Giving this a second and final chance

Signed-off-by: Izuru Yakumo <eternal-servant@yakumo.dev>

README.md

@@ -1,3 +1,39 @@
 # mailsystem
+This is the mail server setup being used at [yakumo.dev](https://yakumo.dev), it was originally based on [RedXen](https://redxen.eu)'s but it was adapted to use `aliases(5)` instead of relying on SQL.
 
-Configuration files used at the laboratory's mail server.
+## Requirements
+* [Dovecot](https://www.dovecot.org/) and [Postfix](https://www.postfix.org/) with PostgreSQL support (there's SQLite 3 support available as well, but has not been tested), as well as the [Pigeonhole](https://pigeonhole.dovecot.org/) plugin
+* [PostgreSQL](https://www.postgresql.org/) (tested with 14.x and 15.x, can work with any later version)
+* [Rspamd](https://rspamd.com/) (also used for DKIM signing)
+
+
+## Installation
+You need to replace several values with your own, such as `SYSCONFDIR`, `
+
+## Usage
+
+### Adding an user
+
+```sql
+INSERT INTO users ( userid, password, active ) VALUES (
+    'yuitia',
+    '...',
+    '1'
+);
+```
+
+### Removing an user
+
+```sql
+DELETE FROM users WHERE userid = 'yuitia';
+```
+
+### Updating an user
+
+```sql
+UPDATE users SET password = '....' WHERE userid = 'yuitia';
+```
+
+```sql
+UPDATE users SET active = '0' WHERE userid = 'yuitia';
+```

etc/dovecot/automove.sieve

@@ -0,0 +1,6 @@
+require ["fileinto","mailbox"];
+
+if header :contains "X-Spam" "Yes" {
+	fileinto :create "Junk";
+	stop;
+}

etc/dovecot/dovecot.conf

@@ -0,0 +1,121 @@
+# $YakumoLabs$
+
+## Listen on all available addresses (v4/v6)
+listen = *, ::
+
+## Dovecot stores the unix sockets on this place
+base_dir = /var/run/dovecot
+
+## Your server's hostname, usually the root domain
+hostname = %%DOMAIN%%
+
+## Server's instance name, it can be named anything
+instance_name = dovecot
+
+## Space-separated list of mail protocols supported
+protocols = imap lmtp pop3
+
+## SSL/TLS configuration
+ssl = yes
+ssl_cert = <%%PATH_TO_LETSENCRYPT%%/%%DOMAIN%%/fullchain.pem
+ssl_key = <%%PATH_TO_LETSENCRYPT%%/%%DOMAIN%%/privkey.pem
+
+## Authentication settings
+auth_mechanisms = plain login
+auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
+auth_username_format = %n
+disable_plaintext_auth = yes
+
+## Change the following to the ones your system has
+first_valid_uid = 8 #
+last_valid_uid = 8
+first_valid_gid = 12
+last_valid_gid = 12
+
+lda_mailbox_autocreate = yes
+imap_capability = +SPECIAL-USE
+
+userdb {
+	driver = sql
+	args = %%PATH_TO_DOVECOT_ETC_PREFIX%%/pgsql.conf
+}
+passdb {
+	driver = sql
+	args = %%PATH_TO_DOVECOT_ETC_PREFIX%%/pgsql.conf
+}
+
+## Services declared in the protocols field
+service imap-login {
+	inet_listener imap {
+		port = 143
+	}
+	inet_listener imaps {
+		port = 993
+		ssl = yes
+	}
+}
+service lmtp {
+	unix_listener lmtp {
+		mode = 0660
+		user = dovecot
+		group = mail
+	}
+}
+service pop3-login {
+	inet_listener pop3 {
+		      port = 110
+	}
+	inet_listener pop3s {
+		      port = 993
+		      ssl = yes
+	}
+}
+protocol lmtp {
+	mail_plugins = $mail_plugins sieve
+}
+service auth {
+	unix_listener auth {
+		mode = 0660
+		user = dovecot
+		group = mail
+	}
+	user = root
+}
+## Mailbox locations
+mail_home=/var/vmail/%u
+mail_location = maildir:/var/vmail/%d/%n/Maildir
+mailbox_list_index = yes
+mail_uid = vmail
+mail_gid = vmail
+
+namespace inbox {
+	type = private
+	inbox = yes
+	mailbox Archive {
+		special_use = \Archive
+		auto = create
+	}
+	mailbox Drafts {
+		special_use = \Drafts
+		auto = create
+	}
+	mailbox Sent {
+		special_use = \Sent
+		auto = create
+	}
+	mailbox Junk {
+		special_use = \Junk
+		auto = create
+		autoexpunge = 30d
+	}
+	mailbox Trash {
+		special_use = \Trash
+		auto = create
+		autoexpunge = 7d
+	}
+}
+
+## Plugins
+plugin {
+	sieve_after = %%PATH_TO_DOVECOT_ETC_PREFIX%%/sieve
+}

etc/dovecot/pgsql.conf

@@ -0,0 +1,6 @@
+connect = host=localhost port=5432 dbname=mail user=dovecot password=%%DOVECOT_PASSWORD%%
+driver = pgsql
+default_pass_scheme = ARGON2I
+user_query = SELECT '8' AS uid, '12' AS gid FROM users WHERE userid = '%u' AND active = '1'
+password_query = SELECT userid AS user, password FROM users WHERE userid = '%u' AND active = '1'
+iterate_query = SELECT userid AS user FROM users

etc/postfix/main.cf

@@ -0,0 +1,71 @@
+# $YakumoLabs$
+compatibility_level=3.6
+smtpd_banner = $myhostname ESMTP
+mail_name = @@MAIL_NAME@@
+
+inet_interfaces = all
+inet_protocols = all
+
+myorigin = @@DOMAIN@@
+myhostname = $myorigin
+mydomain = $myorigin
+mydestination = $myorigin
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+
+local_transport = local
+alias_maps = hash:@@SYSCONFDIR@@/postfix/aliases
+alias_database = $alias_maps
+smtpd_sender_login_maps = proxy:pgsql:@@SYSCONFDIR@@/postfix/pgsql-users.cf
+local_recipient_maps = $smtpd_sender_login_maps $alias_maps
+header_checks = regexp:@@SYSCONFDIR@@/postfix/header_checks
+
+biff = no
+append_dot_mydomain = no
+delay_warning_time = 1h
+mailbox_size_limit = 0
+recipient_delimiter = +
+notify_classes = resource, software, bounce
+smtpd_helo_required = yes
+smtpd_delay_reject = yes
+
+# SMTP TLS
+smtp_tls_CApath = /etc/ssl/certs
+smtp_tls_security_level = may
+smtp_tls_note_starttls_offer = yes
+
+smtpd_tls_cert_file = @@SYSCONFDIR@@/@@LETSENCRYPT_DOMAIN_PART@@/fullchain.pem
+smtpd_tls_key_file = @@SYSCONFDIR@@/@@LETSENCRYPT_DOMAIN_PART@@/privkey.pem
+smtpd_tls_security_level = may
+smtpd_tls_protocols = !SSLv2, !SSLv3
+
+# Restrictions
+smtpd_sender_restrictions    = reject_known_sender_login_mismatch,
+                               permit_sasl_authenticated,
+                               check_sender_access inline:{{$myorigin=553 not logged in}},
+                               reject_invalid_helo_hostname,
+                               reject_unknown_sender_domain
+smtpd_relay_restrictions     = permit_sasl_authenticated,
+				permit_mynetworks,
+                               reject_unauth_destination
+smtpd_recipient_restrictions = permit_sasl_authenticated,
+				permit_mynetworks,
+				reject_unauth_destination
+smtpd_data_restrictions      = reject_unauth_pipelining
+smtpd_helo_restrictions      = reject_invalid_helo_hostname
+
+# Dovecot auth
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = unix:/var/run/dovecot/auth
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain = $myorigin
+
+# Dovecot LMTP
+mailbox_transport = lmtp:unix:/var/run/dovecot/lmtp
+
+# Rspamd
+milter_protocol = 6
+milter_default_action = accept
+smtpd_milters = inet:localhost:11332
+non_smtpd_milters = $smtpd_milters
+allow_mail_to_commands = alias,forward,include

etc/postfix/pgsql-users.cf

@@ -0,0 +1,6 @@
+hosts = localhost:5432
+dbname = mail
+user = postfix
+password = %%POSTFIX_PASSWORD%%
+query = SELECT userid FROM users WHERE userid = '%u' AND active = '1'
+domain = %%DOMAIN%%

etc/rspamd/local.d/dkim_signing.conf

@@ -0,0 +1,2 @@
+# $YakumoLabs$
+enabled = true;

sql/postgresql.sql

@@ -0,0 +1,15 @@
+CREATE DATABASE mail OWNER postgres;
+CREATE ROLE dovecot PASSWORD '%%DOVECOT_PASSWORD%%';
+CREATE ROLE postfix PASSWORD '%%POSTFIX_PASSWORD%%';
+
+\c mail;
+CREATE TABLE users (
+	userid VARCHAR(128) NOT NULL,
+	password VARCHAR(128) NOT NULL,
+	active boolean NOT NULL,
+	PRIMARY KEY (userid),
+	UNIQUE (userid)
+);
+\c postgres;
+GRANT SELECT ON TABLE users TO dovecot;
+GRANT SELECT ON TABLE users TO postfix;

sql/sqlite.sql

@@ -0,0 +1,5 @@
+CREATE TABLE IF NOT EXISTS users (
+	userid text,
+	password text,
+	active boolean
+);