57 lines
1.6 KiB
Nix
57 lines
1.6 KiB
Nix
{ pkgs
|
|
, lib
|
|
, config
|
|
, ...
|
|
}:
|
|
let
|
|
headerChecksFile = pkgs.writeText "header_checks" ''
|
|
# Warn about missing critical headers (but don't reject from localhost)
|
|
# These help identify misconfigured applications
|
|
/^$/ WARN Missing headers detected
|
|
'';
|
|
in
|
|
{
|
|
services.postfix = {
|
|
mapFiles."header_checks" = headerChecksFile;
|
|
enable = true;
|
|
hostname = "amzebs-01.amz.at";
|
|
domain = "amz.at";
|
|
|
|
config = {
|
|
# Explicitly set hostname to prevent "localhost" HELO issues
|
|
myhostname = "amzebs-01.amz.at";
|
|
|
|
# Set proper HELO name for outgoing SMTP connections
|
|
smtp_helo_name = "amzebs-01.amz.at";
|
|
|
|
# Professional SMTP banner (prevents appearing as default/misconfigured)
|
|
smtpd_banner = "$myhostname ESMTP";
|
|
|
|
# Listen only on localhost for security
|
|
# Laravel will send via localhost, no external access needed
|
|
inet_interfaces = "loopback-only";
|
|
|
|
# Compatibility
|
|
compatibility_level = "2";
|
|
|
|
# Only accept mail from localhost
|
|
mynetworks = [ "127.0.0.0/8" "[::1]/128" ];
|
|
|
|
# Larger message size limits for attachments
|
|
mailbox_size_limit = 202400000; # ~200MB
|
|
message_size_limit = 51200000; # ~50MB
|
|
|
|
# Ensure proper header handling
|
|
# Reject mail that's missing critical headers
|
|
header_checks = "regexp:/var/lib/postfix/conf/header_checks";
|
|
|
|
# Rate limiting to prevent spam-like behavior
|
|
# Allow reasonable sending rates for applications
|
|
smtpd_client_message_rate_limit = 100;
|
|
smtpd_client_recipient_rate_limit = 200;
|
|
|
|
# Milter configuration is handled automatically by rspamd.postfix.enable
|
|
};
|
|
};
|
|
}
|