Release Notes

NixOS 25.05

  • OpenDKIM has been removed and DKIM signing is now handled by Rspamd, which only supports relaxed canoncalizaliaton. (merge request)

  • Rspamd now connects to Redis over its Unix Domain Socket by default (merge request)

    • If you need to revert TCP connections, configure mailserver.redis.address to reference the value of config.services.redis.servers.rspamd.bind.

  • The integration with policyd-spf was removed and SPF handling is now fully based on Rspamd scoring. (merge request)

  • Switch to the more efficient fts-flatcurve indexer for full text search (merge request).

    This makes use of a new index, which will be automatically re-generated the next time a folder is searched. The operation is now quick enough to be performed "just-in-time". Alternatively, all indices can be immediately re-generated for all users and folders by running

    doveadm fts rescan -u '*' && doveadm index -u '*' -q '*'

    The previous index (which is not automatically discarded to allow rollbacks) can be cleaned up by removing all the xapian-indexes directories within mailserver.indexDir.

  • Individual domains can now be excluded from DMARC Reporting through mailserver.dmarcReporting.excludedDomains. (merge request)

  • Configuring mailserver.forwards is now possible when the setup relies on LDAP. (merge request)

  • Support for TLS 1.1 was disabled in accordance with Mozilla's recommendations. (merge request)

NixOS 24.11

  • No new feature, only bug fixes and documentation improvements

NixOS 24.05

  • Add new option acmeCertificateName which can be used to support wildcard certificates

NixOS 23.11

  • Add basic support for LDAP users

  • Add support for regex (PCRE) aliases

NixOS 23.05

  • Existing ACME certificates can be reused without configuring NGINX

  • Certificate scheme is no longer a number, but a meaningful string instead

NixOS 22.11

NixOS 22.05

  • Make NixOS Mailserver options discoverable from search.nixos.org

  • Add a roundcube setup guide in the documentation

NixOS 21.11

  • Switch default DKIM body policy from simple to relaxed (merge request)

  • Ensure locally-delivered mails have the X-Original-To header (merge request)

  • NixOS Mailserver options are detailed in the documentation

  • New options dkimBodyCanonicalization and dkimHeaderCanonicalization

  • New option certificateDomains to generate certificate for additional domains (such as imap.example.com)

NixOS 21.05

  • New fullTextSearch option to search in messages (based on Xapian) (Merge Request)

  • Flake support (Merge Request)

  • New openFirewall option defaulting to true

  • We moved from Freenode to Libera Chat

NixOS 20.09

  • IMAP and Submission with TLS wrapped-mode are now enabled by default on ports 993 and 465 respectively

  • OpenDKIM is now sandboxed with Systemd

  • New forwards option to forwards emails to external addresses (Merge Request)

  • New sendingFqdn option to specify the fqdn of the machine sending email (Merge Request)

  • Move the Gitlab wiki to ReadTheDocs