diff --git a/hosts/envoy/stalwart-mail.nix b/hosts/envoy/stalwart-mail.nix index bf36c5f..f7cff65 100644 --- a/hosts/envoy/stalwart-mail.nix +++ b/hosts/envoy/stalwart-mail.nix @@ -55,17 +55,12 @@ in enable = true; settings = let - case = field: check: value: data: { - "if" = field; - ${check} = value; - "then" = data; - }; ifthen = field: data: { "if" = field; "then" = data; }; otherwise = value: { "else" = value; }; - is-smtp = case "listener" "eq" "smtp"; + is-smtp = ifthen "listener = 'smtp'"; is-authenticated = data: { "if" = "!is_empty(authenticated_as)"; "then" = data; @@ -493,6 +488,9 @@ in ]; }; + # We have DANE and don't want to have a certificate for each domain we serve. + session.mta-sts.mode = "none"; + session.ehlo = { require = true; reject-non-fqdn = [ @@ -538,7 +536,6 @@ in [ "autoconfig.${primaryDomain}" "autodiscover.${primaryDomain}" - "mta-sts.${primaryDomain}" ] (_: { forceSSL = true;