about summary refs log tree commit diff
path: root/nixosConfigurations/manwe/mailserver/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixosConfigurations/manwe/mailserver/default.nix')
-rw-r--r--nixosConfigurations/manwe/mailserver/default.nix8
1 files changed, 8 insertions, 0 deletions
diff --git a/nixosConfigurations/manwe/mailserver/default.nix b/nixosConfigurations/manwe/mailserver/default.nix
index 4f58df7..88edf25 100644
--- a/nixosConfigurations/manwe/mailserver/default.nix
+++ b/nixosConfigurations/manwe/mailserver/default.nix
@@ -54,6 +54,14 @@ with lib; {
   in {
     enable = true;
 
+    # Disable potentially insecure[1] STARTTLS connections. SSL-only connections
+    # are still enabled by default.
+    #
+    # [1]: https://www.rfc-editor.org/rfc/rfc3207#section-6
+    enableImap = false;
+    enablePop3 = false;
+    enableSubmission = false;
+
     fqdn = config.networking.domain;
     domains = with my.domain; [azahi gondor rohan shire];
 

Consider giving Nix/NixOS a try! <3