Ensure locally-delivered mails have the X-Original-To header

See #223
author: Steve Purcell <steve@sanityinc.com> 2021-08-11 09:18:24 +0000
committer: Steve Purcell <steve@sanityinc.com> 2021-08-11 12:20:16 +0000
commit: fb85a3fe9e4f673f9c017a23ada00b05d61cdc6a (patch)
tree: a80abf9c0260384597a5c25376c3e89d6cab7646
parent: 72748d7b6d706ca17817389952a3a7d9185b0d5c (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix
index 618d6c5..340122b 100644
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -172,6 +172,8 @@ in
         virtual_mailbox_domains = vhosts_file;
         virtual_mailbox_maps = mappedFile "valias";
         virtual_transport = "lmtp:unix:/run/dovecot2/dovecot-lmtp";
+        # Avoid leakage of X-Original-To, X-Delivered-To headers between recipients
+        lmtp_destination_recipient_limit = "1";
 
         # sasl with dovecot
         smtpd_sasl_type = "dovecot";
@@ -241,6 +243,11 @@ in
       submissionsOptions = submissionOptions;
 
       masterConfig = {
+        "lmtp" = {
+          # Add headers when delivering, see http://www.postfix.org/smtp.8.html
+          # D => Delivered-To, O => X-Original-To, R => Return-Path
+          args = [ "flags=O" ];
+        };
         "policy-spf" = {
           type = "unix";
           privileged = true;
author	Steve Purcell <steve@sanityinc.com>	2021-08-11 09:18:24 +0000
committer	Steve Purcell <steve@sanityinc.com>	2021-08-11 12:20:16 +0000
commit	fb85a3fe9e4f673f9c017a23ada00b05d61cdc6a (patch)
tree	a80abf9c0260384597a5c25376c3e89d6cab7646
parent	72748d7b6d706ca17817389952a3a7d9185b0d5c (diff)