chore(os/kay/mail): init noreply

author: sinanmohd <sinan@sinanmohd.com> 2025-12-27 09:17:51 +0530
committer: sinanmohd <sinan@sinanmohd.com> 2025-12-27 09:22:29 +0530
commit: 52a1db773e5e5d8bc0a803f537ef074c63a84b54 (patch)
tree: 7cd7371a9ecbcee1572229d1d53cfdc1ac15c75a
parent: 5b32b947de3ac1adb4317e9c92094d67561d1230 (diff)
2 files changed, 26 insertions, 8 deletions
diff --git a/os/kay/modules/services/mail/default.nix b/os/kay/modules/services/mail/default.nix
index 01f44bb..7838801 100644
--- a/os/kay/modules/services/mail/default.nix
+++ b/os/kay/modules/services/mail/default.nix
@@ -22,11 +22,13 @@ in
   sops.secrets = {
     "mail.${domain}/dkim_rsa".sopsFile = ./secrets.yaml;
     "mail.${domain}/dkim_ed25519".sopsFile = ./secrets.yaml;
-    "mail.${domain}/password".sopsFile = ./secrets.yaml;
+    "mail.${domain}/password/admin".sopsFile = ./secrets.yaml;
+    "mail.${domain}/password/noreply".sopsFile = ./secrets.yaml;
   };
 
   systemd.services.stalwart-mail.serviceConfig.LoadCredential = [
-    "password:${config.sops.secrets."mail.${domain}/password".path}"
+    "password_admin:${config.sops.secrets."mail.${domain}/password/admin".path}"
+    "password_noreply:${config.sops.secrets."mail.${domain}/password/noreply".path}"
 
     "dkim_rsa:${config.sops.secrets."mail.${domain}/dkim_rsa".path}"
     "dkim_ed25519:${config.sops.secrets."mail.${domain}/dkim_ed25519".path}"
@@ -151,23 +153,37 @@ in
 
       directory."memory" = {
         type = "memory";
-
         principals = [
           {
             class = "admin";
             name = "${username}@${domain}";
-            secret = "%{file:${credentials_directory}/password}%";
+            secret = "%{file:${credentials_directory}/password_admin}%";
             inherit email;
           }
           {
+            class = "individual";
+            name = "no-reply@${domain}";
+            secret = "%{file:${credentials_directory}/password_noreply}%";
+            email = [ "no-reply@${domain}" ];
+          }
+          {
             # for mta-sts & dmarc reports
             class = "individual";
             name = "reports@${domain}";
-            secret = "%{file:${credentials_directory}/password}%";
+            secret = "%{file:${credentials_directory}/password_admin}%";
             email = [ "reports@${domain}" ];
           }
         ];
       };
+
+      sieve.trusted.scripts.noreply_reject_ingress.contents = ''
+        require ["envelope", "reject"];
+
+        if envelope :localpart :is "to" "no-reply" {
+            reject "550 This is a no-reply address";
+            stop;
+        }
+      '';
     };
   };
 }
diff --git a/os/kay/modules/services/mail/secrets.yaml b/os/kay/modules/services/mail/secrets.yaml
index e3b4c5d..e2dee47 100644
--- a/os/kay/modules/services/mail/secrets.yaml
+++ b/os/kay/modules/services/mail/secrets.yaml
@@ -1,7 +1,9 @@
 mail.sinanmohd.com:
     dkim_rsa: ENC[AES256_GCM,data:i1UuddRDoIxa+4rHq9v86gY7BSxWkL6F+WOTwrgLeMwmNkCzoko4X8RjlbPKLpqAD4ZOBCet+d6cnGdNjjaaubKD/RdUOqo90fpuyxDnMe7sOGY5iL19CpeK2ksTVBHGAyX61/qBXJwvUT/qFY5BKDqx3h/9FQu5miNzCyHihqiFmjxQ+F5SvnQ9zCU+Lgn8saPcSUA79mUFNyzzCoMExnoMNQXMPtnqdc3cOeTE3w3/0H//LH2auTgGB/BW+/wflDNGk9kpiNO2ElzHfaU7RR22dw8/cfcedU7VnABZngtUu115WlIi2WkDT4ChF+noZHJQhdMn64SpmDRMVsL04LBZpMWShGvBzBg8ypioBl8ze+OLdel/hnizYjL8dV+/Bp3CM8muGA26H9Et6LDZjP5kSvMU585+lvGFABMBPrJTkHuHykU5mL7vTf9YGuCqqvYRqZ8pbvQxmlNS9722278Jq5URinVcQoojzqfqTFJUFHcQMt4/mByxJgaylzsZKYDlQkwNvIp4hoFu8VEyJbdZbJ/xusiQ5PEPw74UaUCxxTuNPYPNnuVjRB2zE5m9qe0uBwyZHJ/gZqpOvzAmVeqxOL4HlliIcqD697oN+m7RCTw5MIeLHNCf0/e7x6pTS8XhYAlZq6hzXK9InEexojwqLCIE/G2W2yhK05+7RdyB498rxQEb/fGIjtrQ/zqOnUpzsVzXAtzI2DWHpy805CWfeouhpbQdRdl4MPNjWhCOXYWsuI/FKtfPNMXpO0OoNEK8WENRKRMQjIO62tMZ4FjYVEB9wJzulmBf5FrMeZs9GsPbk+rhonCOrIPECUe4tUfJ3Epp1JeVqJfyuG6XA8OpfUi91lRWk9qofjZDiHr03oPXk3+KUU+na9k5kJ5AboCTvRFRNTCTD92P1rYMgkFVQX931ByC5tUi4Rjc90NGpy6/uxgxElVkjwa+uRA35gWbth93w5ETYfsa5w6N+Qnh1xqQ+kSQBGkMeTl7AcGkJYimfGAETJJBSatruWGj8cIMP0zof6e+Fb/pv0qzBPB9y1u5NM9A68bJdNQGu+vyBBklsNvm8dBFOKcMXvdHsrvH+Tx2gDzeIWhS7ptcSahjpzIIX2SR5c0JC6tR+gYE1uoqjCFYX87NY6jD+fHWVMi2qbO1iaaiOCo+Gs6ndiPheQnRbEtJVDlrMwogwv19DBFuWQjQ7J3Z940aX+aj7mfXfMAusyKMSx96rCLiT2+/3bS/mcj9KEptzQPQxHv+7qDELKNAhb2U2gz/bjQVKfWMmbF6lCFH+nBahJh1xXWo5gnVjGb4ABwhr8NhaFuMP4HUwvI50CWNHLGjbWGdkNgl6osmvDnmyX5BEzcnbsA8Jb07qOKWt9TlqtDlKVpbmBd1bxKrxIIjPHLuW9ccQdD/NI1fnVL8MPpHAgWQa26oTbV80IlATeQUtklzwfVR1o32ZYRXxkP3XJsTNHMUAKRWiMtLp/A1GnqPncgW7if/VUp2T4BsPgV/3/lqYuZKfmqvTLOvOsivdvsexbEp6lReoIyrq3CwaqqbvJzt4OJaLU26KQIbUuH419s5HcEfB6dFZ7+t5SiqNBnKD6Qv45wmVdu/LUu3fxm6CKLgTRWss/m/M43IXvca3mkCNyCjwiXkZ3yxu/NHTyzjYPw0Kzdeci7dplz+VVS8kBoqCUZbVoK7WVrBM/7QcxnlsCAf4PaFpr4uGvcWF8jj8jz6Il4iipwsyA9353MO0wLfBhrLofWUhBaiCxvtBr4GIninWuZW/DW+O7Rfzr0SDXQgn1l991S/1RpPw8RTICj/NBuVVht7rxo/CG1l/zBXQ6Zd45mfP7i4lmPZLtUajqm3I4DUUGVDsn434cc4xGcftj5XoRP2Zc73sTJ0tru1XdM2g8Tscd7O4b6thf+iA6CgzbsFejFjL5W/t1ePzqnK8sZ2gDFTt/YqmdBuyIjn1nrYBrGLQMb4x4Ujbzd/JWiQwV0rzbVlUXUznpHW4PINxf5eHXuM08RTkougDCe//XBdsmQ8TVl0mLbKLJ1xLOaFtCf2fMBf5MWK9v8pQbSCB2u/M7UTS4y4QA9fzvGxZarwC9NTRAjFDNtuw6bhea2h+2zs2A5XV8otE0pF3sau/ZaNrYPBNDF1fQycJIY81k/o8SPUTTBavV9CCuZnpMFFtf1AzjI3s3dIWsbGApnOFlRCNFVDTpAHZR7GTIC15NQyjEzijN+Hsh3htm2pSH1BH0skFqLA+7WHPDOnGd0x6rxtViPMIug=,iv:W8YAldq0KjrNe7WhGSUNI2+bq2CJrLhq+XPQVR9QsBo=,tag:LRfmBBFuFR8QR8pCj8OzSw==,type:str]
     dkim_ed25519: ENC[AES256_GCM,data:gmI789Z7c9QZMRWOD300cDw0vLNLv4VMhV2jF4M/1roraLqKE/2cA4qv9i8qFmBMJjsq3iUKJBUJ+tBLsUkIR9UnwplQDjAyNaMZsxg0eT3HyssUZ2w2Dnd+EdJb+n/fGwsezHizYORz5qVU/ZUuSiCtuE4LEg==,iv:eAmJgIu++veapN1M3sYkYPAMP8CROFWdDIBmkXuzofw=,tag:hkCDPDDCBxE7DXSuSBFsGg==,type:str]
-    password: ENC[AES256_GCM,data:LJi8+a1dGus+XLt3k/K/3Mb0tNUJj7HDpPdqfYhU,iv:Iurz9YegxJ/coDQ6PbezeSni2DWYzpzlju6mJ90WLe8=,tag:2HgYlwDGqaklpdc+LOA0bQ==,type:str]
+    password:
+        admin: ENC[AES256_GCM,data:g3trECMERFDilTfUjkGp5u83f3HsstfAnRI9V8R6,iv:qNs9Yt5CcZib20xZFACN76lMeQ6BqiQoOvi3/ILqIog=,tag:/gfnfw+ht2J8E4Dg33oK2w==,type:str]
+        noreply: ENC[AES256_GCM,data:0fslUDX7t8s+xkQVw/IacsmU59tzmHCWKTRvFG1YIpk=,iv:053B9GXdHc1xWRpAcmULMXWuIW/n+XNi8Iqbsc931LI=,tag:87YqBmntu5/ja04oW8vuGg==,type:str]
 sops:
     age:
         - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
@@ -22,7 +24,7 @@ sops:
             enJZVFAxdEprdTVzbC8yWGJyWnFNREkK3/OgnLjS/sj4MzZPLH3QhEWd6WKiu4nM
             wRNvhl7nDe1IwLoHbNSqTwEkalyEA3yIVlst3KyEpKb5q9H2+avqAQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-27T03:23:15Z"
-    mac: ENC[AES256_GCM,data:vlks8inOi7qmCKmx1SsCf1ipbwMNFfHsJGny4YGCUr+GWvvtdsLXsf8+AGUfoDa/2fBp7Wv2h1HIx1QY1JX3JgzKoyjEa1rRczJyWW9C/sR5UjyjUa0/t1MNMB7X1l9GGZObDQj9lrWm1e9JUIR6+63mESeykUzh3Wt8qhEgBAo=,iv:l1JWmFqR3lvsyYbPzHzCT6/Yj5qAvMv18jhhXdh2Ex4=,tag:JgXSqfeFVHzg5SeP/5bE+g==,type:str]
+    lastmodified: "2025-12-27T03:41:02Z"
+    mac: ENC[AES256_GCM,data:UFyN6ZIwX55mLnnamYyaxD+3Bg1ib12xfqp8nADPL/42f+moYKcI/hrqEVliMSvQMCDfsjELxOcmWSoQQcduvx4WNS3cF05sFuVL8LhAA98gVURERh86OlRkKBrTYIUExGTP4cocqBibuo1zoHEMnz9aJLeqwy868SH0gTzTAyM=,iv:ndsJysYLhYz2f5ZHaaP7vgVLJHTB/WsBNqoGTbBIghE=,tag:fWU94w4qKmbzPklKPXJQUQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0
author	sinanmohd <sinan@sinanmohd.com>	2025-12-27 09:17:51 +0530
committer	sinanmohd <sinan@sinanmohd.com>	2025-12-27 09:22:29 +0530
commit	52a1db773e5e5d8bc0a803f537ef074c63a84b54 (patch)
tree	7cd7371a9ecbcee1572229d1d53cfdc1ac15c75a
parent	5b32b947de3ac1adb4317e9c92094d67561d1230 (diff)