From e0c742fc88572e687cf9d6df344b69c27e0d36da Mon Sep 17 00:00:00 2001
From: Gonne <gonne@mathebau.de>
Date: Tue, 18 Mar 2025 11:28:14 +0100
Subject: [PATCH 1/2] More comments

---
 nixos/modules/mail.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix
index f36995f..7d1b16c 100644
--- a/nixos/modules/mail.nix
+++ b/nixos/modules/mail.nix
@@ -194,6 +194,8 @@ in {
           # because only TOML-based keys may use macros to load files from disk.
           # We want this to be able to load our sieve-script for mail forwarding.
           # See https://stalw.art/docs/configuration/overview/#local-and-database-settings for more details.
+          #
+          # Unfortunately, the set of served domains as well as the catch-all accounts are still not configured via this nix module.
           config.local-keys =
             [
               "store.*"
@@ -237,7 +239,7 @@ in {
                 private-key = "%{file:/run/secrets/dkim_rsa}%";
                 domain = "${domain}";
                 selector = "rsa-default";
-                headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "User-Agent" "Thread-Topic" "Thread-Index"];
+                headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "User-Agent" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures
                 algorithm = "rsa-sha256";
                 canonicalization = "relaxed/relaxed";
               };

From 6788b31aad9739505d02b5f56317dc0f08fc1a4e Mon Sep 17 00:00:00 2001
From: Gonne <gonne@mathebau.de>
Date: Tue, 18 Mar 2025 11:33:25 +0100
Subject: [PATCH 2/2] Enable SMTPUTF8. We talk to our own VM that supports it.

---
 nixos/modules/mailman.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/nixos/modules/mailman.nix b/nixos/modules/mailman.nix
index 1c8eaba..66ee109 100644
--- a/nixos/modules/mailman.nix
+++ b/nixos/modules/mailman.nix
@@ -32,7 +32,6 @@ in {
         config = {
           transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
           local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
-          smtputf8_enable = "no"; # HRZ does not know SMTPUTF8
         };
         relayHost = "mathebau.de"; # Relay to mail vm which relays to HRZ (see https://www.hrz.tu-darmstadt.de/services/it_services/email_infrastruktur/index.de.jsp)
       };