diff options
Diffstat (limited to '')
| -rw-r--r-- | sys/mta/default.nix | 5 | ||||
| -rw-r--r-- | sys/nspawn/dmz.nix | 9 |
2 files changed, 10 insertions, 4 deletions
diff --git a/sys/mta/default.nix b/sys/mta/default.nix index 15476bf..004e2ae 100644 --- a/sys/mta/default.nix +++ b/sys/mta/default.nix @@ -47,7 +47,7 @@ in { type = types.port; }; - relayListen = mkOption { + mtaListen = mkOption { type = types.str; }; }; @@ -147,6 +147,7 @@ in { { mydomain = domain; myhostname = mtaDomain.main; + inet_interfaces = [cfg.mtaListen]; myorigin = "$mydomain"; #TODO: check_recipient_access para rechazar localhost desde afuera @@ -217,8 +218,6 @@ in { milter_default_action = "accept"; } // optionalAttrs isBackup { - inet_interfaces = [cfg.relayListen]; - smtpd_relay_restrictions = [ "reject_unauth_destination" ]; diff --git a/sys/nspawn/dmz.nix b/sys/nspawn/dmz.nix index 4cb3901..cf290a4 100644 --- a/sys/nspawn/dmz.nix +++ b/sys/nspawn/dmz.nix @@ -36,6 +36,11 @@ in { readOnly = true; }; + mtaAddr6 = mkOption { + type = types.str; + readOnly = true; + }; + system = mkOption { type = types.raw; }; @@ -64,6 +69,7 @@ in { mailHost.mdaListen = cfg.hostAddr6; nspawn.dmz = { + dmzAddr6 = dmzNet.hosts.mta.v6.address; hostAddr6 = dmzNet.hosts.gateway.v6.address; system = let @@ -78,7 +84,8 @@ in { mta = { mdaAddr = "[${mailHost.mdaListen}]"; - inherit (mailHost) saslPort lmtpPort; + mtaListen = cfg.mtaAddr6; + inherit (mailHost) mtaListen saslPort lmtpPort; }; web.sites = { |