# Mailserver

NixOS mailserver module providing a complete email stack with Postfix and Dovecot.

## References

- [Simple NixOS Mailserver](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver)

## Setup

### DNS Records

| Type | Hostname | Value |
|------|----------|-------|
| A | `mail` | `<SERVER_IP>` |
| AAAA | `mail` | `<SERVER_IPV6>` |
| MX | `@` | `10 mail.cryodev.xyz.` |
| TXT | `@` | `"v=spf1 mx ~all"` |
| TXT | `_dmarc` | `"v=DMARC1; p=none"` |

DKIM records are generated automatically after first deployment.

### Generate Password Hashes

```bash
nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
```

### Add to Secrets

```bash
sops hosts/cryodev-main/secrets.yaml
```

```yaml
mailserver:
  accounts:
    admin: "$2y$05$..."
    forgejo: "$2y$05$..."
```

### Configuration

```nix
# hosts/cryodev-main/services/mailserver.nix
{ config, ... }:
{
  sops.secrets."mailserver/accounts/admin" = { };
  sops.secrets."mailserver/accounts/forgejo" = { };
  
  mailserver = {
    enable = true;
    fqdn = "mail.cryodev.xyz";
    domains = [ "cryodev.xyz" ];
    
    loginAccounts = {
      "admin@cryodev.xyz" = {
        hashedPasswordFile = config.sops.secrets."mailserver/accounts/admin".path;
      };
      "forgejo@cryodev.xyz" = {
        hashedPasswordFile = config.sops.secrets."mailserver/accounts/forgejo".path;
        sendOnly = true;
      };
    };
  };
}
```

## DKIM Setup

After first deployment, get the DKIM public key:

```bash
sudo cat /var/dkim/cryodev.xyz.mail.txt
```

Add this as a TXT record:

| Type | Hostname | Value |
|------|----------|-------|
| TXT | `mail._domainkey` | `v=DKIM1; k=rsa; p=...` |

## Testing

### Send Test Email

```bash
echo "Test" | mail -s "Test Subject" recipient@example.com
```

### Check Mail Queue

```bash
sudo postqueue -p
```

### View Logs

```bash
sudo journalctl -u postfix -f
sudo journalctl -u dovecot2 -f
```

### Test SMTP

```bash
openssl s_client -connect mail.cryodev.xyz:587 -starttls smtp
```

### Verify DNS Records

- [MXToolbox](https://mxtoolbox.com/)
- [Mail-tester](https://www.mail-tester.com/)

## Troubleshooting

### Emails Not Sending

Check Postfix status:

```bash
sudo systemctl status postfix
```

Check firewall (ports 25, 465, 587 must be open):

```bash
sudo iptables -L -n | grep -E '25|465|587'
```

### DKIM Failing

Verify the DNS record matches the generated key:

```bash
dig TXT mail._domainkey.cryodev.xyz
```

### SPF Failing

Verify SPF record:

```bash
dig TXT cryodev.xyz
```

Should return: `"v=spf1 mx ~all"`