Add configuration option to alias entire domains and respective tests

2024-12-28 00:40:32 +01:00 · 2024-12-28 00:40:32 +01:00 · 5f49caec49
commit 5f49caec49
parent 92d0a6e1f8
3 changed files with 71 additions and 2 deletions
--- a/mailsystem/default.nix
+++ b/mailsystem/default.nix
@ -127,6 +127,22 @@ in {
      default = {};
    };

+    virtualDomainAliases = lib.mkOption {
+      type = with lib.types; attrsOf str;
+      example = {
+        "aliasdomain.com" = "domain.com";
+      };
+      description = ''
+        Virtual aliasing of domains. A virtual alias `"aliasdomain.com" = "domain.com"`
+        means that all mail directed at `@aliasdomain.com` are forwarded to `@domain.com`.
+        This also entails, that any account or alias of `domain.com` is partially valid
+        for `aliasdomain.com`. For example, `user@domain.com` can receive mails at
+        `user@aliasdomain.com`. However, if `user@domain.com` shall be able to dispatch
+        mails using `user@aliasdomain.com`, an explicit alias needs to be configured.
+      '';
+      default = {};
+    };
+
    extraVirtualAliases = lib.mkOption {
      type = let
        account = lib.mkOptionType {
--- a/mailsystem/postfix.nix
+++ b/mailsystem/postfix.nix
@ -28,9 +28,18 @@ with (import ./common.nix {inherit config;}); let
      map (from: {"${from}" = to;}) (value.aliases ++ lib.singleton name))
    cfg.accounts));

+  virtual_domain_aliases = let
+    alias_domains =
+      lib.concatMapAttrs (src: dst: {
+        "@${src}" = "@${dst}";
+      })
+      cfg.virtualDomainAliases;
+  in
+    attrsToLookupTable alias_domains;
+
  extra_virtual_aliases = attrsToLookupTable cfg.extraVirtualAliases;

-  all_virtual_aliases = mergeLookupTables [account_virtual_aliases extra_virtual_aliases];
+  all_virtual_aliases = mergeLookupTables [account_virtual_aliases virtual_domain_aliases extra_virtual_aliases];

  aliases_file = let
    content = lookupTableToString all_virtual_aliases;
@ -65,6 +74,15 @@ with (import ./common.nix {inherit config;}); let
  tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
 in {
  config = lib.mkIf cfg.enable {
+    assertions =
+      lib.mapAttrsToList (
+        src: dst: {
+          assertion = (builtins.elem src cfg.domains) && (builtins.elem dst cfg.domains);
+          message = "Both aliased domain (${src}) and actual domain (${dst}) need to be managed by the mailserver.";
+        }
+      )
+      cfg.virtualDomainAliases;
+
    services.postfix = {
      enable = true;
      hostname = "${cfg.reverseFqdn}";
--- a/tests/aliases.nix
+++ b/tests/aliases.nix
@ -48,8 +48,11 @@ in
        environment.systemPackages = with pkgs; [netcat];
        mailsystem = {
          fqdn = "mail.example.com";
-          domains = ["example.com" "otherdomain.com"];
+          domains = ["example.com" "aliased.com" "otherdomain.com"];
          accounts = mkAccounts accounts;
+          virtualDomainAliases = {
+            "aliased.com" = "example.com";
+          };
          extraVirtualAliases = {
            "extra-alias@example.com" = accounts."extra-alias".address;
          };
@ -191,5 +194,37 @@ in
          client.execute("${cleanupMail}")
          # fetchmail returns EXIT_CODE 0 when it retrieves mail
          client.succeed("${recvMail "extra-alias"} >&2")
+
+      with subtest("receiving mail on aliased domain using normal account"):
+          client.succeed("${sendMail "normal" "" "user2@aliased.com" ''
+        Subject: aliasedDomain with normal account
+
+        Hello User2,
+        this is mail is sent to you by using your address @example.org.
+      ''}")
+          server.wait_until_fails('${pendingPostqueue}')
+          client.execute("${cleanupMail}")
+          # fetchmail returns EXIT_CODE 0 when it retrieves mail
+          client.succeed("${recvMail "normal2"} >&2")
+
+      with subtest("receiving mail on aliased domain using catchall-account"):
+          client.succeed("${sendMail "normal" "" "somerandomaddress@aliased.com" ''
+        Subject: aliasedDomain using catchall-account
+
+        Hello Catchall-User,
+        this is mail is sent to you by using an address without any user-account behind it for neither @example.com nor @aliased.com.
+      ''}")
+          server.wait_until_fails('${pendingPostqueue}')
+          client.execute("${cleanupMail}")
+          # fetchmail returns EXIT_CODE 0 when it retrieves mail
+          client.succeed("${recvMail "catchall"} >&2")
+
+      with subtest("sending mail from aliased domain fails"):
+          client.fail("${sendMail "normal" "user1@aliased.com" accounts."normal2".address ''
+        Subject: aliasedDomain
+
+        Hello User2,
+        this mail should not be dispatched to you as I'm using "my" address @aliased.com.
+      ''}")
    '';
  }