fix: amz postfix setup

hosts/amzebs-01/modules/postfix.nix

@@ -4,12 +4,28 @@
 , ...
 }:
 {
+  # Header checks file for validating email headers
+  environment.etc."postfix/header_checks".text = ''
+    # Warn about missing critical headers (but don't reject from localhost)
+    # These help identify misconfigured applications
+    /^$/  WARN Missing headers detected
+  '';
+
   services.postfix = {
     enable = true;
     hostname = "amzebs-01.amz.at";
     domain = "amz.at";
 
     config = {
+      # Explicitly set hostname to prevent "localhost" HELO issues
+      myhostname = "amzebs-01.amz.at";
+
+      # Set proper HELO name for outgoing SMTP connections
+      smtp_helo_name = "amzebs-01.amz.at";
+
+      # Professional SMTP banner (prevents appearing as default/misconfigured)
+      smtpd_banner = "$myhostname ESMTP";
+
       # Listen only on localhost for security
       # Laravel will send via localhost, no external access needed
       inet_interfaces = "loopback-only";
@@ -24,6 +40,15 @@
       mailbox_size_limit = "202400000"; # ~200MB
       message_size_limit = "51200000";  # ~50MB
 
+      # Ensure proper header handling
+      # Reject mail that's missing critical headers
+      header_checks = "regexp:/etc/postfix/header_checks";
+
+      # Rate limiting to prevent spam-like behavior
+      # Allow reasonable sending rates for applications
+      smtpd_client_message_rate_limit = "100";
+      smtpd_client_recipient_rate_limit = "200";
+
       # Milter configuration is handled automatically by rspamd.postfix.enable
     };
   };