nixos-mailserver icon indicating copy to clipboard operation
nixos-mailserver copied to clipboard

Published 20 hours ago verified publisher icon r-raymond

See if it's possible to leverage the nixcloud.email service if it lands in nixpkgs

Open eqyiel opened this issue 7 years ago • 13 comments

Ref: https://github.com/NixOS/nixpkgs/pull/29366

eqyiel avatar Sep 14 '17 23:09 eqyiel

It seems to be a fairly identical effort. Maybe we can pool resources?

r-raymond avatar Sep 15 '17 05:09 r-raymond

sounds great. where to start?

qknight avatar Sep 15 '17 22:09 qknight

I'm working on an extensible test suite right now, to make sure future commits don't break things. For that I need to find out how to integrate the nix tests with a CI solution, any help there is welcome.

Some new features that are fun projects are

  • Multidomain rewrite
  • Certificate creation scheme with Let's Encrypt (that should be fairly simple, I mostly avoided it so far, because it makes testing a hastle)
  • User Sieve scripts (so far there is only one hard-coded sieve script moving spam to the Junk folder)
  • Write deployment scripts for nixops

Maintenance work that needs to be done is mostly updating some stale comments from the module rewrite. Long term I'd also like to move any text snippet that is longer than a couple of lines into it's own file (e.g. the postfix config). I need to figure out what's the best way to still have the replace functionality though.

Of course any other feature that you can think off and is missing is greatly appreciated.

r-raymond avatar Sep 16 '17 08:09 r-raymond

Looking at your feature list

  • virtualMail user abstraction
  • easy way to assign passwords for mail users declaratively
  • optional greylisting
  • optional spamassassin
  • explicit ipv4/ipv6 support
  • sieve filters working
  • automated ACME (for example: mail.lastlog.de)
  • helpful defaults to communicate with gmail and others
  • catchall

It seems like SNM could benefit from

  • optional greylisting
  • explicit ipv4/ipv6 support
  • sieve filters working
  • automated ACME (for example: mail.lastlog.de)
  • helpful defaults to communicate with gmail and others
  • catchall

Can you describe what you are working on and planning for the future on your project? Maybe we can identify overlaps.

r-raymond avatar Sep 16 '17 09:09 r-raymond

so a few things we are working on would be those

future

  • spamassassin should call sa-learn per virtualMail account
  • automate DNS deployment with nixcloud.dns
  • webmail support via mail.youpickedthedomain.tld using horde or similar
  • enforce SPF/DKIM via DMARC policies
  • postfix: satellite setups
  • postfix DNSSEC
  • DANE
  • mailinglists using mailman
  • header checks

obvious things

  • documentation
  • unit tests for various scenarios
  • hosting for such setups
  • monitoring nixcloud.monitoring

qknight avatar Sep 16 '17 16:09 qknight

@qknight @r-raymond I'm happy to see you are willing to collaborate!

@r-raymond would you consider moving this repo to an organisation?

eqyiel avatar Sep 17 '17 00:09 eqyiel

@eqyiel Yes, that's the obvious step.

@qknight Are you willing to integrate your work into SNM if I move the repo to an organisation? Or do you suggest a different course of action?

r-raymond avatar Sep 17 '17 08:09 r-raymond

@r-raymond @eqyiel i think we should try to get it into nixpkgs but if that fails we should put it into an organization!

qknight avatar Sep 17 '17 08:09 qknight

this is the issue i'll be solving next: https://github.com/NixOS/nixpkgs/issues/29414

qknight avatar Sep 17 '17 08:09 qknight

It looks like this is not happening any more, but the first part of this issue is still relevant (see if it's possible to leverage nixcloud.email). @qknight said something interesting about hashing modules to see if the upstream definition changed: https://github.com/NixOS/nixpkgs/pull/29366#issuecomment-341986348

That sounds like a really good idea and would prevent stuff like this: https://github.com/r-raymond/nixos-mailserver/issues/21

Maybe we should also suggest pinning to a specific nixpkgs revision?

I'll look into it more as soon as I get a chance.

eqyiel avatar Nov 09 '17 21:11 eqyiel

Pinning sounds like a good idea. I don't know about hashing, as any bug fix or security patch (unrelated or not) would break the the hash. But I guess we would need more informations. Let me know what you find out!

On 11/09, Ruben Maher wrote:

It looks like this is not happening any more, but the first part of this issue is still relevant (see if it's possible to leverage nixcloud.email). @qknight said something interesting about hashing modules to see if the upstream definition changed: https://github.com/NixOS/nixpkgs/pull/29366#issuecomment-341986348

That sounds like a really good idea and would prevent stuff like this: https://github.com/r-raymond/nixos-mailserver/issues/21

Maybe we should also suggest pinning to a specific nixpkgs revision?

I'll look into it more as soon as I get a chance.

-- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/r-raymond/nixos-mailserver/issues/13#issuecomment-343301189

r-raymond avatar Nov 10 '17 07:11 r-raymond

@eqyiel we released https://github.com/nixcloud/nixcloud-webservices a few days ago, have a look at the nixcloud.email documentation.

qknight avatar Nov 21 '17 16:11 qknight

@qknight thanks!

eqyiel avatar Nov 21 '17 22:11 eqyiel