Martin Weinelt
6ff4a50f02
After bumping the generation of new DKIM keys to RSA 2048 in NixOS 25.11 key rotation for existing users could not be done safely. To resolve this situation we now support multiple generations of selectors per domain to enable proper DKIM key transitions as described in RFC6376 3.1. The added documentation introduces and motivates DKIM and guides the user through a DKIM key rotation. Additionally, DKIM key material can now also be treated as a managed secrets when autogenerated state on the mail server host is undesirable. This change is fully backwards compatible in behavior and will continue to use the previously generated DKIM key without any additional configuration up until the point when DKIM selectors are configured explicitly.
Release branches
For each NixOS release, we publish a branch. You then have to use the SNM branch corresponding to your NixOS version.
- For NixOS 25.11
- For NixOS 25.05
- For NixOS unstable
- Use the SNM branch
master - Documentation
- Use the SNM branch
Features
- Continuous Integration Testing
- Multiple Domains
- Postfix
- SMTP on port 25
- Submission TLS on port 465
- Submission StartTLS on port 587
- LMTP with Dovecot
- DANE and MTA-STS validation
- SMTP TLS Reports (RFC 8460)
- Dovecot
- Maildir folders
- IMAP with TLS on port 993
- POP3 with TLS on port 995
- IMAP with StartTLS on port 143
- POP3 with StartTLS on port 110
- Certificates
- ACME
- Custom certificates
- Spam Filtering
- Via Rspamd
- Virus Scanning
- Via ClamAV
- DKIM Signing
- Via Rspamd
- Automatic key generation
- Multiple selectors per Domain
- User Management
- Declarative user management
- Declarative password management
- LDAP users
- Sieve
- Allow user defined sieve scripts
- Moving mails from/to junk trains the Bayes filter
- ManageSieve support
- User Aliases
- Regular aliases
- Catch all aliases
- Improve the Forwarding Experience
In the future
- Automatic client configuration
- Improve the Forwarding Experience
- User management
- Allow local and LDAP user to coexist
- OpenID Connect
- Depends on relevant clients adding support, e.g. Thunderbird
Get in touch
- Matrix: #nixos-mailserver:nixos.org
- IRC:
#nixos-mailserveron Libera Chat
How to Set Up a 10/10 Mail Server Guide
Check out the Setup Guide in the project's documentation.
For a complete list of options, see in readthedocs.
Development
See the How to Develop SNM documentation page.
Contributors
See the contributor tab
Alternative Implementations
Credits
- send mail graphic by tnp_dreamingmao from TheNounProject is licensed under CC BY 3.0
- Logo made with Logomakr.com