From 1ea789d49e44c4bdbe7f02bfbfc81db2b0725614 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 28 Dec 2022 14:41:26 +0100
Subject: ...

---
 hosts/surtr/email/default.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'hosts')

diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index a2e93e32..3d0b43ee 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -228,6 +228,8 @@ in {
             "-o" "smtpd_tls_wrappermode=yes"
             "-o" "smtpd_tls_ask_ccert=yes"
             "-o" "smtpd_tls_req_ccert=yes"
+            "-o" "smtpd_tls_received_header=no"
+            "-o" "cleanup_service_name=subcleanup"
             "-o" "smtpd_client_restrictions=permit_tls_all_clientcerts,reject"
             "-o" "{smtpd_data_restrictions = check_policy_service unix:/run/postfwd3/postfwd3.sock}"
             "-o" "smtpd_relay_restrictions=permit_tls_all_clientcerts,reject"
@@ -243,6 +245,16 @@ in {
             "-o" ''smtpd_milters=${config.services.opendkim.socket}''
           ];
         };
+        subcleanup = {
+          command = "cleanup";
+          private = false;
+          maxproc = 0;
+          args = [
+            "-o" "header_checks=pcre:${pkgs.writeText "header_checks_submission" ''
+              /^Received: from [^ ]+ \([^ ]+ [^ ]+\)\s+(.*)$/ REPLACE Received: $1
+            ''}"
+          ];
+        };
         dvlmtp = {
           command = "lmtp";
           args = [
-- 
cgit v1.2.3