Fog user's hostname in the Message-ID

This commit is contained in:
geistesk 2018-04-08 20:58:30 +02:00
parent 1dd394e63f
commit 386faf960c
3 changed files with 31 additions and 3 deletions

View File

@ -433,6 +433,16 @@ in
''; '';
}; };
rewriteMessageId = mkOption {
type = types.bool;
default = false;
description = ''
Rewrites the Message-ID's hostname-part of outgoing emails to the FQDN.
Please be aware that this may cause problems with some mail clients
relying on the original Message-ID.
'';
};
monitoring = { monitoring = {
enable = mkEnableOption "monitoring via monit"; enable = mkEnableOption "monitoring via monit";

View File

@ -66,7 +66,7 @@ let
# The user's own address is already in all_valiases_postfix. # The user's own address is already in all_valiases_postfix.
vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" all_valiases_postfix); vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" all_valiases_postfix);
submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" '' submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" (''
# Removes sensitive headers from mails handed in via the submission port. # Removes sensitive headers from mails handed in via the submission port.
# See https://thomas-leister.de/mailserver-debian-stretch/ # See https://thomas-leister.de/mailserver-debian-stretch/
# Uses "pcre" style regex. # Uses "pcre" style regex.
@ -76,7 +76,13 @@ let
/^X-Mailer:/ IGNORE /^X-Mailer:/ IGNORE
/^User-Agent:/ IGNORE /^User-Agent:/ IGNORE
/^X-Enigmail:/ IGNORE /^X-Enigmail:/ IGNORE
''; '' + lib.optionalString cfg.rewriteMessageId ''
# Replaces the user submitted hostname with the server's FQDN to hide the
# user's host or network.
/^Message-ID:\s+<(.*?)@.*?>/ REPLACE Message-ID: <$1@${cfg.fqdn}>
'');
in in
{ {
config = with cfg; lib.mkIf enable { config = with cfg; lib.mkIf enable {

View File

@ -29,6 +29,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
fqdn = "mail.example.com"; fqdn = "mail.example.com";
domains = [ "example.com" "example2.com" ]; domains = [ "example.com" "example2.com" ];
dhParamBitLength = 512; dhParamBitLength = 512;
rewriteMessageId = true;
loginAccounts = { loginAccounts = {
"user1@example.com" = { "user1@example.com" = {
@ -65,9 +66,14 @@ import <nixpkgs/nixos/tests/make-test.nix> {
echo grep '${clientIP}' "$@" >&2 echo grep '${clientIP}' "$@" >&2
exec grep '${clientIP}' "$@" exec grep '${clientIP}' "$@"
''; '';
check-mail-id = pkgs.writeScriptBin "check-mail-id" ''
#!${pkgs.stdenv.shell}
echo grep '^Message-ID:.*@mail.example.com>$' "$@" >&2
exec grep '^Message-ID:.*@mail.example.com>$' "$@"
'';
in { in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fetchmail msmtp procmail findutils grep-ip fetchmail msmtp procmail findutils grep-ip check-mail-id
]; ];
environment.etc = { environment.etc = {
"root/.fetchmailrc" = { "root/.fetchmailrc" = {
@ -128,6 +134,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
''; '';
}; };
"root/email1".text = '' "root/email1".text = ''
Message-ID: <12345qwerty@host.local.network>
From: User2 <user2@example.com> From: User2 <user2@example.com>
To: User1 <user1@example.com> To: User1 <user1@example.com>
Cc: Cc:
@ -140,6 +147,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
how are you doing today? how are you doing today?
''; '';
"root/email2".text = '' "root/email2".text = ''
Message-ID: <232323abc@host.local.network>
From: User <user@example2.com> From: User <user@example2.com>
To: User1 <user1@example.com> To: User1 <user1@example.com>
Cc: Cc:
@ -154,6 +162,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
XOXO User1 XOXO User1
''; '';
"root/email3".text = '' "root/email3".text = ''
Message-ID: <asdfghjkl42@host.local.network>
From: Postmaster <postmaster@example.com> From: Postmaster <postmaster@example.com>
To: Chuck <chuck@example.com> To: Chuck <chuck@example.com>
Cc: Cc:
@ -167,6 +176,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
XOXO Postmaster XOXO Postmaster
''; '';
"root/email4".text = '' "root/email4".text = ''
Message-ID: <sdfsdf@host.local.network>
From: Single Alias <single-alias@example.com> From: Single Alias <single-alias@example.com>
To: User1 <user1@example.com> To: User1 <user1@example.com>
Cc: Cc:
@ -181,6 +191,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
XOXO User1 aka Single Alias XOXO User1 aka Single Alias
''; '';
"root/email5".text = '' "root/email5".text = ''
Message-ID: <789asdf@host.local.network>
From: User2 <user2@example.com> From: User2 <user2@example.com>
To: Multi Alias <multi-alias@example.com> To: Multi Alias <multi-alias@example.com>
Cc: Cc:
@ -234,6 +245,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
$client->succeed("cat ~/mail/* >&2"); $client->succeed("cat ~/mail/* >&2");
## make sure our IP is _not_ in the email header ## make sure our IP is _not_ in the email header
$client->fail("grep-ip ~/mail/*"); $client->fail("grep-ip ~/mail/*");
$client->succeed("check-mail-id ~/mail/*");
}; };
subtest "have correct fqdn as sender", sub { subtest "have correct fqdn as sender", sub {