thary/sp-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: make postfix use modern TLS

Browse Source
This commit is contained in:
nhnn
2025-03-20 12:32:43 +03:00
committed by Inex Code
parent b51561ef01
commit 085654a506
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
sp-modules/simple-nixos-mailserver/config.nix
View File

@@ -56,6 +56,14 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
users.groups.acmereceivers.members = [ "dovecot2" "postfix" "virtualMail" ]; users.groups.acmereceivers.members = [ "dovecot2" "postfix" "virtualMail" ];
services.postfix = {
config.smtpd_tls_security_level = lib.mkForce "required";
config.smtpd_tls_protocols = lib.mkForce "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
config.smtp_tls_protocols = lib.mkForce "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
config.smtpd_tls_mandatory_protocols = lib.mkForce "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
config.smtp_tls_mandatory_protocols = lib.mkForce "TLSv1.3, TLSv1.2, TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
};
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = sp.domain; fqdn = sp.domain;