From 4c64f28a41182f9650b1229e3e9698a412616d00 Mon Sep 17 00:00:00 2001
From: Rouven Seifert <rouven@rfive.de>
Date: Fri, 1 Sep 2023 10:54:56 +0200
Subject: [PATCH] mail: clean sender data using header checks

---
 modules/mail.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/mail.nix b/modules/mail.nix
index 2256ffe..463f81f 100644
--- a/modules/mail.nix
+++ b/modules/mail.nix
@@ -15,6 +15,15 @@ let
     user_filter = (&(objectClass=posixAccount)(uid=%n))
     pass_filter = (&(objectClass=posixAccount)(uid=%n))
   '';
+  # see https://www.kuketz-blog.de/e-mail-anbieter-ip-stripping-aus-datenschutzgruenden/
+  header_cleanup = pkgs.writeText "header_cleanup_outgoing" ''
+    /^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 127.0.0.1 (localhost [127.0.0.1])$2
+    /^\s*User-Agent/ IGNORE
+    /^\s*X-Enigmail/ IGNORE
+    /^\s*X-Mailer/ IGNORE
+    /^\s*X-Originating-IP/ IGNORE
+    /^\s*Mime-Version/ IGNORE
+  '';
 in
 {
   sops.secrets."rspamd-password".owner = config.users.users.rspamd.name;
@@ -104,6 +113,7 @@ in
           "permit_mynetworks"
           "reject_unauth_destination"
         ];
+        smtp_header_checks = "pcre:${header_cleanup}";
         # smtpd_sender_login_maps = [ "ldap:${ldap-senders}" ];
         alias_maps = [ "hash:/etc/aliases" ];
         alias_database = [ "hash:/etc/aliases" ];
-- 
2.47.1