mailserver: Disallow requesting DSN over SMTP

This still allows requesting a DSN over submission, so trusted clients are not affected. It only affects sending DSN to other systems, which now no longer takes place. This is done to avoid leaking rspamd internals.
2024-02-03 01:07:49 +01:00 · 2024-02-03 01:07:49 +01:00 · 242a2315be
parent c944812a68
commit 242a2315be
1 changed files with 1 additions and 0 deletions
--- a/modules/mailserver/postfix.nix
+++ b/modules/mailserver/postfix.nix
@ -141,6 +141,7 @@ lib.mkIf cfg.enable {
      # Postscreen
      smtpd = {
        type = "pass";
+        args = [ "-o" "smtpd_discard_ehlo_keywords=silent-discard,dsn" ];
      };
      smtp_inet = {
        # Partially overrides upstream