mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

fix: disable MTA-STS since we have dane and don't want a cert per subdomain

Browse source
This commit is contained in:
oddlama 2024-11-30 15:38:32 +01:00
parent 88e6b6e22f
commit db30ac20c1
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
1 changed files with 4 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

11
hosts/envoy/stalwart-mail.nix
View file

@ -55,17 +55,12 @@ in
enable = true; enable = true;
settings = settings =
let let
case = field: check: value: data: {
"if" = field;
${check} = value;
"then" = data;
};
ifthen = field: data: { ifthen = field: data: {
"if" = field; "if" = field;
"then" = data; "then" = data;
}; };
otherwise = value: { "else" = value; }; otherwise = value: { "else" = value; };
is-smtp = case "listener" "eq" "smtp"; is-smtp = ifthen "listener = 'smtp'";
is-authenticated = data: { is-authenticated = data: {
"if" = "!is_empty(authenticated_as)"; "if" = "!is_empty(authenticated_as)";
"then" = data; "then" = data;
@ -493,6 +488,9 @@ in
]; ];
}; };
# We have DANE and don't want to have a certificate for each domain we serve.
session.mta-sts.mode = "none";
session.ehlo = { session.ehlo = {
require = true; require = true;
reject-non-fqdn = [ reject-non-fqdn = [
@ -538,7 +536,6 @@ in
[ [
"autoconfig.${primaryDomain}" "autoconfig.${primaryDomain}"
"autodiscover.${primaryDomain}" "autodiscover.${primaryDomain}"
"mta-sts.${primaryDomain}"
] ]
(_: { (_: {
forceSSL = true; forceSSL = true;