56 lines
1.6 KiB
Nix
56 lines
1.6 KiB
Nix
{ pkgs
|
|
, lib
|
|
, config
|
|
, ...
|
|
}:
|
|
{
|
|
# Header checks file for validating email headers
|
|
environment.etc."postfix/header_checks".text = ''
|
|
# Warn about missing critical headers (but don't reject from localhost)
|
|
# These help identify misconfigured applications
|
|
/^$/ WARN Missing headers detected
|
|
'';
|
|
|
|
services.postfix = {
|
|
enable = true;
|
|
hostname = "amzebs-01.amz.at";
|
|
domain = "amz.at";
|
|
|
|
config = {
|
|
# Explicitly set hostname to prevent "localhost" HELO issues
|
|
myhostname = "amzebs-01.amz.at";
|
|
|
|
# Set proper HELO name for outgoing SMTP connections
|
|
smtp_helo_name = "amzebs-01.amz.at";
|
|
|
|
# Professional SMTP banner (prevents appearing as default/misconfigured)
|
|
smtpd_banner = "$myhostname ESMTP";
|
|
|
|
# Listen only on localhost for security
|
|
# Laravel will send via localhost, no external access needed
|
|
inet_interfaces = "loopback-only";
|
|
|
|
# Compatibility
|
|
compatibility_level = "2";
|
|
|
|
# Only accept mail from localhost
|
|
mynetworks = "127.0.0.0/8 [::1]/128";
|
|
|
|
# Larger message size limits for attachments
|
|
mailbox_size_limit = "202400000"; # ~200MB
|
|
message_size_limit = "51200000"; # ~50MB
|
|
|
|
# Ensure proper header handling
|
|
# Reject mail that's missing critical headers
|
|
header_checks = "regexp:/etc/postfix/header_checks";
|
|
|
|
# Rate limiting to prevent spam-like behavior
|
|
# Allow reasonable sending rates for applications
|
|
smtpd_client_message_rate_limit = "100";
|
|
smtpd_client_recipient_rate_limit = "200";
|
|
|
|
# Milter configuration is handled automatically by rspamd.postfix.enable
|
|
};
|
|
};
|
|
}
|