`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.
>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
The new option services.postfix.localRecipients allows
configuring the postfix option 'local_recipient_maps'. When
set to a list of user names (or patterns), that map
effectively replaces the lookup in the system's user
database that's used by default to determine which local
users are valid.
This option is useful to explicitly set local users that are
allowed to receive e-mail from the outside world. For local
injection i.e. via the 'sendmail' command this option has no
effect.
`services.postfix.config` is now correctly merged with the default attrset
specified in the module. Some options that are lists in postfix also
have to be lists in nix to be merged correctly. Other default options are
now set with `mkDefault` so they can be overridden via the module system.
I realize that advanced users like to configure services with Nix
attrsets, but I don't think we should remove the option to use the
(configuration) language provided by upstream.
From Postfix documentation:
With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
Make top level /var/lib/postfix as root:root 0755
After generating custom configs in /var/lib/postfix/conf,
`postfix set-permissions` called, to perform all required tricks
related to queue handling (postfix use file mode bits to keep
some internal statuses, so `chmod -R` not recommended by authors,
see comments in $out/libexec/postfix/post-install for details)
Also post-install script was patched, to skip permission check/update
for files inside $out, as well as symlinks following to $NIX_STORE.
Config file `main.cf` extended with all default directory locations,
to prevent post-install script from guessing and overwrite them.
And finally all actions in activation script snippets performed
by postmap/postalias/postfix tools from current build, not random one
from paths.
Regression introduced by 3891d3e654.
Merging multiple options with type "str" won't work and give an
evaluation error. For extra configuration lines in the Postfix config it
really should be "lines", especially because even the description
mentions "extra lines".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
