Code Monkey home page Code Monkey logo

Comments (4)

qknight avatar qknight commented on June 23, 2024 2

@fgaz i've implemented this now in 0d914ec

best solution would be to have this upstream, so i will create a PR for an upstream change (code below) and later we can revert this patch.

diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
index 543e732127a..92569693470 100644
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -25,6 +25,7 @@ let
       ssl_cert = <${cfg.sslServerCert}
       ssl_key = <${cfg.sslServerKey}
       ${optionalString (!(isNull cfg.sslCACert)) ("ssl_ca = <" + cfg.sslCACert)}
+      ssl_dh = </var/lib/dhparams/dovecot2.pem
       disable_plaintext_auth = yes
     '')
 
@@ -297,10 +298,14 @@ in
 
 
   config = mkIf cfg.enable {
-
     security.pam.services.dovecot2 = mkIf cfg.enablePAM {};
-
-    services.dovecot2.protocols =
+    security.dhparams = {
+      enable = true;
+      params = {
+        dovecot2 = 4096;
+      };
+    };
+   services.dovecot2.protocols =
      optional cfg.enableImap "imap"
      ++ optional cfg.enablePop3 "pop3"
      ++ optional cfg.enableLmtp "lmtp";

from nixcloud-webservices.

uwap avatar uwap commented on June 23, 2024 1

Hey,
thank you for reporting this issue. You are right, the Diffie-Hellman parameters should be generated and given to dovecot. I think though, that this is more of a problem that should be integrated into nixpkgs. I am going to write a pull request to nixpkgs soon that will automatically set ssl_dh for dovecot using https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/dhparams.nix.

from nixcloud-webservices.

qknight avatar qknight commented on June 23, 2024

@uwap any news?

from nixcloud-webservices.

qknight avatar qknight commented on June 23, 2024

NixOS/nixpkgs#39507

@fgaz thanks for the bug report!

from nixcloud-webservices.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.