From f77f8848301bd0eaf742f177771554f6ce942bb9 Mon Sep 17 00:00:00 2001
From: ene <ene@sils.li>
Date: Sat, 18 Mar 2023 16:27:54 +0100
Subject: Fix(system/mail): Disable protocols with STARTTLS

This is inherently unsafe because it requires an unencrypted handshake.
Considering that all protocols also work directly with TLS i.e., the
encrypted variant, disabling this shouldn't be a drawback.
---
 system/mail/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/system/mail/default.nix b/system/mail/default.nix
index b09f8f1..6fe82fd 100644
--- a/system/mail/default.nix
+++ b/system/mail/default.nix
@@ -4,6 +4,14 @@
   fqdn = "server1.vhack.eu";
   domains = ["vhack.eu"];
 
+  enableImap = false;
+  enableImapSsl = true;
+  enablePop3 = false;
+  enablePop3Ssl = true;
+  # SMTP
+  enableSubmission = false;
+  enableSubmissionSsl = true;
+
   mailDirectory = "/srv/mail/vmail";
   dkimKeyDirectory = "/srv/mail/dkim";
   backup.snapshotRoot = "/srv/mail/backup";
-- 
cgit 1.4.1