summary refs log tree commit diff stats
path: root/system/mail/default.nix
diff options
context:
space:
mode:
authorene <ene@sils.li>2023-03-19 17:43:26 +0100
committerene <ene@sils.li>2023-03-19 17:43:26 +0100
commit083a7cbb9623c90468c887203bf95adc5f2e3201 (patch)
treeb2354f50502ac44dff6e3c70235a24bc870fb99e /system/mail/default.nix
parentFeat(system/mail): Add other users, so the admin thing works (diff)
downloadnixos-server-083a7cbb9623c90468c887203bf95adc5f2e3201.tar.gz
nixos-server-083a7cbb9623c90468c887203bf95adc5f2e3201.zip
Fix(system/mail): Only accept connections on safe ports
It is sort of standard to ignore connections over the unencrypted port
25, thus we are doing the same.
Diffstat (limited to '')
-rw-r--r--system/mail/default.nix4
1 files changed, 2 insertions, 2 deletions
diff --git a/system/mail/default.nix b/system/mail/default.nix
index 8eaa53b..7102958 100644
--- a/system/mail/default.nix
+++ b/system/mail/default.nix
@@ -30,13 +30,11 @@ in {
     "admin@vhack.eu" = all_admins;
   };
 
-
   mailDirectory = "/srv/mail/vmail";
   dkimKeyDirectory = "/srv/mail/dkim";
   sieveDirectory = "/srv/mail/sieve";
   backup.snapshotRoot = "/srv/mail/backup";
 
-
   enableImap = false;
   enableImapSsl = true;
   enablePop3 = false;
@@ -44,8 +42,10 @@ in {
   # SMTP
   enableSubmission = false;
   enableSubmissionSsl = true;
+  openFirewall = false; # handled below
 
   keyFile = "/var/lib/acme/server1.vhack.eu/key.pem";
   certificateScheme = 1;
   certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem";
+
 }