Maddy: Difference between revisions

From NixOS Wiki
imported>Onny
Add notes about SPF record
imported>Onny
Add info about spam filtering
Line 22: Line 22:
   };
   };
};
};
services.rspamd.enable = true;
</nowiki>}}
</nowiki>}}


Line 57: Line 56:
mx1.example.org. 3600 IN TXT "v=spf1 mx ~all"
mx1.example.org. 3600 IN TXT "v=spf1 mx ~all"
</syntaxhighlight>
</syntaxhighlight>
=== Managing users and inboxes ===
=== Managing users and inboxes ===


Line 64: Line 64:
# maddyctl creds create postmaster@example.org
# maddyctl creds create postmaster@example.org
# maddyctl imap-acct create postmaster@example.org
# maddyctl imap-acct create postmaster@example.org
</syntaxhighlight>
=== Spam filtering ===
You can enable and use [[rspamd]] spam filtering daemon
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
services.rspamd.enable = true;
</nowiki>}}
Add following <code>check</code> part to your Maddy configuration at the beginning of the section <code>msgpipeline local_routing</code> as referenced by the default config.
<syntaxhighlight lang="json">
msgpipeline local_routing {
  check {
    rspamd
  }
  [...]
</syntaxhighlight>
</syntaxhighlight>


[[Category:Mail Server]]
[[Category:Mail Server]]

Revision as of 19:11, 2 August 2022

Maddy is a composable, modern mail server written in Go. It includes everything required to manage users, inboxes, send and receive mails while supporting all important secure protocols and standards.

Installation

Note: Following example describes the usage of an experimental module which is still being reviewed as an open PR and might not be ready for production.

The following example enables the Maddy mail server listening on mail delivery SMTP/Submission ports (25, 587) and IMAP/IMAPS ports (143/993) for mail clients to connect to. The server is configured to send and receive mails for the primary domain example.org.

/etc/nixos/configuration.nix
services.maddy = {
  enable = true;
  openFirewall = true;
  primaryDomain = "example.org";
  tls = {
    certPath = /var/lib/acme/example.org/example.org.crt;
    keyPath = /var/lib/acme/example.org/example.org.key;
  };
  imap = {
    port = 143;
    tlsEnable = true;
    tlsPort = 993;
  };
};

TLS certificates can be obtained by using services like certbot or the acme service. Please reference their documentation on how to configure it to acquire the certificates.

Configuration

DNS records

Ensure that the domain you're going to use has MX DNS records probably configured. They should point to the correct public IP addresses of your server running Maddy.

# dig MX example.org
;; ANSWER SECTION:
example.org. 3364 IN	MX	0 mx1.example.org.
# dig A mx1.example.org
;; ANSWER SECTION:
mx1.example.org.	3392 IN	A	8.8.8.8
# dig AAAA mx1.example.org
;; ANSWER SECTION:
mx1.example.org.	3364 IN	AAAA	2001:db8:85a3:8d3:1319:8a2e:370:7348

Consult your domain provider on how to configure these records.

An other record called SPF should also be present, telling that only servers in the MX are allowed to send mails for this domain

# dig TXT example.org
;; ANSWER SECTION:
example.org. 3600 IN	TXT	"v=spf1 mx ~all"
# dig TXT mx1.example.org
;; ANSWER SECTION:
mx1.example.org. 3600 IN	TXT	"v=spf1 mx ~all"

Managing users and inboxes

Creating credentials and inboxes for a specific account. The first command creates the user postmaster@example.org and will prompt for a password.

# maddyctl creds create postmaster@example.org
# maddyctl imap-acct create postmaster@example.org

Spam filtering

You can enable and use rspamd spam filtering daemon

/etc/nixos/configuration.nix
services.rspamd.enable = true;

Add following check part to your Maddy configuration at the beginning of the section msgpipeline local_routing as referenced by the default config.

msgpipeline local_routing {

  check {
    rspamd
  }

  [...]