simple-nixos-mailserver

Author	SHA1	Message	Date
Martin Weinelt	6ff4a50f02	Add support for DKIM key management After bumping the generation of new DKIM keys to RSA 2048 in NixOS 25.11 key rotation for existing users could not be done safely. To resolve this situation we now support multiple generations of selectors per domain to enable proper DKIM key transitions as described in RFC6376 3.1. The added documentation introduces and motivates DKIM and guides the user through a DKIM key rotation. Additionally, DKIM key material can now also be treated as a managed secrets when autogenerated state on the mail server host is undesirable. This change is fully backwards compatible in behavior and will continue to use the previously generated DKIM key without any additional configuration up until the point when DKIM selectors are configured explicitly.	2026-03-11 22:37:49 +01:00
Martin Weinelt	1c57aab586	treewide: fix typos and other minor issues	2026-03-11 01:50:14 +01:00
Martin Weinelt	8d35f004ee	Release 25.11	2025-11-25 13:56:52 +01:00
Martin Weinelt	eeda8ba39e	Add support for sender rewriting using postsrsd With SRS we support forwarding of mails without (fully) breaking SPF alignment.	2025-11-11 13:45:03 +01:00
Martin Weinelt	3555a546ab	Add support for SMTP TLS reports When enabled the tlsrpt services will send out aggregated reports about TLS connections the local Postfix made to interested parties, who set up a `_smtp._tls` TXT record with a rua attribute. Introduces mailserver.systemContact to specify an administrative contact advertised in these automated reports.	2025-11-08 22:39:29 +01:00
Martin Weinelt	0812ca1e48	Use postfix-tlspol for DANE/MTA-STS policy lookups Postfix with plain DANE only secures domains that configure DNSSEC and publish TLSA records. With postfix-tlspol we support MTA-STS protected connections and get caching for its policy results. Finally, we use this as a stepping stone to build TLSRPT support on top.	2025-11-08 15:49:34 +01:00
Martin Weinelt	51d48f1492	Release 25.11	2025-05-22 01:31:46 +02:00
Martin Weinelt	a6eb2a8f9a	README.md: reformat with markdownlint	2025-05-15 16:29:04 +02:00
Martin Weinelt	2d0b3fdeb0	README: Add automatic client configuration support to the roadmap	2025-05-06 03:37:23 +02:00
Martin Weinelt	4320259e34	README: add matrix room, reference libera connection information	2025-05-06 03:29:35 +02:00
Martin Weinelt	630b5c4fdd	Use rspamd for DKIM signing, drop OpenDKIM OpenDKIM has not been updated in the last 7 years and failed to adopt RFC8463, which introduces Ed25519-SHA256 signatures. It has thereby held back the DKIM ecosystem, which relies on the DNS system to publish its public keys. The DNS system in turn does not handle large record sizes well (see RFC8301), which is why Ed25519 public keys would be preferable, but I'm not sure the ecosystem has caught up, so we stay on the conservative side with RSA for now. Fixes: #203 #210 #279 Obsoletes: !162 !338 Supersedes: !246	2025-05-06 01:05:10 +02:00
Martin Weinelt	84bf0c0c07	README.md: remove mailing list information Has been unused since 2019, so it is not a good recommendation to subscribe there anymore.	2025-05-05 22:31:16 +02:00
Martin Weinelt	a071813b97	README: reword feature list and remove the v2.0 release title.	2025-05-05 22:31:15 +02:00
Martin Weinelt	1873ed0908	README: Update existing and future features As the ecosystems around us evolve so should the NixOS mailserver project. DKIM signing could be improved by allowing users to treat DKIM keys like a secret that they would commonly manage through agenix/sops/etc. Forwarding mail these days requires SRS and possibly ARC. The latter has already become a required feature for bulk message to iCloud[1] and Google Mail[3]. I propose that we stay ahead of the curve by adding support for these features. LDAP user management was added, but one pain point is that we currently prevent it from coexisting with declarative users. And finally Oauth (via RFC7628[3]) is the new kid on the block that everyone wants to try out, but most notably client support[4] for hosting this yourself is not quite there yet. [1] https://support.apple.com/en-us/102322 [2] https://support.google.com/a/answer/81126?hl=en#zippy=%2Crequirements-for-all-senders%2Crequirements-for-sending-or-more-messages-per-day [3] https://www.rfc-editor.org/rfc/rfc7628.html [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1602166	2025-04-13 22:50:19 +02:00
Antoine Eiche	63209b1def	Release 24.11	2024-12-22 16:20:47 +00:00
Antoine Eiche	29916981e7	Release 24.05	2024-06-11 07:36:43 +02:00
Antoine Eiche	e47f3719f1	Release 23.11	2024-01-25 22:52:54 +01:00
Nigel Bray	d460e9ff62	Fix and improve the setup guide	2023-07-05 21:53:56 +02:00
Antoine Eiche	24128c3052	Release 23.05	2023-06-22 21:31:07 +02:00
Antoine Eiche	c4ec122aac	readme: remove the announcement public key Current maintainer no longer has it.	2023-06-11 17:10:19 +02:00
Antoine Eiche	bc667fb6af	Release 22.11	2022-12-21 22:46:04 +01:00
Linus Heckemann	a40e9c3abb	htpasswd -> mkpasswd	2022-11-27 19:14:22 +00:00
Antoine Eiche	f535d8123c	Release 22.05	2022-06-22 22:39:06 +02:00
Naïm Favier	4ed684481b	Update nixos-unstable and drop 21.11	2022-02-24 20:51:40 +00:00
Naïm Favier	f4c14572fc	Drop 21.05 branch	2022-02-24 20:51:40 +00:00
Antoine Eiche	6e3a7b2ea6	Release nixos-21.11	2021-12-07 22:09:14 +01:00
Antoine Eiche	68b9397a30	Move the logo	2021-07-27 19:58:33 +00:00
Antoine Eiche	5675b122a9	readme: switch from freenode to libera	2021-06-06 10:21:14 +02:00
Antoine Eiche	bbcc6863b5	Release nixos-21.05	2021-06-06 10:20:14 +02:00
Antoine Eiche	3fc047bc64	Remove nixos-20.03 job We only support 2 releases.	2021-06-06 09:44:41 +02:00
Antoine Eiche	06cf3557df	Mention the Freenode IRC chan #nixos-mailserver	2021-03-10 18:46:03 +01:00
Antoine Eiche	4ce3e1bf4e	readme: mention the unstable documentation	2020-11-30 08:55:26 +01:00
Henri Menke	89bd89c706	Recommend bcrypt passwords everywhere	2020-11-29 20:19:46 +01:00
Antoine Eiche	99f843de47	Release nixos-20.09 branch	2020-10-31 08:34:36 +01:00
Antoine Eiche	843e66864f	docs: no longer use tagged release but branch instead in docs	2020-10-31 08:34:36 +01:00
Milan Pässler	beba28ae14	add release notes for tls wrapped-mode changes	2020-10-05 20:54:46 +02:00
Milan Pässler	e272a2755b	remove support for 20.03	2020-10-05 20:54:46 +02:00
Milan Pässler	cc526a2700	add full support for tls wrapped mode	2020-10-05 20:54:46 +02:00
Antoine Eiche	31cf3818df	readme: switch doc links from wiki to readthedocs	2020-07-06 22:33:19 +02:00
Benjamin Asbach	87e66046c1	Fixed url to contributor tab	2020-05-26 21:00:37 +02:00
Antoine Eiche	54ecf17810	Release nixos-20.03	2020-05-24 20:41:03 +02:00
Antoine Eiche	830c66f1be	readme: no more release but branch instead For each NixOS release, we publish a branch. This would allow us to continue to apply patches to these branches, in case of bug or security fixes.	2020-05-11 21:46:01 +00:00
Robin Raymond	7bda4c4f11	automatically update readme hash	2019-12-18 09:33:52 +01:00
Robin Raymond	5d1f5cb349	update readme for v2.3.0	2019-12-16 21:08:33 +01:00
Robin Raymond	ba3336978e	correct checksum	2019-05-03 17:35:33 +02:00
Robin Raymond	e35959b65f	fix checksum	2019-05-03 17:33:39 +02:00
Robin Raymond	a658e7fc6c	Advertise mailing list a little more	2019-05-03 14:38:41 +02:00
Robin Raymond	d127730f27	modify readme for v2.2.1	2019-05-03 14:21:18 +02:00
Tom	2c59de8dcb	README: include sha256 of the expected release tarball Advantages of including the SHA256: (i) removes the impurity of the tarball contents being changed (ii) if sha256 is not included, then each nixops deploy triggers a re-download of the tarball Here's how to get the expected hash: $ nix-prefetch-url --unpack 'https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz' unpacking... [0.0 MiB DL] path is '/nix/store/dwg8xlfnlw7mhr4cjk1viwmm0b249b74-nixos-mailserver-v2.2.0.tar.gz' 0gqzgy50hgb5zmdjiffaqp277a68564vflfpjvk1gv6079zahksc	2019-01-28 14:21:51 +00:00
Robin Raymond	ebf34930a7	udpate readme	2018-11-11 18:18:58 +01:00

1 2 3

126 Commits