Forked repo to test stuff on
Find a file
Martin Weinelt fac7efe946
postfix: Support opportunistic DANE TLS
This migrates the security level for outgoing SMTP connections to
dane[1]. Either a server is configured for DANE or it now uses mandatory
unauthenticated TLS.

If DANE validation fails, the delivery will be tempfailed.

If DANE is invalid or unusable the connection will fall back to
unauthenticated mandatory TLS

This has been the default in various mail distributions:
- Mailcow since December 2016[2]
- mailinabox since July 2014[3]

[1] https://www.postfix.org/TLS_README.html#client_tls_dane
[2] 47a5166383
[3] e713af5f5a
2025-05-07 02:23:32 +02:00
.hydra Increase the evaluation periodicity from 30s to 5m 2025-02-09 18:14:30 +01:00
docs docs/release-notes: advertise mailserver.forwards with ldap 2025-05-06 05:32:59 +02:00
mail-server postfix: Support opportunistic DANE TLS 2025-05-07 02:23:32 +02:00
nixops add flake support 2020-12-15 16:14:44 +01:00
scripts tests: make the emails sent by mail-check.py look less like spam 2024-11-23 23:51:49 +01:00
tests assertions: Allow mailserver.forwards with LDAP set up 2025-05-06 05:32:45 +02:00
.editorconfig Remove makefile section from editorconfig 2017-11-11 09:47:25 +00:00
.gitignore add gitignore file for result links 2017-12-21 11:55:22 +01:00
.gitlab-ci.yml ci: update to nixos-24.11 2025-04-23 16:02:07 +02:00
.readthedocs.yaml docs: drop options.md from the repository 2022-12-22 20:45:03 +01:00
default.nix Use rspamd for DKIM signing, drop OpenDKIM 2025-05-06 01:05:10 +02:00
flake.lock Release 24.11 2024-12-22 16:20:47 +00:00
flake.nix Release 24.11 2024-12-22 16:20:47 +00:00
LICENSE Initial commit 2016-07-21 18:09:04 +02:00
README.md README: Add automatic client configuration support to the roadmap 2025-05-06 03:37:23 +02:00
shell.nix docs: use MarkDown for option docs 2022-12-22 20:45:01 +01:00

Simple Nixos MailServer

license pipeline status

Release branches

For each NixOS release, we publish a branch. You then have to use the SNM branch corresponding to your NixOS version.

Features

  • Continous Integration Testing
  • Multiple Domains
  • Postfix
    • SMTP on port 25
    • Submission TLS on port 465
    • Submission StartTLS on port 587
    • LMTP with Dovecot
  • Dovecot
    • Maildir folders
    • IMAP with TLS on port 993
    • POP3 with TLS on port 995
    • IMAP with StartTLS on port 143
    • POP3 with StartTLS on port 110
  • Certificates
    • ACME
    • Custom certificates
  • Spam Filtering
    • Via Rspamd
  • Virus Scanning
    • Via ClamAV
  • DKIM Signing
    • Via Rspamd
  • User Management
    • Declarative user management
    • Declarative password management
    • LDAP users
  • Sieve
    • Allow user defined sieve scripts
    • Moving mails from/to junk trains the Bayes filter
    • ManageSieve support
  • User Aliases
    • Regular aliases
    • Catch all aliases

In the future

  • Automatic client configuration
  • DKIM Signing
    • Allow per domain selectors
    • Allow passing DKIM signing keys
  • Improve the Forwarding Experience
  • User management
    • Allow local and LDAP user to coexist
  • OpenID Connect
    • Depends on relevant clients adding support, e.g. Thunderbird

Get in touch

How to Set Up a 10/10 Mail Server Guide

Check out the Setup Guide in the project's documentation.

For a complete list of options, see in readthedocs.

Development

See the How to Develop SNM documentation page.

Contributors

See the contributor tab

Alternative Implementations

Credits