diff options
| author | Alejandro Soto <alejandro@34project.org> | 2023-01-29 06:19:22 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2023-01-29 18:35:09 -0600 |
| commit | bb8ecf14a8d4e7855bda558021fb292fb2223759 (patch) | |
| tree | c6afc8afc1a6b0985a744bbb1403189b6713b597 | |
| parent | 67b12424f1c73c11cf8c8ad951d1b91c88802abb (diff) | |
home/mail: fix sieve symlink fiasco
| -rw-r--r-- | env/users/mailbox.nix | 2 | ||||
| -rw-r--r-- | home/mail/default.nix | 25 | ||||
| -rw-r--r-- | home/mail/dovecot.sieve | 113 | ||||
| -rw-r--r-- | home/mail/sieve/mail.sieve | 1 |
4 files changed, 26 insertions, 115 deletions
diff --git a/env/users/mailbox.nix b/env/users/mailbox.nix index aff0ddd..e603214 100644 --- a/env/users/mailbox.nix +++ b/env/users/mailbox.nix @@ -65,6 +65,8 @@ in vmailPath = "/var/lib/vmail/%{if;%d;ne;;%Ld;${domain}}"; in '' + auth_mechanisms = plain login external + # TODO: los defaults de nixpkgs dejan los sockets bajo # /run/dovecot2 con demasiados permisos rwx, arreglar diff --git a/home/mail/default.nix b/home/mail/default.nix index 38bc41e..a6fe8ff 100644 --- a/home/mail/default.nix +++ b/home/mail/default.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; { config = mkIf (!config.home.isolation.active) { accounts.email = { @@ -46,6 +46,27 @@ with lib; { }; }; - home.file.".dovecot.sieve".source = ./dovecot.sieve; + # .dovecot.sieve tiene que ser un symlink tal que el readlink -f de su + # dirname (no del symlink en sí) sea la misma cadena que el readlink -f + # de ~/sieve. Dovecot verifica eso y tira "Invalid/unknown path to + # storage" si este check frágil falla. Ni siquiera + # mkOutOfStoreSymlink funciona. Ver código fuente de Dovecot: + # pigeonhole/src/lib-sieve/storage/file/sieve-file-storage-active.c + home = + let + sieve = pkgs.runCommandNoCCLocal "sieve" { src = ./sieve; } '' + cp -r $src $out + chmod -R u+w $out + find $out -name '*.sieve' -exec ${pkgs.dovecot_pigeonhole}/bin/sievec -c /dev/null {} \; + ''; + in + { + file."sieve".source = sieve; + + activation.sieve = hm.dag.entryBetween [ "linkGeneration" ] [ "writeBoundary" ] '' + $DRY_RUN_CMD ln -Tsf ${sieve}/mail.sieve .dovecot.sieve + $DRY_RUN_CMD ln -Tsf ${sieve}/mail.svbin .dovecot.svbin + ''; + }; }; } diff --git a/home/mail/dovecot.sieve b/home/mail/dovecot.sieve deleted file mode 100644 index a0db18f..0000000 --- a/home/mail/dovecot.sieve +++ /dev/null @@ -1,113 +0,0 @@ -# Comando (pkgs.dovecot_pigeonhole) para filtrar mensajes existentes: -# -# $ sieve-filter -v -C -u alejandro@34project.org ~/.dovecot.sieve INBOX -# -# Ese comando es un dry-run, agregar "-W -e" para proceder. Probablemente es -# buena idea hacer 'snapshot -r' de ~/mail antes de ejecutar eso. El primer run -# tomó como 15 minutos para procesar todo el maildir. -# -# https://blog.bastelfreak.de/2020/08/dovecot-apply-sieve-filter-to-existing-emails/ - -require ["fileinto", "mailbox"]; - -if anyof( - address :is "from" [ - "mailer-daemon@34project.org", - "expiry@letsencrypt.org" - ], - - address :is :localpart "to" ["abuse", "security", "postmaster", "hostmaster", "sysadmin"] -) { - fileinto :create "admin"; -} elsif address :is "from" ["notifications@github.com", "noreply@github.com"] { - fileinto :create "github"; -} elsif address :is "from" [ "lwn@lwn.net", "info@fsf.org"] { - fileinto :create "news"; -} elsif anyof( - address :is "from" [ - "factura@factura.tigo.cr", - "factura_electronica@claro.cr", - "bcrtarjestcta@bancobcr.com", - "mensajero@bancobcr.com" - ], - - allof( - address :is "from" "bncontacto@bncr.fi.cr", - header :is "Subject" "Voucher Digital" - ), - - allof( - address :is "from" "support@ovh.ca", - header :contains "Subject" ["Invoice available", "[INVOICE"] - ), - - allof( - address :is "from" [ - "support-renew@gandi.net", - "support-es@gandi.net", - "support-en@support.gandi.net" - ], - - header :contains "Subject" ["Automatic crediting", "Factura", "domain name renewed"] - ), - - header :is "From" "Recibos de Uber <noreply@uber.com>", - address :matches "from" "cobros*@tigo.co.cr" -) { - fileinto :create "bills"; -# Esta es otra sección de .admin, existe para darle precedencia a recibos de OVH en .bills -} elsif address :is :domain "from" "ovh.ca" { - fileinto :create "admin"; -} elsif address :is :domain ["from", "to"] ["estudiantec.cr", "itcr.ac.cr", "tec.ac.cr"] { - if allof( - address :matches :localpart "from" "tecdigital*", - # A veces han destruido la codificación de la tilde - header :matches "Subject" "Notificaci*n de Documentos" - ) { - fileinto :create "tec.docs"; - } elsif anyof( - address :is :localpart "from" "lcortes", - - allof( - address :matches :localpart "from" "tecdigital*", - header :contains "Subject" [ - "Estudiantes IDC - ", - "Ingenieria En Computadores - ", - "[ESTUDIANTES IDC]", - "[AREA DE INGENIERIA EN COMPUTADORAS]" - ] - ) - ) { - fileinto :create "tec.ce"; - } else { - fileinto :create "tec"; - } -} elsif anyof( - address :is :domain "from" [ - "turing.com", - "turing.bz", - "paypal.com", - "mail.paypal.com" - ], - - address :is "from" [ - "info@tigo.co.cr", - "info@info.tigo.cr", - "campaigns@fsf.org", - "bcrsistematica@bancobcr.com" - ], - - allof( - address :is "from" "no-reply@github.com", - header :contains "X-Mailer" "Mailchimp Mailer" - ), - - allof( - address :is "from" "no-reply@accounts.google.com", - header :contains "Subject" "Alerta de seguridad" - ), - - header :is "From" "The Google Account Team <google-noreply@google.com>" -) { - fileinto :create "spam"; -} diff --git a/home/mail/sieve/mail.sieve b/home/mail/sieve/mail.sieve new file mode 100644 index 0000000..1bb3788 --- /dev/null +++ b/home/mail/sieve/mail.sieve @@ -0,0 +1 @@ +# This file has been lustrated. |