| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
nixos/dovecot: make ssl_dh optional
|
| | |
|
| |
| |
| |
| | |
hasn't been needed since 2.3.3, in fact it is encouraged not to use such cipher suites anymore
|
|/ |
|
|\
| |
| | |
treewide: more defaultText for options
|
| |
| |
| |
| |
| | |
escape interpolations in examples, or replace them where they are not
useful.
|
| |
| |
| |
| | |
Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
|
|/ |
|
|\
| |
| | |
nixos/dovecot: use the count backend for quota plugin
|
| | |
|
| |
| |
| |
| | |
(#138205)
|
|/
|
|
| |
ChangeLog: https://github.com/roundcube/roundcubemail/releases/tag/1.5.0
|
|\
| |
| | |
nixos: make setgid wrappers root-owned
|
| | |
|
|/ |
|
|
|
|
| |
virtual(8) is for virtual mailboxes, not aliases.
|
|
|
|
|
|
|
|
|
|
| |
* nixos/opensmtpd: Add missing brackets in config
Without this commit, you end up missing the sendmail suid wrapper,
because the "program" attribute would not override the right thing.
* Update nixos/modules/services/mail/opensmtpd.nix
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
|
|
|
|
|
| |
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
|
|
|
|
|
| |
This is to keep the same permissions/setuid/setgid as before the change
in security.wrappers defaults.
|
| |
|
|
|
|
|
|
|
| |
Even though some PHP8 compat fixes seem to be in the release that's
packaged here, it seems as if there are still some minor issues[1].
[1] https://github.com/postfixadmin/postfixadmin/issues/395
|
| |
|
|
|
| |
Co-authored-by: Linus Heckemann <git@sphalerite.org>
|
| |
|
|\
| |
| | |
nixos/dovecot: Switch systemd service type to notify
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
| |
Nullmailer expects that this directory exists (see
https://github.com/bruceg/nullmailer/blob/073f4e9c5d015ed50074afe603e7faa32e34599e/doc/nullmailer-send.8#L185).
When it doesn't and an email cannot be sent due to a permanent failure
or has been in the queue longer than queuelifetime (7 days), message
"Can't rename file: No such file or directory" starts appearing in the
log and nullmailer never sends "Could not send message" notification.
This means that the user may never learn that his email was not
delivered.
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Without this change, mailman-settings.service is not guaranteed to
complete before dependent services. This can lead to various errors
like:
mailman-web-setup.service: Changing to the requested working directory failed: No such file or directory
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Postfix has started outputting an error on startup that it can't parse
the compatibility level 9999.
Instead, just set the compatibility level to be identical to the current
version, which seems to be the (new) intent for the compatibility level.
|
| |
| |
| |
| |
| |
| |
| |
| | |
An empty list results in no CapabilityBoundingSet at all, an empty
string however will set `CapabilityBoundingSet=`, which represents a
closed set.
Related: #120617
|
| |
| |
| |
| |
| |
| |
| |
| | |
An empty list results in no CapabilityBoundingSet at all, an empty
string however will set `CapabilityBoundingSet=`, which represents a
closed set.
Related: #120617
|
|\ \
| | |
| | | |
nixos/exim: Make queue runner interval configurable and reduce it to 5m by default
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Exim spawns a new queue runner every n minutes as configured by the
argument to -q; up to queue_run_max can be active at the same time.
Spawning a queue runner only every 30 mins means that a message that
failed delivery on the first attempt (e.g. due to greylisting) will only
be retried 30 minutes later.
A queue runner will immediately exit if the queue is empty, so it is
more a function on how quickly Exim will scale to mail load and how
quickly it will retry than something that is taxing on an otherwise
empty system.
|
|\ \ \
| | | |
| | | | |
nixos/spamassassin: Avoid network dependency on boot
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For sa-update we care about two successful codes:
* 1 -> no updates available: exit successfully
* 0 -> updates have been installed: run sa-compile and pass
through its return code
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
sa-compile speeds up processing the rules by compiling them from Perl to
C. This needs to be run after every update and is saved in the local
state directory by Perl and SpamAssassin version.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Let systemd create SpamAssassin's state directory and populate it using the
regular updater service. Depend on the updater service on boot but do not
propagate failure to the main service.
spamd's commands to start and reload the service are still executed as
root but user/group are set to properly chown the state directory to the
target user. spamd drops privileges itself for its runner children but
preserves root on the main daemon (to listen and re-exec).
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
sa-update currently runs as part of the pre-start script of spamd. The
network is not guaranteed to be online at that point and even if we
were to depend on that, it makes the bootup brittle, as there is a
reliance on SpamAssassin's update server as a startup dependency on
boot.
Refactor the setup to move the pre-start script into its own unit.
This allows to perform the setup task only once. Continuous updates
are already done by sa-update.service triggered by sa-update.timer.
Only run sa-update in case /var/lib/spamassassin is empty.
While we are on it, let sa-update.service depend on the network being
online.
|
| | |
| | |
| | |
| | | |
setting users.users.name.{isSystemUser,isNormalUser} is required since #115332
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With the config suggested in the module docs both Mailman core and
Hyperkitty are running, but Mailman core can not connect to Hyperkitty,
since the default hyperkitty.baseUrl is not set up by the module.
This adds a http listener to the uwsgi config and changes the default
hyperkitty.baseUrl to connect to this http listener.
|
| | |
| | |
| | |
| | | |
needed after 7a87973b4ced86e1ba94ee84449979d6afebc9ea
|