mail: don't forbid non-tls connections
This commit is contained in:
parent
ec5f15946e
commit
f5cf94d257
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
domain = config.networking.domain;
|
||||
hostname = "mail.${config.networking.domain}";
|
||||
|
@ -44,9 +44,8 @@ in
|
|||
# hostname used in helo command. It is recommended to have this match the reverse dns entry
|
||||
smtp_helo_name = config.networking.rDNS;
|
||||
smtpd_banner = "${config.networking.rDNS} ESMTP $mail_name";
|
||||
# allow non-tls connections for server-to-server communication
|
||||
smtp_tls_security_level = "may";
|
||||
smtpd_tls_security_level = lib.mkForce "encrypt";
|
||||
smtpd_tls_security_level = "may";
|
||||
smtpd_tls_auth_only = true;
|
||||
smtpd_tls_protocols = [
|
||||
"!SSLv2"
|
||||
|
|
Loading…
Reference in a new issue