nixos/postfix: improve option documentation for service toggles

In particular we now explain what port the service listens on and what protocol to expect. Update the RFC8341 recommendation to discourage submission and recommend submissions.
2025-06-15 03:06:43 +02:00 · 2025-06-15 03:06:43 +02:00 · 7d6c8e24ce
commit 7d6c8e24ce
parent 52c24f184d
1 changed files with 29 additions and 5 deletions
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@ -356,23 +356,47 @@ in
      enableSmtp = lib.mkOption {
        type = lib.types.bool;
        default = true;
-        description = "Whether to enable smtp in master.cf.";
+        description = ''
+          Whether to enable the `smtp` service configured in the master.cf.
+
+          This service listens for plain text SMTP connections on port 25
+          and supports explicit TLS via StartTLS.
+
+          It is the primary port used by SMTP servers to exchange mail.
+        '';
      };

      enableSubmission = lib.mkOption {
        type = lib.types.bool;
        default = false;
-        description = "Whether to enable smtp submission.";
+        description = "
+          Whether to enable the `submission` service configured in master.cf.
+
+          This service listens for plain text SMTP connections on port 587
+          and supports explicit TLS via StartTLS.
+
+          It is a way for clients to login and submit mails after an inband
+          connection upgrade using StartTLS.
+
+          ::: {.warning}
+          [RFC 8314](https://www.rfc-editor.org/rfc/rfc8314) discourages the use
+          of explicit TLS for mail submissionn.
+          :::
+        ";
      };

      enableSubmissions = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = ''
-          Whether to enable smtp submission via smtps.
+          Whether to enable the `submissions` service configured in master.cf.

-          According to RFC 8314 this should be preferred
-          over STARTTLS for submission of messages by end user clients.
+          This service listen for implicit TLS connections on port 465.
+
+          ::: {.info}
+          Per [RFC 8314](https://www.rfc-editor.org/rfc/rfc8314) implicit TLS
+          is recommended for mail submission.
+          :::
        '';
      };