Merge branch 'srs' into 'master'

Add support for sender rewriting for forwards using postsrsd See merge request simple-nixos-mailserver/nixos-mailserver!431
2025-11-16 14:00:07 +00:00
parent 17c6816f67 61cff94a28
commit db66559815
9 changed files with 163 additions and 5 deletions
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -261,6 +261,24 @@ in
      configurePostfix = true;
    };

+    # Sender Rewriting Scheme (https://www.libsrs2.net/srs/srs.pdf)
+    services.postsrsd = {
+      inherit (cfg.srs) enable;
+      configurePostfix = true;
+      settings = {
+        domains = lib.unique (
+          [
+            cfg.fqdn
+            cfg.sendingFqdn
+            cfg.systemDomain
+          ]
+          ++ cfg.domains
+        );
+        separator = "=";
+        srs-domain = cfg.srs.domain;
+      };
+    };
+
    systemd.services.postfix-setup = lib.mkIf cfg.ldap.enable {
      preStart = ''
        ${appendPwdInVirtualMailboxMap}
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@@ -50,6 +50,8 @@ let
        echo "Generated key for domain ${domain} and selector ${cfg.dkimSelector}"
      fi
    '';
+
+  dkimDomains = lib.unique (cfg.domains ++ (lib.optionals cfg.srs.enable [ cfg.srs.domain ]));
 in
 {
  config = lib.mkIf cfg.enable {
@@ -202,7 +204,7 @@ in
          SupplementaryGroups = [ config.services.redis.servers.rspamd.group ];
        }
        (lib.optionalAttrs cfg.dkimSigning {
-          ExecStartPre = map createDkimKeypair cfg.domains;
+          ExecStartPre = map createDkimKeypair dkimDomains;
          ReadWritePaths = [ cfg.dkimKeyDirectory ];
        })
      ];