Merge pull request #15 from phdoerfler/patch-3
Added header filtering for removing sensitive information.
This commit is contained in:
commit
bc48b701c8
1 changed files with 17 additions and 0 deletions
|
@ -47,7 +47,18 @@ let
|
||||||
# every alias is owned (uniquely) by its user. We have to add the users own
|
# every alias is owned (uniquely) by its user. We have to add the users own
|
||||||
# address though
|
# address though
|
||||||
vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" (vaccounts_identity ++ valiases_postfix));
|
vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" (vaccounts_identity ++ valiases_postfix));
|
||||||
|
|
||||||
|
submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" ''
|
||||||
|
### Removes sensitive headers from mails handed in via the submission port.
|
||||||
|
### See https://thomas-leister.de/mailserver-debian-stretch/
|
||||||
|
### Uses "pcre" style regex.
|
||||||
|
|
||||||
|
/^Received:/ IGNORE
|
||||||
|
/^X-Originating-IP:/ IGNORE
|
||||||
|
/^X-Mailer:/ IGNORE
|
||||||
|
/^User-Agent:/ IGNORE
|
||||||
|
/^X-Enigmail:/ IGNORE
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = with cfg; lib.mkIf enable {
|
config = with cfg; lib.mkIf enable {
|
||||||
|
@ -116,7 +127,13 @@ in
|
||||||
smtpd_sender_login_maps = "hash:/etc/postfix/vaccounts";
|
smtpd_sender_login_maps = "hash:/etc/postfix/vaccounts";
|
||||||
smtpd_sender_restrictions = "reject_sender_login_mismatch";
|
smtpd_sender_restrictions = "reject_sender_login_mismatch";
|
||||||
smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
|
smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
|
||||||
|
cleanup_service_name = "submission-header-cleanup";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraMasterConf = ''
|
||||||
|
submission-header-cleanup unix n - n - 0 cleanup
|
||||||
|
-o header_checks=pcre:${submissionHeaderCleanupRules}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue