diff --git a/ssh/till@nova.pub b/ssh/till@nova.pub
new file mode 100644
index 0000000..7acb080
--- /dev/null
+++ b/ssh/till@nova.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDr1G6eXwR8t8k/2Vm1CX8ARt7q2GVPtX+xdOFqDonQy0yPai85s1Y+wkIivC9GvdyK1Q5EM2Vl7PKOvJxAJwwevgPTp6hsg9JOc2v0WNJ12p9a0NF2cXJwmgIVs2z0GTritJpO0VwWUdjI+RJORpTAkkMskEWB4IU/ub1nOUya2Hq7xvI9GcvnVoA7nWRs2X6VHHQLIbkrc9+a3MdGtJim1/yJ/CfiX/RueWZ8ANBpieUmgwjQJn6WYCCl/q2fId4vc/njtwmF/Tx5H4MxVCMpPmbbD7XAN04cXMpZOKKAHHbwM14SpslQFDPnfmF9f3BdEvTaxJOu7Fs8nE6XEJs+gUgY4lGQfaoPOKN7uyD/reVfqTwkvF7PzhiT7FEhPycpU5gNGyTka/o63xB3kCdlXhWBb3qmWB8E+0va0XdUj0STzjws3EtLLkoGJoXjp9UTQxqL31sxfPZQWQ7NmHne4/UR/R8xlv2Ul4VKBou8ZV6+5thsYo08JJiSbfnN9Ms= till@nova
diff --git a/system/default.nix b/system/default.nix
index 4b5f042..1a3827a 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -42,7 +42,9 @@
     ntp.enable = true;
     openssh.enable = true;
     openssh.settings.PasswordAuthentication = false;
+    openssh.settings.PermitRootLogin = "no";
   };
 
   system.stateVersion = "22.11";
+
 }
diff --git a/system/gnome.nix b/system/gnome.nix
index 21ca666..fa850aa 100644
--- a/system/gnome.nix
+++ b/system/gnome.nix
@@ -28,7 +28,7 @@
 
   programs.kdeconnect = {
     enable = true;
-    package = pgks.gnomeExtensions.gsconnect;
-  }
+    package = lib.mkForce pkgs.gnomeExtensions.gsconnect;
+  };
 
 }
diff --git a/system/web-server/mail/postfix.nix b/system/web-server/mail/postfix.nix
index bd7cc26..bb4ad25 100644
--- a/system/web-server/mail/postfix.nix
+++ b/system/web-server/mail/postfix.nix
@@ -36,6 +36,12 @@ in {
       @t9e.me anything
     '';
 
+    mapFiles.reject-recipients = pkgs.writeText "postfix-reject-recipients" ''
+      123rf@ktiu.net REJECT
+      jcb-co.jp-ktiu@ktiu.net REJECT
+      info@ktiu.net REJECT
+    '';
+
 
     enableSubmission = true;
     submissionOptions = {
@@ -47,7 +53,7 @@ in {
       smtpd_sasl_path = "/var/run/dovecot2/auth";
       smtpd_sasl_security_options = "noanonymous";
       smtpd_client_restrictions = "permit_mynetworks,permit_sasl_authenticated,reject";
-      smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
+      smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,check_recipient_access hash:/etc/postfix/recect-recipients,permit_sasl_authenticated,reject";
     };
 
     settings = {