I donât see any entry for the smtp_sasl_password_maps in the /etc/postfix/main.cf
Here is my current config if it helps:
Also.
I have sops working ok, but I thought that postfix accepts only a hashed password file (sasl_passwd.db) that is created from the clear text sasl_passwd file running an extra command (postman). I can not store the sasl_passwd.db in binary, in sops secrets.
Sorry If I am missing something. I am not familiar with postfix, I just needed, so my systems can send notification to my email.
@thanasisn leaving a quick note because I came across this thread while trying to figure out the same thing!
The trick is to use services.postfix.mapFiles since those entries will automatically call postmap on them. Assuming that the sops secret is accessible by the postfix user (I use age-nix and I tweaked the secret to be readable by postfix) youâd need something like:
services.postfix = {
enable = true;
mapFiles.mycreds = config.sops.secrets.postfix_sasl_passwd.path;
config = {
# NB: mapFiles will put things in /var/lib/postfix/conf/<name>
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/mycreds";
};
};
Hope this is useful to anyone else confused like I was!
Doesnât work, unfortunately. âpostmapâ is run as the âpostfixâ user, and /var/lib/postfix/conf is owned by root. With your suggested configuration I get:
Nov 28 13:05:38 myserver systemd[1]: Starting Setup for Postfix mail server...
Nov 28 13:05:38 myserver postfix-setup-start[472236]: postmap: fatal: open database /var/lib/postfix/conf/sasl_passwd.db: Permission denied
Nov 28 13:05:38 myserver postfix/postmap[472236]: fatal: open database /var/lib/postfix/conf/sasl_passwd.db: Permission denied
Nov 28 13:05:39 myserver systemd[1]: postfix-setup.service: Main process exited, code=exited, status=1/FAILURE
Which is strange, because then how the heck is the âmapFilesâ attribute supposed to ever workâŚ
I try it, but I can not make it to work.
The clear text file exist but the /var/lib/postfix/conf/mycreds.db is not created, and all files are owned by root as @Hubro said.
Has anybody a complete postfix configuration of gmail?
This is the last thing I need to migrate to nixos.
I got:
ec 06 16:42:23 nixVM postfix-setup-start[10230]: postalias: warning: /etc/postfix/main.cf, line 32: overriding earlier entr>
Dec 06 16:42:23 nixVM postfix/postalias[10230]: warning: /etc/postfix/main.cf, line 32: overriding earlier entry: alias_maps>
Dec 06 16:42:23 nixVM postfix-setup-start[10232]: postmap: warning: /etc/postfix/main.cf, line 32: overriding earlier entry:>
Dec 06 16:42:23 nixVM postfix/postmap[10232]: warning: /etc/postfix/main.cf, line 32: overriding earlier entry: alias_maps=h>
Dec 06 16:42:23 nixVM postfix-setup-start[10232]: postmap: fatal: open database /var/lib/postfix/conf/mycreds.db: Permission>
Dec 06 16:42:23 nixVM postfix/postmap[10232]: fatal: open database /var/lib/postfix/conf/mycreds.db: Permission denied
Dec 06 16:42:24 nixVM systemd[1]: postfix-setup.service: Main process exited, code=exited, status=1/FAILUR
Seems you just gotta let the secret be owned by root. It seems like âpostmapâ is run as whatever user owns the file, so if the file is owned by the postfix user then postmap wonât be allowed to create the hashed file.
Thank you for this discussion. Iâve created Postfix for Gmail - NixOS Wiki with what I used (mostly based on @nordewalâs last post). Feel free to improve it.