verify mail senders

This commit is contained in:
Rouven Seifert 2024-01-24 16:02:58 +01:00
parent 93baff94f1
commit ffeb47cd5e
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09

View file

@ -24,6 +24,11 @@ let
/^\s*X-Originating-IP/ IGNORE
/^\s*Mime-Version/ IGNORE
'';
# https://unix.stackexchange.com/questions/294300/postfix-prevent-users-from-changing-the-real-e-mail-address
login_maps = pkgs.writeText "login_maps.pcre" ''
# basic username => username@ifsr.de
/^([^@+]*)(\+[^@]*)?@ifsr\.de$/ ''${1}
'';
in
{
sops.secrets."rspamd-password".owner = config.users.users.rspamd.name;
@ -119,6 +124,13 @@ in
smtpd_data_restrictions = [
"reject_unauth_pipelining"
];
smtpd_sender_restrictions = [
"reject_authenticated_sender_login_mismatch"
];
smtpd_sender_login_maps = [
"pcre:/etc/special-aliases.pcre"
"pcre:${login_maps}"
];
smtp_header_checks = "pcre:${header_cleanup}";
# smtpd_sender_login_maps = [ "ldap:${ldap-senders}" ];
alias_maps = [ "hash:/etc/aliases" ];