postfix service: implement DNS blacklist support
This commit is contained in:
Matt McHenry
parent
d28a06553e
commit
40c7d554d4
|
|
@ -13,6 +13,18 @@ let
|
|||
haveTransport = cfg.transport != "";
|
||||
haveVirtual = cfg.virtual != "";
|
||||
|
||||
clientAccess =
|
||||
if (cfg.dnsBlacklistOverrides != "")
|
||||
then [ "check_client_access hash:/etc/postfix/client_access" ]
|
||||
else [];
|
||||
|
||||
dnsBl =
|
||||
if (cfg.dnsBlacklists != [])
|
||||
then [ (concatStringsSep ", " (map (s: "reject_rbl_client " + s) cfg.dnsBlacklists)) ]
|
||||
else [];
|
||||
|
||||
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl);
|
||||
|
||||
mainCf =
|
||||
''
|
||||
compatibility_level = 2
|
||||
|
|
@ -104,6 +116,9 @@ let
|
|||
+ optionalString haveVirtual ''
|
||||
virtual_alias_maps = hash:/etc/postfix/virtual
|
||||
''
|
||||
+ optionalString (cfg.dnsBlacklists != []) ''
|
||||
smtpd_client_restrictions = ${clientRestrictions}
|
||||
''
|
||||
+ cfg.extraConfig;
|
||||
|
||||
masterCf = ''
|
||||
|
|
@ -161,6 +176,7 @@ let
|
|||
|
||||
aliasesFile = pkgs.writeText "postfix-aliases" aliases;
|
||||
virtualFile = pkgs.writeText "postfix-virtual" cfg.virtual;
|
||||
checkClientAccessFile = pkgs.writeText "postfix-check-client-access" cfg.dnsBlacklistOverrides;
|
||||
mainCfFile = pkgs.writeText "postfix-main.cf" mainCf;
|
||||
masterCfFile = pkgs.writeText "postfix-master.cf" masterCf;
|
||||
transportFile = pkgs.writeText "postfix-transport" cfg.transport;
|
||||
|
|
@ -366,6 +382,17 @@ in
|
|||
";
|
||||
};
|
||||
|
||||
dnsBlacklists = mkOption {
|
||||
default = [];
|
||||
type = with types; listOf string;
|
||||
description = "dns blacklist servers to use with smtpd_client_restrictions";
|
||||
};
|
||||
|
||||
dnsBlacklistOverrides = mkOption {
|
||||
default = "";
|
||||
description = "contents of check_client_access for overriding dnsBlacklists";
|
||||
};
|
||||
|
||||
extraMasterConf = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
|
|
@ -494,6 +521,9 @@ in
|
|||
(mkIf haveVirtual {
|
||||
services.postfix.mapFiles."virtual" = virtualFile;
|
||||
})
|
||||
(mkIf (cfg.dnsBlacklists != []) {
|
||||
services.postfix.mapFiles."client_access" = checkClientAccessFile;
|
||||
})
|
||||
]);
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue