SNM supports DMARC reporting, but it's disabled by default. For email
greybeards, that's fine, but I think it would be useful to teach email newbies (as I was a few
months ago) that this is something you should seriously consider
enabling.
I opted to put this in a new "Advanced Configurations" section that
points experienced mailserver admins to our howto guides, and newbies to
a couple of important things.
refs: https://github.com/NixOS/infra/pull/635
The option `exclude_domains` for dmarc reporting in `rspamd`[1] allows
to configure a list of domains and/or eSLDs (external effective second level
domain) to be excluded from dmarc reports.
Helpful because e.g. dmarc reports to hotmail.com always fail for me
with the following undeliverable notification:
The recipient's mailbox is full and can't accept messages now.
[1] https://www.rspamd.com/doc/modules/dmarc.html
This is not a feature specific to the mailserver. Indeed, the feature
was added to `system.autoUpgrade.allowReboot` with NixOS 19.09 and it
has better detection if a reboot is necessary.
For the system.autoUpgrade there is no kexec option, but the use was
discouraged.
Since NixOS 19.09 autoUpgrade also has the ability to do automatic
reboots. Its detection on whether a reboot is necessary is a bit more
sophisticated. Having this option in the mail-server implied to me that
it did something additionally, though it was just a feature which was
not included in NixOS at the time it was introduced for the mail-server.
Mentioning the fact in the documentation might help people not to get
confused why they should turn the `system.autoUpgrade.allowReboot` off
and instead use the mail-servers reboot flag.
fts xapian does not publish configuration changes in a changelog. As a
result, some options that nixos mailserver was setting for it have been
ignored for several years. New options (process_limit) are now
recommended. This adapts the module to these changes.
The default value of partial= is 2, but fts_xapian 1.8.3 now requires it
to be at least 3, and fails loudly in case it is 2. As a result, this
change is required to support fts_xapian 1.8.3 and later.
This allows overwriting the default values for user_attrs to be empty
which is required when using virtual mailboxes with ldap accounts
that have posixAccount attributes set. When user_attrs is empty string
those are ignored then.
Allow the user to specify the name of the ACME configuration that the
mailserver should use. This allows users that request certificates that
aren't the FQDN of the mailserver, for example a wildcard certificate.
Without using umask there's a small time window where paths are world
readable. That is a bad idea to do for secret files (e.g. the dovecot
code path).
Jeremy Fleischman
Maximilian Bosch
Yureka
Michael Lohmann
Philipp Bartsch
Michael Lohmann
Michael Lohmann
Antoine Eiche
euxane
Guillaume Girol
Ryan Trinkle
lennart
Sandro
Jany Doe
Isabel
RoastedCheese
Martin Weinelt
Matthew Leach
jopejoe1
Gaetan Lepage
Raito Bezarius
Christian Theune
Sleepful
Alvar Penning
Lafiel
Jean-Baptiste Giraudeau
Naïm Favier
Bjørn Forsman