mail: don't forbid non-tls connections

This commit is contained in:
Rouven Seifert 2024-09-22 23:34:52 +02:00
parent ec5f15946e
commit f5cf94d257
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09

View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, ... }:
let
domain = config.networking.domain;
hostname = "mail.${config.networking.domain}";
@ -44,9 +44,8 @@ in
# hostname used in helo command. It is recommended to have this match the reverse dns entry
smtp_helo_name = config.networking.rDNS;
smtpd_banner = "${config.networking.rDNS} ESMTP $mail_name";
# allow non-tls connections for server-to-server communication
smtp_tls_security_level = "may";
smtpd_tls_security_level = lib.mkForce "encrypt";
smtpd_tls_security_level = "may";
smtpd_tls_auth_only = true;
smtpd_tls_protocols = [
"!SSLv2"