nixos-mailserver/README.md
2017-10-17 17:29:07 +02:00

3 KiB

Simple Nixos MailServer

license status

Stable Releases

None so far.

Latest Release Candidate

Features

v1.1

  • Postfix MTA
    • smtp on port 25
    • submission port 587
    • lmtp with dovecot
  • Dovecot
    • maildir folders
    • imap starttls on port 143
    • pop3 starttls on port 110
  • Certificates
    • manual certificates
    • on the fly creation
  • Spam Filtering
    • via rspamd
    • hard coded sieve script to move spam into Junk folder
  • Virus Scanning
    • via clamav
  • DKIM Signing
    • via opendkim
  • User Management
    • declarative user management
    • declarative password management

v1.2

  • Certificates
    • Let's Encrypt
  • Sieves
    • Allow user defined sieve scripts
  • User Aliases
    • More complete alias support

v2.0

  • Multiple Domains

Changelog

v1.0 -> v1.1

  • Changed structure to Nix Modules
  • Adds Sieve support

How to Deploy

{ config, pkgs, ... }:
{
  imports = [
    (builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/releases/tag/v1.1-rc2")
  ];
 
  mailserver = {
    enable = true;
    domain = "example.com";
    login_accounts = {
      user1 = {
        name = "test";
        hashedPassword = "$6$Mmmx1U68$Twd8acMxqHoqFyfz3SPz1pzjY/D36gayAdpUTFMvfrHQUwObF3acuLz2GYAGFzsjHLEK/dPIv3pCwj3kZ5T2u.";
      };
    };
    virtualAliases = {
      admin = "user1";
    };
  };
}

For a complete list of options, see default.nix.

How to Test

You can test the setup via nixops. After installation, do

nixops create nixops/single-server.nix nixops/vbox.nix -d mail
nixops deploy -d mail
nixops info -d mail

You can then test the server via e.g. telnet. To log into it, use

nixops ssh -d mail mailserver

To test imap manually use

openssl s_client -host mail.example.com -port 143 -starttls imap

A Complete Mail Server Without Moving Parts

Used Technologies

  • Nixos
  • Nixpkgs
  • Dovecot
  • Postfix
  • Rmilter
  • Rspamd
  • Clamav
  • Opendkim
  • Pam

Features

  • one domain
  • unlimited mail accounts
  • unlimited aliases for every mail account
  • spam and virus checking
  • dkim signing of outgoing emails
  • imap (optionally pop3)
  • startTLS

Nonfeatures

  • moving parts
  • SQL databases
  • configurations that need to be made after nixos-rebuild switch
  • complicated storage schemes
  • webclients / http-servers

Contributors

  • Special thanks to @Infinisil for the module rewrite
  • @danbst
  • @phdoerfler

Credits