From 99a9958bd33cf14de0e734d7d077f71adce09574 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Tue, 12 Jan 2021 15:50:51 +0000 Subject: nixos/postfix: allow custom smtp_tls_security_level I run Postfix on my workstation as a smarthost, where it only ever talks to my SMTP server. Because I know it'll only ever connect to this server, and because I know this server supports TLS, I'd like to set smtp_tls_security_level to "encrypt" so Postfix won't fall back to an unencrypted connection. (cherry picked from commit 9ed5ee909beede0ea3f04bc4d14449290aebed66) --- nixpkgs/nixos/modules/services/mail/postfix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixpkgs/nixos/modules/services/mail/postfix.nix b/nixpkgs/nixos/modules/services/mail/postfix.nix index fd4d16cdc37b..d777af2901e9 100644 --- a/nixpkgs/nixos/modules/services/mail/postfix.nix +++ b/nixpkgs/nixos/modules/services/mail/postfix.nix @@ -25,7 +25,7 @@ let clientRestrictions = concatStringsSep ", " (clientAccess ++ dnsBl); - smtpTlsSecurityLevel = if cfg.useDane then "dane" else "may"; + smtpTlsSecurityLevel = if cfg.useDane then "dane" else mkDefault "may"; mainCf = let escape = replaceStrings ["$"] ["$$"]; -- cgit 1.4.1