aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disable plaintext access per RFC 8314

Browse Source 
This deprecates the `enableImap` and `enablePop` options and opens them
up for future removal.
This commit is contained in:
Martin Weinelt
2025-09-22 03:45:22 +02:00
parent b49ae46f22
commit 54f37811dd
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
default.nix
View File

@@ -851,9 +851,11 @@ in
enableImap = mkOption { enableImap = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = '' description = ''
Whether to enable IMAP with STARTTLS on port 143. Whether to enable IMAP with STARTTLS on port 143.
The use of this port is deprecated per RFC 8314 4.1.
''; '';
}; };
@@ -894,6 +896,8 @@ in
default = false; default = false;
description = '' description = ''
Whether to enable POP3 with STARTTLS on port on port 110. Whether to enable POP3 with STARTTLS on port on port 110.
The use of this port is deprecated per RFC 8314 4.1.
''; '';
}; };

6
docs/release-notes.rst
View File

@@ -13,8 +13,14 @@ NixOS 25.11
1024 bit keys should not be considered valid any longer. 1024 bit keys should not be considered valid any longer.
- DMARC reports are now sent with the ``noreply-dmarc`` localpart from the - DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
system domain. system domain.
- IMAP access over port ``143/tcp`` is now default disabled in line with
`RFC 8314 4.1`_. Use IMAP over implicit TLS on port ``993/tcp`` instead.
If you still require this feature you can reenable it using
``mailserver.enableImap``, but it is scheduled for removal after the 25.11
release.
.. _RFC 8301 3.2: https://www.rfc-editor.org/rfc/rfc8301#section-3.2 .. _RFC 8301 3.2: https://www.rfc-editor.org/rfc/rfc8301#section-3.2
.. _RFC 8314 4.1: https://www.rfc-editor.org/rfc/rfc8314#section-4.1
NixOS 25.05 NixOS 25.05
----------- -----------