Fog user's hostname in the Message-ID
This commit is contained in:
parent
1dd394e63f
commit
386faf960c
10
default.nix
10
default.nix
|
@ -433,6 +433,16 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
rewriteMessageId = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Rewrites the Message-ID's hostname-part of outgoing emails to the FQDN.
|
||||||
|
Please be aware that this may cause problems with some mail clients
|
||||||
|
relying on the original Message-ID.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
monitoring = {
|
monitoring = {
|
||||||
enable = mkEnableOption "monitoring via monit";
|
enable = mkEnableOption "monitoring via monit";
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,7 @@ let
|
||||||
# The user's own address is already in all_valiases_postfix.
|
# The user's own address is already in all_valiases_postfix.
|
||||||
vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" all_valiases_postfix);
|
vaccounts_file = builtins.toFile "vaccounts" (lib.concatStringsSep "\n" all_valiases_postfix);
|
||||||
|
|
||||||
submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" ''
|
submissionHeaderCleanupRules = pkgs.writeText "submission_header_cleanup_rules" (''
|
||||||
# Removes sensitive headers from mails handed in via the submission port.
|
# Removes sensitive headers from mails handed in via the submission port.
|
||||||
# See https://thomas-leister.de/mailserver-debian-stretch/
|
# See https://thomas-leister.de/mailserver-debian-stretch/
|
||||||
# Uses "pcre" style regex.
|
# Uses "pcre" style regex.
|
||||||
|
@ -76,7 +76,13 @@ let
|
||||||
/^X-Mailer:/ IGNORE
|
/^X-Mailer:/ IGNORE
|
||||||
/^User-Agent:/ IGNORE
|
/^User-Agent:/ IGNORE
|
||||||
/^X-Enigmail:/ IGNORE
|
/^X-Enigmail:/ IGNORE
|
||||||
'';
|
'' + lib.optionalString cfg.rewriteMessageId ''
|
||||||
|
|
||||||
|
# Replaces the user submitted hostname with the server's FQDN to hide the
|
||||||
|
# user's host or network.
|
||||||
|
|
||||||
|
/^Message-ID:\s+<(.*?)@.*?>/ REPLACE Message-ID: <$1@${cfg.fqdn}>
|
||||||
|
'');
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = with cfg; lib.mkIf enable {
|
config = with cfg; lib.mkIf enable {
|
||||||
|
|
|
@ -29,6 +29,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
fqdn = "mail.example.com";
|
fqdn = "mail.example.com";
|
||||||
domains = [ "example.com" "example2.com" ];
|
domains = [ "example.com" "example2.com" ];
|
||||||
dhParamBitLength = 512;
|
dhParamBitLength = 512;
|
||||||
|
rewriteMessageId = true;
|
||||||
|
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"user1@example.com" = {
|
"user1@example.com" = {
|
||||||
|
@ -65,9 +66,14 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
echo grep '${clientIP}' "$@" >&2
|
echo grep '${clientIP}' "$@" >&2
|
||||||
exec grep '${clientIP}' "$@"
|
exec grep '${clientIP}' "$@"
|
||||||
'';
|
'';
|
||||||
|
check-mail-id = pkgs.writeScriptBin "check-mail-id" ''
|
||||||
|
#!${pkgs.stdenv.shell}
|
||||||
|
echo grep '^Message-ID:.*@mail.example.com>$' "$@" >&2
|
||||||
|
exec grep '^Message-ID:.*@mail.example.com>$' "$@"
|
||||||
|
'';
|
||||||
in {
|
in {
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
fetchmail msmtp procmail findutils grep-ip
|
fetchmail msmtp procmail findutils grep-ip check-mail-id
|
||||||
];
|
];
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"root/.fetchmailrc" = {
|
"root/.fetchmailrc" = {
|
||||||
|
@ -128,6 +134,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"root/email1".text = ''
|
"root/email1".text = ''
|
||||||
|
Message-ID: <12345qwerty@host.local.network>
|
||||||
From: User2 <user2@example.com>
|
From: User2 <user2@example.com>
|
||||||
To: User1 <user1@example.com>
|
To: User1 <user1@example.com>
|
||||||
Cc:
|
Cc:
|
||||||
|
@ -140,6 +147,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
how are you doing today?
|
how are you doing today?
|
||||||
'';
|
'';
|
||||||
"root/email2".text = ''
|
"root/email2".text = ''
|
||||||
|
Message-ID: <232323abc@host.local.network>
|
||||||
From: User <user@example2.com>
|
From: User <user@example2.com>
|
||||||
To: User1 <user1@example.com>
|
To: User1 <user1@example.com>
|
||||||
Cc:
|
Cc:
|
||||||
|
@ -154,6 +162,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
XOXO User1
|
XOXO User1
|
||||||
'';
|
'';
|
||||||
"root/email3".text = ''
|
"root/email3".text = ''
|
||||||
|
Message-ID: <asdfghjkl42@host.local.network>
|
||||||
From: Postmaster <postmaster@example.com>
|
From: Postmaster <postmaster@example.com>
|
||||||
To: Chuck <chuck@example.com>
|
To: Chuck <chuck@example.com>
|
||||||
Cc:
|
Cc:
|
||||||
|
@ -167,6 +176,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
XOXO Postmaster
|
XOXO Postmaster
|
||||||
'';
|
'';
|
||||||
"root/email4".text = ''
|
"root/email4".text = ''
|
||||||
|
Message-ID: <sdfsdf@host.local.network>
|
||||||
From: Single Alias <single-alias@example.com>
|
From: Single Alias <single-alias@example.com>
|
||||||
To: User1 <user1@example.com>
|
To: User1 <user1@example.com>
|
||||||
Cc:
|
Cc:
|
||||||
|
@ -181,6 +191,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
XOXO User1 aka Single Alias
|
XOXO User1 aka Single Alias
|
||||||
'';
|
'';
|
||||||
"root/email5".text = ''
|
"root/email5".text = ''
|
||||||
|
Message-ID: <789asdf@host.local.network>
|
||||||
From: User2 <user2@example.com>
|
From: User2 <user2@example.com>
|
||||||
To: Multi Alias <multi-alias@example.com>
|
To: Multi Alias <multi-alias@example.com>
|
||||||
Cc:
|
Cc:
|
||||||
|
@ -234,6 +245,7 @@ import <nixpkgs/nixos/tests/make-test.nix> {
|
||||||
$client->succeed("cat ~/mail/* >&2");
|
$client->succeed("cat ~/mail/* >&2");
|
||||||
## make sure our IP is _not_ in the email header
|
## make sure our IP is _not_ in the email header
|
||||||
$client->fail("grep-ip ~/mail/*");
|
$client->fail("grep-ip ~/mail/*");
|
||||||
|
$client->succeed("check-mail-id ~/mail/*");
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest "have correct fqdn as sender", sub {
|
subtest "have correct fqdn as sender", sub {
|
||||||
|
|
Loading…
Reference in New Issue