summary refs log tree commit diff stats
path: root/system/mail/default.nix (follow)
Commit message (Collapse)AuthorAge
* Refactor(system/mail): Hide user emailsSoispha2023-05-20
|
* Fix(system/mail): Allow opening ports in the firewallene2023-04-07
| | | | | | | | | | | As the previous configuration only opened some ports, receiving mail was impossible. This allows NSM to open the required ports directly, ensuring that none was missed. SECURITY: As all other options than SSL are still disabled, this change should not introduce unencrypted mail transfer. This has not been tested.
* Fix(acme): Store certs permanently.sils2023-03-20
| | | | | Before, new certs were requested at every rebuild. This caused issues due to letsencrypt ratelimiting.
* Revert "Fix(system/mail): Change placeholder"sils2023-03-20
| | | | | | This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58. It may be a security-risk, but I care much more about a running mailserver for now.
* Fix(system/mail): Change placeholderene2023-03-20
| | | | The old one, could have exposed a weak hash.
* Fix(system/mail): Only accept connections on safe portsene2023-03-19
| | | | | It is sort of standard to ignore connections over the unencrypted port 25, thus we are doing the same.
* Feat(system/mail): Add other users, so the admin thing worksene2023-03-18
|
* Style(system/mail): Reorder optionsene2023-03-18
| | | | I just think this is easier to read.
* Feat(system/mail): Use '/' to separate mailboxesene2023-03-18
| | | | | This is something that just makes the file system easier to traverse, but isn't really necessary.
* Fix(system/mail): Declare the password directlyene2023-03-18
| | | | | | As outlined in commit 19f0808, placing a password hash in the world readable nix-store is perfectly safe as long as the hashing function is not reversible, which should be a necessity for a password hash.
* Fix(system/mail): Make extraVirtualAliases fairerene2023-03-18
|
* Fix(system/mail): Disable protocols with STARTTLSene2023-03-18
| | | | | | This is inherently unsafe because it requires an unencrypted handshake. Considering that all protocols also work directly with TLS i.e., the encrypted variant, disabling this shouldn't be a drawback.
* Refactor: Use better file layoutene2023-03-18