aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'disable-submission' into 'master'

Browse Source 
Disable submission with explicit STARTTLS by default

See merge request simple-nixos-mailserver/nixos-mailserver!461
This commit is contained in:
Martin Weinelt
2025-11-08 11:56:16 +00:00
parent 58659fbdfd 1337e2eece
commit cc54c4fa85
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
default.nix
View File

@@ -877,9 +877,11 @@ in
enableSubmission = mkOption {
type = types.bool;
default = true;
default = false;
description = ''
Whether to enable SMTP with STARTTLS on port 587.
The use of this port is discouraged per RFC 8314 3.3, see also Appendix A.
'';
};

14
docs/release-notes.rst
View File

@@ -11,15 +11,19 @@ NixOS 25.11
recommended in `RFC 8301 3.2`_.
We recommend rotating existing keys, as the RFC advises that signatures from
1024 bit keys should not be considered valid any longer.
- DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
system domain.
- IMAP access over port ``143/tcp`` is now default disabled in line with
`RFC 8314 4.1`_. Use IMAP over implicit TLS on port ``993/tcp`` instead.
If you still require this feature you can reenable it using
- IMAP access over port ``143/tcp`` is now default disabled in line
with `RFC 8314 4.1`_. Use IMAP over implicit TLS on port ``993/tcp``
instead. If you still require this feature you can reenable it using
``mailserver.enableImap``, but it is scheduled for removal after the 25.11
release.
- SMTP access over STARTTLS on port ``587/tcp`` is now default disabled in line
with `RFC 8314 3.3`_. If you still require this feature you can renable it using
``mailserver.enableSubmission``.
- DMARC reports are now sent with the ``noreply-dmarc`` localpart from the
system domain.
.. _RFC 8301 3.2: https://www.rfc-editor.org/rfc/rfc8301#section-3.2
.. _RFC 8314 3.3: https://www.rfc-editor.org/rfc/rfc8314#section-3.3
.. _RFC 8314 4.1: https://www.rfc-editor.org/rfc/rfc8314#section-4.1
NixOS 25.05

3
tests/lib/config.nix
View File

@@ -7,6 +7,9 @@
# Testing eval failures that result from stateVersion assertion is out of scope
mailserver.stateVersion = 999;
# Keep testing submission with explicit TLS
mailserver.enableSubmission = true;
# Enable second CPU core
virtualisation.cores = lib.mkDefault 2;