aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

postfix: enable X25519MLKEM768 key exchange

Browse Source 
This migrates the key exchange curve group configuration into the OpenSSL
configuration format, which is the only path forward to configure these.

We now prefer a hybrid key exchange for TLS handshake and as a client
we'll send key shares for that and pure X25519, while keeping backwards-
compat for P256 and P384.

The statistics for my personal mail server over the last month show a
clear trend for X25519 key exchanges:

    156 secp384r1
    225 secp256r1
    19541 x25519
This commit is contained in:
Martin Weinelt
2025-11-09 19:44:25 +01:00
parent e3ee0fcceb
commit a1532a552f
2 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/release-notes.rst
View File

@@ -16,6 +16,8 @@ NixOS 25.11
instead. If you still require this feature you can reenable it using instead. If you still require this feature you can reenable it using
``mailserver.enableImap``, but it is scheduled for removal after the 25.11 ``mailserver.enableImap``, but it is scheduled for removal after the 25.11
release. release.
- SMTP server and client now support and prefer a hybrid key exchange
(X25519MLKEM768)
- SMTP access over STARTTLS on port ``587/tcp`` is now default disabled in line - SMTP access over STARTTLS on port ``587/tcp`` is now default disabled in line
with `RFC 8314 3.3`_. If you still require this feature you can renable it using with `RFC 8314 3.3`_. If you still require this feature you can renable it using
``mailserver.enableSubmission``. ``mailserver.enableSubmission``.

30
mail-server/postfix.nix
View File

@@ -35,6 +35,8 @@ let
inherit (lib.strings) concatStringsSep; inherit (lib.strings) concatStringsSep;
cfg = config.mailserver; cfg = config.mailserver;
iniFormat = pkgs.formats.iniWithGlobalSection { };
# Merge several lookup tables. A lookup table is a attribute set where # Merge several lookup tables. A lookup table is a attribute set where
# - the key is an address (user@example.com) or a domain (@example.com) # - the key is an address (user@example.com) or a domain (@example.com)
# - the value is a list of addresses # - the value is a list of addresses
@@ -386,15 +388,29 @@ in
# Restrict and prioritize the following curves in the given order # Restrict and prioritize the following curves in the given order
# Excludes curves that have no widespread support, so we don't bloat the handshake needlessly. # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.
# https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
# https://ssl-config.mozilla.org/#server=postfix&version=3.10&config=intermediate&openssl=3.4.1&guideline=5.7 tls_config_file =
tls_eecdh_auto_curves = [ let
"X25519" mkGroupString = groups: concatStringsSep " / " (map (concatStringsSep ":") groups);
"prime256v1" in
"secp384r1" "${iniFormat.generate "postfix-openssl.cnf" {
globalSection.postfix = "postfix_settings";
sections = {
postfix_settings.ssl_conf = "postfix_ssl_settings";
postfix_ssl_settings.system_default = "baseline_postfix_settings";
baseline_postfix_settings.Groups = mkGroupString [
[ "*X25519MLKEM768" ]
[ "*X25519" ]
[
"P-256"
"P-384"
]
]; ];
};
}}";
tls_config_name = "postfix";
# Disable FFDHE on TLSv1.3 because it is slower than elliptic curves # Algorithm selection happens through `tls_config_file` instead.
# https://www.postfix.org/postconf.5.html#tls_ffdhe_auto_groups tls_eecdh_auto_curves = [ ];
tls_ffdhe_auto_groups = [ ]; tls_ffdhe_auto_groups = [ ];
# As long as all cipher suites are considered safe, let the client use its preferred cipher # As long as all cipher suites are considered safe, let the client use its preferred cipher