mailserver: Disallow requesting DSN over SMTP

This still allows requesting a DSN over submission, so trusted clients
are not affected. It only affects sending DSN to other systems, which
now no longer takes place. This is done to avoid leaking rspamd
internals.
This commit is contained in:
Simon Bruder 2024-02-03 01:07:49 +01:00
parent c944812a68
commit 242a2315be
Signed by: simon
GPG key ID: 347FF8699CDA0776

View file

@ -141,6 +141,7 @@ lib.mkIf cfg.enable {
# Postscreen # Postscreen
smtpd = { smtpd = {
type = "pass"; type = "pass";
args = [ "-o" "smtpd_discard_ehlo_keywords=silent-discard,dsn" ];
}; };
smtp_inet = { smtp_inet = {
# Partially overrides upstream # Partially overrides upstream