This allows overwriting the default values for user_attrs to be empty
which is required when using virtual mailboxes with ldap accounts
that have posixAccount attributes set. When user_attrs is empty string
those are ignored then.
Allow the user to specify the name of the ACME configuration that the
mailserver should use. This allows users that request certificates that
aren't the FQDN of the mailserver, for example a wildcard certificate.
Without using umask there's a small time window where paths are world
readable. That is a bad idea to do for secret files (e.g. the dovecot
code path).
Sets up a declaratively configured OpenLDAP instance with users alice
and bob. They each own one email address,
First we test that postfix can communicate with LDAP and do the expected
lookups using the defined maps.
Then we use doveadm to make sure it can look up the two accounts.
Next we check the binding between account and mail address, by logging
in as alice and trying to send from bob@example.com, which alice is not
allowed to do. We expect postfix to reject the sender address here.
Finally we check mail delivery between alice and bob. Alice tries to
send a mail from alice@example.com to bob@example.com and bob then
checks whether it arrived in their mailbox.
Allow configuring lookups for users and their mail addresses from an
LDAP directory. The LDAP username will be used as an accountname as
opposed to the email address used as the `loginName` for declarative
accounts. Mailbox for LDAP users will be stored below
`/var/vmail/ldap/<account>`.
Configuring domains is out of scope, since domains require further
configuration within the NixOS mailserver construct to set up all
related services accordingly.
Aliases can already be configured using `mailserver.forwards` but could
be supported using LDAP at a later point.
`sieve-test` can be used to test sieve scripts.
It's annoying to nix-shell it in, because it reads the dovecot global
config and might stumble over incompatible .so files (as has happened
to me).
Simply providing it in $PATH is easier.
Add a certificate scheme for using an existing ACME certificate without
setting up Nginx.
Also use names instead of magic numbers for certificate schemes.
Jeremy Fleischman
Jany Doe
Guillaume Girol
Sandro Jäckel
Isabel
Antoine Eiche
RoastedCheese
Martin Weinelt
Matthew Leach
jopejoe1
Gaetan Lepage
Raito Bezarius
Christian Theune
Sleepful
Alvar Penning
Lafiel
Jean-Baptiste Giraudeau
Naïm Favier
Bjørn Forsman
Nigel Bray
Florian Klink
Mynacol