| Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
As the previous configuration only opened some ports, receiving mail was
impossible. This allows NSM to open the required ports directly,
ensuring that none was missed.
SECURITY:
As all other options than SSL are still disabled, this change should not
introduce unencrypted mail transfer.
This has not been tested.
|
|
Before, new certs were requested at every rebuild.
This caused issues due to letsencrypt ratelimiting.
|
|
This reverts commit ecb274ba49042f1dfdf63b9c54ff6920f24a9a58.
It may be a security-risk, but I care much more about a running
mailserver for now.
|
|
The old one, could have exposed a weak hash.
|
|
It is sort of standard to ignore connections over the unencrypted port
25, thus we are doing the same.
|
|
|
|
I just think this is easier to read.
|
|
This is something that just makes the file system easier to traverse, but
isn't really necessary.
|
|
As outlined in commit 19f0808, placing a password hash in the world
readable nix-store is perfectly safe as long as the hashing function is
not reversible, which should be a necessity for a password hash.
|
|
|
|
This is inherently unsafe because it requires an unencrypted handshake.
Considering that all protocols also work directly with TLS i.e., the
encrypted variant, disabling this shouldn't be a drawback.
|
|
|
