From b8e950d5d0e42c2fca0caa713e473baf05eda58d Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 22 Dec 2023 23:39:09 +0100
Subject: [PATCH] postfix: apply fix against smtp mail smuggling

---
 modules/mail/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/mail/default.nix b/modules/mail/default.nix
index 0b727ed..daf6c04 100644
--- a/modules/mail/default.nix
+++ b/modules/mail/default.nix
@@ -115,6 +115,10 @@ in
           "permit_mynetworks"
           "reject_unauth_destination"
         ];
+        # https://www.postfix.org/smtp-smuggling.html
+        smtpd_data_restrictions = [
+          "reject_unauth_pipelining"
+        ];
         smtp_header_checks = "pcre:${header_cleanup}";
         # smtpd_sender_login_maps = [ "ldap:${ldap-senders}" ];
         alias_maps = [ "hash:/etc/aliases" ];