject = "yes"; smtpd_helo_required = "yes"; smtp_always_send_ehlo = "yes"; # smtpd_hard_error_limit = 1; smtpd_timeout = "30s"; smtp_helo_timeout = "15s"; smtp_rcpt_timeout = "15s"; smtpd_recipient_limit = "15s"; minimal_backoff_time = "180s"; maximal_backoff_time = "3h"; invalid_hostname_reject_code = 550; non_fqdn_reject_code = 550; unknown_address_reject_code = 550; unknown_client_reject_code = 550; unknown_hostname_reject_code = 550; unverified_recipent_reject_code = 550; unverified_sender_reject_code = 550; }; }; }; }); }