From 1873ed090803c615a9c729aa8a6c98ec880226c0 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 13 Apr 2025 04:57:17 +0200
Subject: [PATCH] README: Update existing and future features

As the ecosystems around us evolve so should the NixOS mailserver
project.

DKIM signing could be improved by allowing users to treat DKIM keys like
a secret that they would commonly manage through agenix/sops/etc.

Forwarding mail these days requires SRS and possibly ARC. The latter has
already become a required feature for bulk message to iCloud[1] and
Google Mail[3]. I propose that we stay ahead of the curve by adding
support for these features.

LDAP user management was added, but one pain point is that we currently
prevent it from coexisting with declarative users.

And finally Oauth (via RFC7628[3]) is the new kid on the block that everyone
wants to try out, but most notably client support[4] for hosting this
yourself is not quite there yet.

[1] https://support.apple.com/en-us/102322
[2] https://support.google.com/a/answer/81126?hl=en#zippy=%2Crequirements-for-all-senders%2Crequirements-for-sending-or-more-messages-per-day
[3] https://www.rfc-editor.org/rfc/rfc7628.html
[4] https://bugzilla.mozilla.org/show_bug.cgi?id=1602166
---
 README.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 098f68a..337163b 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,7 @@ can stay up to date with bug fixes and updates.
  * User Management
     - [x] declarative user management
     - [x] declarative password management
+    - [x] LDAP users
  * Sieves
     - [x] A simple standard script that moves spam
     - [x] Allow user defined sieve scripts
@@ -64,7 +65,15 @@ can stay up to date with bug fixes and updates.
 ### In the future
 
   * DKIM Signing
-    - [ ] Allow a per domain selector
+    - [ ] Allow per domain selectors
+    - [ ] Allow passing DKIM signing keys
+  * Improve the Forwarding Experience
+    - [ ] Support [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) signing with [Rspamd](https://rspamd.com/doc/modules/arc.html)
+    - [ ] Support [SRS](https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme) with [postsrsd](https://github.com/roehling/postsrsd)
+  * User management
+    - [ ] Allow local and LDAP user to coexist
+  * OpenID Connect
+    - Depends on relevant clients adding support, e.g. [Thunderbird](https://bugzilla.mozilla.org/show_bug.cgi?id=1602166)
 
 ### Get in touch