Stalwart: Difference between revisions

(3 intermediate revisions by the same user not shown)

Line 271:

User = "stalwart-mail";

Group = "stalwart-mail";

EnvironmentFile = config.age.secrets.~~stalwart-mail~~-cloudflare-~~secret~~.path;

EnvironmentFile = config.age.secrets.gotlsaflare-cloudflare-token.path;

RuntimeDirectory = "stalwart-tlsa";

};

environment = {

DOMAIN = "example.org";

SUBDOMAIN = "mail";

PORT = "25";

ACME_PROVIDER_ID = "cloudflare";

};

path = with pkgs; [

bash

Line 288:

Line 293:

set -eu

~~DOMAIN="example.org"~~

~~SUBDOMAIN="mail"~~

~~PORT="25"~~

~~ACME_PROVIDER_ID="cloudflare"~~

TLSA_RECORD="_$PORT._tcp.$SUBDOMAIN.$DOMAIN"

DB_PATH="/var/lib/stalwart-mail/db"

Line 341:

Line 342:

</syntaxhighlight>

Adapt the variables <code>DOMAIN</code>, <code>SUBDOMAIN</code>, and <code>PORT</code> according to your needs. The variable <code>ACME_PROVIDER_ID</code> corresponds to the ACME profile name you've setup in the Stalwart webadmin interface. <code>EnvironmentFile</code> points to a file containing the secret Cloudflare api token in the format: TOKEN=12345678[...].

=== Sending from subaddresses ===

Receiving mails to subaddresses like <code>john+secondary@example.org</code> is enabled by default. Sending from subaddresses will fail with "You are not allowed to send from this address" as long as they are not an configured alias address. You can disable this check but it will allow any authenticated user to send from any other address.

{{file|/etc/nixos/configuration.nix|nix|3=services.stalwart-mail = {

settings = {

[...]

session.auth.must-match-sender = false;

};

};}}

A configuration option to customize the pattern of authorized sender addresses is a [https://github.com/stalwartlabs/stalwart/issues/394#issuecomment-3705990056 planned feature].

=== Test mail server ===

You can use several online tools to test your mail server configuration:

@@ Line 271: / Line 271: @@
      User = "stalwart-mail";
      Group = "stalwart-mail";
-     EnvironmentFile = config.age.secrets.stalwart-mail-cloudflare-secret.path;
+     EnvironmentFile = config.age.secrets.gotlsaflare-cloudflare-token.path;
      RuntimeDirectory = "stalwart-tlsa";
    };
+  environment = {
+    DOMAIN = "example.org";
+    SUBDOMAIN = "mail";
+    PORT = "25";
+    ACME_PROVIDER_ID = "cloudflare";
+  };
    path = with pkgs; [
      bash
@@ Line 288: / Line 293: @@
      set -eu
-    DOMAIN="example.org"
-    SUBDOMAIN="mail"
-    PORT="25"
-    ACME_PROVIDER_ID="cloudflare"
      TLSA_RECORD="_$PORT._tcp.$SUBDOMAIN.$DOMAIN"
      DB_PATH="/var/lib/stalwart-mail/db"
@@ Line 341: / Line 342: @@
 </syntaxhighlight>
+Adapt the variables <code>DOMAIN</code>, <code>SUBDOMAIN</code>, and <code>PORT</code> according to your needs. The variable <code>ACME_PROVIDER_ID</code> corresponds to the ACME profile name you've setup in the Stalwart webadmin interface. <code>EnvironmentFile</code> points to a file containing the secret Cloudflare api token in the format: TOKEN=12345678[...].
+=== Sending from subaddresses ===
+Receiving mails to subaddresses like <code>john+secondary@example.org</code> is enabled by default. Sending from subaddresses will fail with "You are not allowed to send from this address" as long as they are not an configured alias address. You can disable this check but it will allow any authenticated user to send from any other address.
+{{file|/etc/nixos/configuration.nix|nix|3=services.stalwart-mail = {
+  settings = {
+    [...]
+    session.auth.must-match-sender = false;
+  };
+};}}
+A configuration option to customize the pattern of authorized sender addresses is a [https://github.com/stalwartlabs/stalwart/issues/394#issuecomment-3705990056 planned feature].
 === Test mail server ===
 You can use several online tools to test your mail server configuration: