aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'disable-plain-access' into 'master'

Browse Source 
Disable plaintext access per RFC 8314

See merge request simple-nixos-mailserver/nixos-mailserver!446
This commit is contained in:
Martin Weinelt
2025-09-22 13:19:49 +00:00
parent b49ae46f22 54f37811dd
commit c709476ac5
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
default.nix
View File

@@ -851,9 +851,11 @@ in
enableImap = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Whether to enable IMAP with STARTTLS on port 143.
The use of this port is deprecated per RFC 8314 4.1.
'';
};
@@ -894,6 +896,8 @@ in
default = false;
description = ''
Whether to enable POP3 with STARTTLS on port on port 110.
The use of this port is deprecated per RFC 8314 4.1.
'';
};

6
docs/release-notes.rst
View File

@@ -13,8 +13,14 @@ NixOS 25.11
1024 bit keys should not be considered valid any longer.
- DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
system domain.
- IMAP access over port ``143/tcp`` is now default disabled in line with
`RFC 8314 4.1`_. Use IMAP over implicit TLS on port ``993/tcp`` instead.
If you still require this feature you can reenable it using
``mailserver.enableImap``, but it is scheduled for removal after the 25.11
release.
.. _RFC 8301 3.2: https://www.rfc-editor.org/rfc/rfc8301#section-3.2
.. _RFC 8314 4.1: https://www.rfc-editor.org/rfc/rfc8314#section-4.1
NixOS 25.05
-----------