From 44ce57413f94a8d5fee78d103ba2963a6d8d01d8 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sat, 3 Feb 2024 01:07:49 +0100
Subject: [PATCH] mailserver: Disable requesting DSN over SMTP

This still allows requesting a DSN over submission, so trusted clients
are not affected. It only affects sending DSN to other systems, which
now no longer takes place. This is done to avoid leaking rspamd
internals.
---
 modules/mailserver/postfix.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/mailserver/postfix.nix b/modules/mailserver/postfix.nix
index d1aca5d..5342054 100644
--- a/modules/mailserver/postfix.nix
+++ b/modules/mailserver/postfix.nix
@@ -141,6 +141,7 @@ lib.mkIf cfg.enable {
       # Postscreen
       smtpd = {
         type = "pass";
+        args = [ "-o" "smtpd_discard_ehlo_keywords=silent-discard,dsn" ];
       };
       smtp_inet = {
         # Partially overrides upstream