Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

postfix: rearrange smtpd_tls_chain_files option

Browse source
This commit is contained in:
Martin Weinelt 2025-06-16 06:20:15 +02:00
parent c8f809fa76
commit 6652b57dda
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
1 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
mail-server/postfix.nix
View file

@ -264,11 +264,6 @@ in
]); ]);
config = { config = {
smtpd_tls_chain_files = [
"${keyPath}"
"${certificatePath}"
];
myhostname = cfg.sendingFqdn; myhostname = cfg.sendingFqdn;
mydestination = ""; # disable local mail delivery mydestination = ""; # disable local mail delivery
recipient_delimiter = cfg.recipientDelimiter; recipient_delimiter = cfg.recipientDelimiter;
@ -297,6 +292,7 @@ in
] ]
); );
virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp"; virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
# Avoid leakage of X-Original-To, X-Delivered-To headers between recipients # Avoid leakage of X-Original-To, X-Delivered-To headers between recipients
lmtp_destination_recipient_limit = "1"; lmtp_destination_recipient_limit = "1";
@ -323,6 +319,12 @@ in
"check_policy_service unix:/run/dovecot2/quota-status" "check_policy_service unix:/run/dovecot2/quota-status"
]; ];
# The X509 private key followed by the corresponding certificate
smtpd_tls_chain_files = [
"${keyPath}"
"${certificatePath}"
];
# TLS for incoming mail is optional # TLS for incoming mail is optional
smtpd_tls_security_level = "may"; smtpd_tls_security_level = "may";