mail: don't forbid non-tls connections

2024-09-22 23:34:52 +02:00 · 2024-09-22 23:34:52 +02:00 · f5cf94d257
parent ec5f15946e
commit f5cf94d257
1 changed files with 2 additions and 3 deletions
--- a/modules/mail/postfix.nix
+++ b/modules/mail/postfix.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
  domain = config.networking.domain;
  hostname = "mail.${config.networking.domain}";
@ -44,9 +44,8 @@ in
        # hostname used in helo command. It is recommended to have this match the reverse dns entry
        smtp_helo_name = config.networking.rDNS;
        smtpd_banner = "${config.networking.rDNS} ESMTP $mail_name";
-        # allow non-tls connections for server-to-server communication
        smtp_tls_security_level = "may";
-        smtpd_tls_security_level = lib.mkForce "encrypt";
+        smtpd_tls_security_level = "may";
        smtpd_tls_auth_only = true;
        smtpd_tls_protocols = [
          "!SSLv2"