summaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/surtr/email/default.nix12
1 files changed, 12 insertions, 0 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index a2e93e32..3d0b43ee 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -228,6 +228,8 @@ in {
228 "-o" "smtpd_tls_wrappermode=yes" 228 "-o" "smtpd_tls_wrappermode=yes"
229 "-o" "smtpd_tls_ask_ccert=yes" 229 "-o" "smtpd_tls_ask_ccert=yes"
230 "-o" "smtpd_tls_req_ccert=yes" 230 "-o" "smtpd_tls_req_ccert=yes"
231 "-o" "smtpd_tls_received_header=no"
232 "-o" "cleanup_service_name=subcleanup"
231 "-o" "smtpd_client_restrictions=permit_tls_all_clientcerts,reject" 233 "-o" "smtpd_client_restrictions=permit_tls_all_clientcerts,reject"
232 "-o" "{smtpd_data_restrictions = check_policy_service unix:/run/postfwd3/postfwd3.sock}" 234 "-o" "{smtpd_data_restrictions = check_policy_service unix:/run/postfwd3/postfwd3.sock}"
233 "-o" "smtpd_relay_restrictions=permit_tls_all_clientcerts,reject" 235 "-o" "smtpd_relay_restrictions=permit_tls_all_clientcerts,reject"
@@ -243,6 +245,16 @@ in {
243 "-o" ''smtpd_milters=${config.services.opendkim.socket}'' 245 "-o" ''smtpd_milters=${config.services.opendkim.socket}''
244 ]; 246 ];
245 }; 247 };
248 subcleanup = {
249 command = "cleanup";
250 private = false;
251 maxproc = 0;
252 args = [
253 "-o" "header_checks=pcre:${pkgs.writeText "header_checks_submission" ''
254 /^Received: from [^ ]+ \([^ ]+ [^ ]+\)\s+(.*)$/ REPLACE Received: $1
255 ''}"
256 ];
257 };
246 dvlmtp = { 258 dvlmtp = {
247 command = "lmtp"; 259 command = "lmtp";
248 args = [ 260 args = [