sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: disable MTA-STS since we have dane and don't want a cert per subdomain

Browse source
This commit is contained in:
oddlama 2024-11-30 15:38:32 +01:00
parent 88e6b6e22f
commit db30ac20c1
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
1 changed files with 4 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

11
hosts/envoy/stalwart-mail.nix
View file

@ -55,17 +55,12 @@ in
enable = true;
settings =
let
case = field: check: value: data: {
"if" = field;
${check} = value;
"then" = data;
};
ifthen = field: data: {
"if" = field;
"then" = data;
};
otherwise = value: { "else" = value; };
is-smtp = case "listener" "eq" "smtp";
is-smtp = ifthen "listener = 'smtp'";
is-authenticated = data: {
"if" = "!is_empty(authenticated_as)";
"then" = data;
@ -493,6 +488,9 @@ in
];
};
# We have DANE and don't want to have a certificate for each domain we serve.
session.mta-sts.mode = "none";
session.ehlo = {
require = true;
reject-non-fqdn = [
@ -538,7 +536,6 @@ in
[
"autoconfig.${primaryDomain}"
"autodiscover.${primaryDomain}"
"mta-sts.${primaryDomain}"
]
(_: {
forceSSL = true;