simple-nixos-mailserver/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2025-12-25 04:10:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
Simple and complete declarative NixOS Mailserver setups
819 commits 73 branches 24 tags 328 MiB
Find a file
Martin Weinelt a1532a552f
postfix: enable X25519MLKEM768 key exchange 
This migrates the key exchange curve group configuration into the OpenSSL
configuration format, which is the only path forward to configure these.

We now prefer a hybrid key exchange for TLS handshake and as a client
we'll send key shares for that and pure X25519, while keeping backwards-
compat for P256 and P384.

The statistics for my personal mail server over the last month show a
clear trend for X25519 key exchanges:

    156 secp384r1
    225 secp256r1
    19541 x25519
2025-11-10 00:31:43 +01:00
.hydra ci: disable command execution in jobset generation 2025-09-22 15:23:26 +02:00
docs postfix: enable X25519MLKEM768 key exchange 2025-11-10 00:31:43 +01:00
mail-server postfix: enable X25519MLKEM768 key exchange 2025-11-10 00:31:43 +01:00
migrations migrations: add missing comma in list 2025-07-09 01:39:51 +00:00
scripts tests: also test client submission over smtps:// 2025-08-24 02:29:30 +02:00
tests Use postfix-tlspol for DANE/MTA-STS policy lookups 2025-11-08 15:49:34 +01:00
.editorconfig Remove makefile section from editorconfig 2017-11-11 09:47:25 +00:00
.envrc Provide direnv integration for flake devshell 2025-05-15 16:29:03 +02:00
.gitignore Provide direnv integration for flake devshell 2025-05-15 16:29:03 +02:00
.gitlab-ci.yml ci: use hydra-cli from pinned nixpkgs 2025-05-10 21:18:17 +02:00
.readthedocs.yaml docs: fix Read the Docs by using portable-nix 2025-11-05 01:10:52 +01:00
default.nix Add support for SMTP TLS reports 2025-11-08 22:39:29 +01:00
flake.lock flake.lock: Update 2025-11-10 00:31:42 +01:00
flake.nix flake.lock: Update 2025-11-08 17:57:18 +01:00
LICENSE Initial commit 2016-07-21 18:09:04 +02:00
pyproject.toml ruff: reject implicit string concat 2025-07-09 03:59:54 +02:00
README.md Add support for SMTP TLS reports 2025-11-08 22:39:29 +01:00
shell.nix treewide: reformat with nixfmt-rfc-style 2025-06-15 03:39:44 +02:00

README.md

Simple Nixos MailServer

license pipeline status

Release branches

For each NixOS release, we publish a branch. You then have to use the SNM branch corresponding to your NixOS version.

Features

  • Continous Integration Testing
  • Multiple Domains
  • Postfix
    • SMTP on port 25
    • Submission TLS on port 465
    • Submission StartTLS on port 587
    • LMTP with Dovecot
    • DANE and MTA-STS validation
    • SMTP TLS Reports (RFC 8460)
  • Dovecot
    • Maildir folders
    • IMAP with TLS on port 993
    • POP3 with TLS on port 995
    • IMAP with StartTLS on port 143
    • POP3 with StartTLS on port 110
  • Certificates
    • ACME
    • Custom certificates
  • Spam Filtering
    • Via Rspamd
  • Virus Scanning
    • Via ClamAV
  • DKIM Signing
    • Via Rspamd
  • User Management
    • Declarative user management
    • Declarative password management
    • LDAP users
  • Sieve
    • Allow user defined sieve scripts
    • Moving mails from/to junk trains the Bayes filter
    • ManageSieve support
  • User Aliases
    • Regular aliases
    • Catch all aliases

In the future

  • Automatic client configuration
  • DKIM Signing
    • Allow per domain selectors
    • Allow passing DKIM signing keys
  • Improve the Forwarding Experience
  • User management
    • Allow local and LDAP user to coexist
  • OpenID Connect
    • Depends on relevant clients adding support, e.g. Thunderbird

Get in touch

How to Set Up a 10/10 Mail Server Guide

Check out the Setup Guide in the project's documentation.

For a complete list of options, see in readthedocs.

Development

See the How to Develop SNM documentation page.

Contributors

See the contributor tab

Alternative Implementations

Credits