|
|
|
@ -25,6 +25,8 @@ let |
|
|
|
|
|
|
|
|
|
clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); |
|
|
|
|
|
|
|
|
|
smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may"; |
|
|
|
|
|
|
|
|
|
mainCf = let |
|
|
|
|
escape = replaceStrings ["$"] ["$$"]; |
|
|
|
|
mkList = items: "\n " + concatStringsSep ",\n " items; |
|
|
|
@ -508,6 +510,14 @@ in |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
useDane = mkOption { |
|
|
|
|
type = types.bool; |
|
|
|
|
default = false; |
|
|
|
|
description = '' |
|
|
|
|
Sets smtp_tls_security_level to "dane" rather than "may". See postconf(5) for details. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
sslCert = mkOption { |
|
|
|
|
type = types.str; |
|
|
|
|
default = ""; |
|
|
|
@ -809,13 +819,13 @@ in |
|
|
|
|
// optionalAttrs cfg.enableHeaderChecks { header_checks = [ "regexp:/etc/postfix/header_checks" ]; } |
|
|
|
|
// optionalAttrs (cfg.tlsTrustedAuthorities != "") { |
|
|
|
|
smtp_tls_CAfile = cfg.tlsTrustedAuthorities; |
|
|
|
|
smtp_tls_security_level = "may"; |
|
|
|
|
smtp_tls_security_level = smtpTlsSecurityLevel; |
|
|
|
|
} |
|
|
|
|
// optionalAttrs (cfg.sslCert != "") { |
|
|
|
|
smtp_tls_cert_file = cfg.sslCert; |
|
|
|
|
smtp_tls_key_file = cfg.sslKey; |
|
|
|
|
|
|
|
|
|
smtp_tls_security_level = "may"; |
|
|
|
|
smtp_tls_security_level = smtpTlsSecurityLevel; |
|
|
|
|
|
|
|
|
|
smtpd_tls_cert_file = cfg.sslCert; |
|
|
|
|
smtpd_tls_key_file = cfg.sslKey; |
|
|
|
|