From 16e31c6a0daf83b6550f4d714c3c660b391a6ecc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20D=C3=B6rfler?= <phdoerfler@gmail.com>
Date: Wed, 20 Sep 2017 00:05:01 +0200
Subject: [PATCH] Added header filtering for removing sensitive information.

---
 mail-server/postfix.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 5ef634f..a5bfa69 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -97,6 +97,26 @@ in
         smtpd_sender_login_maps = "hash:/etc/postfix/vaccounts";
         smtpd_sender_restrictions = "reject_sender_login_mismatch";
         smtpd_recipient_restrictions = "reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject";
+        cleanup_service_name = "submission-header-cleanup";
+      };
+      
+      extraMasterConf = ''
+        submission-header-cleanup unix n - n    -       0       cleanup
+            -o header_checks=regexp:/etc/postfixsupport/submission_header_cleanup
+      '';
+    };
+    
+    environment.etc = {
+      "postfixsupport/submission_header_cleanup" = {
+        text = ''
+          ### Removes sensitive headers from mails handed in via the submission port.
+          ### Thanks to https://thomas-leister.de/mailserver-debian-stretch/
+
+          /^Received:/            IGNORE
+          /^X-Originating-IP:/    IGNORE
+          /^X-Mailer:/            IGNORE
+          /^User-Agent:/          IGNORE
+        '';
       };
     };
   };