diff options
author | ene <ene@sils.li> | 2023-03-19 17:43:26 +0100 |
---|---|---|
committer | ene <ene@sils.li> | 2023-03-19 17:43:26 +0100 |
commit | 083a7cbb9623c90468c887203bf95adc5f2e3201 (patch) | |
tree | b2354f50502ac44dff6e3c70235a24bc870fb99e /system/mail/default.nix | |
parent | Feat(system/mail): Add other users, so the admin thing works (diff) | |
download | nixos-server-083a7cbb9623c90468c887203bf95adc5f2e3201.tar.gz nixos-server-083a7cbb9623c90468c887203bf95adc5f2e3201.zip |
Fix(system/mail): Only accept connections on safe ports
It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
Diffstat (limited to '')
-rw-r--r-- | system/mail/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/system/mail/default.nix b/system/mail/default.nix index 8eaa53b..7102958 100644 --- a/system/mail/default.nix +++ b/system/mail/default.nix @@ -30,13 +30,11 @@ in { "admin@vhack.eu" = all_admins; }; - mailDirectory = "/srv/mail/vmail"; dkimKeyDirectory = "/srv/mail/dkim"; sieveDirectory = "/srv/mail/sieve"; backup.snapshotRoot = "/srv/mail/backup"; - enableImap = false; enableImapSsl = true; enablePop3 = false; @@ -44,8 +42,10 @@ in { # SMTP enableSubmission = false; enableSubmissionSsl = true; + openFirewall = false; # handled below keyFile = "/var/lib/acme/server1.vhack.eu/key.pem"; certificateScheme = 1; certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem"; + } |