From 9ed5ee909beede0ea3f04bc4d14449290aebed66 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 12 Jan 2021 15:50:51 +0000 Subject: [PATCH] nixos/postfix: allow custom smtp_tls_security_level I run Postfix on my workstation as a smarthost, where it only ever talks to my SMTP server. Because I know it'll only ever connect to this server, and because I know this server supports TLS, I'd like to set smtp_tls_security_level to "encrypt" so Postfix won't fall back to an unencrypted connection. --- nixos/modules/services/mail/postfix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index 795a76f748a7..37ba98339a6c 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -25,7 +25,7 @@ let clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); - smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may"; + smtpTlsSecurityLevel = if cfg.useDane then "dane" else mkDefault "may"; mainCf = let escape = replaceStrings ["$"] ["$$"];