diff options
| author | ene <ene@sils.li> | 2023-03-18 16:27:54 +0100 |
|---|---|---|
| committer | ene <ene@sils.li> | 2023-03-18 16:50:20 +0100 |
| commit | f77f8848301bd0eaf742f177771554f6ce942bb9 (patch) | |
| tree | c06d92a995b6542c93dfb1affd76666bab7045f3 | |
| parent | Chore(flake): Update (diff) | |
| download | nixos-server-f77f8848301bd0eaf742f177771554f6ce942bb9.tar.gz nixos-server-f77f8848301bd0eaf742f177771554f6ce942bb9.zip | |
Fix(system/mail): Disable protocols with STARTTLS
This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
| -rw-r--r-- | system/mail/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/system/mail/default.nix b/system/mail/default.nix index b09f8f1..6fe82fd 100644 --- a/system/mail/default.nix +++ b/system/mail/default.nix @@ -4,6 +4,14 @@ fqdn = "server1.vhack.eu"; domains = ["vhack.eu"]; + enableImap = false; + enableImapSsl = true; + enablePop3 = false; + enablePop3Ssl = true; + # SMTP + enableSubmission = false; + enableSubmissionSsl = true; + mailDirectory = "/srv/mail/vmail"; dkimKeyDirectory = "/srv/mail/dkim"; backup.snapshotRoot = "/srv/mail/backup"; |