diff options
author | Nikolay Amiantov <ab@fmap.me> | 2017-02-04 14:48:11 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2017-02-06 01:41:27 +0300 |
commit | 52c7e647ab81383c72117800b8cd5cd49bec9030 (patch) | |
tree | 88b9f9abb6e960fe900d9e18cd8b2ad5c33eb3b4 /nixos | |
parent | ede8adc441242805b343a75dfefa09a9893e2be1 (diff) | |
download | nixpkgs-52c7e647ab81383c72117800b8cd5cd49bec9030.tar nixpkgs-52c7e647ab81383c72117800b8cd5cd49bec9030.tar.gz nixpkgs-52c7e647ab81383c72117800b8cd5cd49bec9030.tar.bz2 nixpkgs-52c7e647ab81383c72117800b8cd5cd49bec9030.tar.lz nixpkgs-52c7e647ab81383c72117800b8cd5cd49bec9030.tar.xz nixpkgs-52c7e647ab81383c72117800b8cd5cd49bec9030.tar.zst nixpkgs-52c7e647ab81383c72117800b8cd5cd49bec9030.zip |
postfix service: don't empty local_recipient_maps
From Postfix documentation: With this setting, the Postfix SMTP server will not reject mail with "User unknown in local recipient table". Don't do this on systems that receive mail directly from the Internet. With today's worms and viruses, Postfix will become a backscatter source: it accepts mail for non-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1703.xml | 12 | ||||
-rw-r--r-- | nixos/modules/services/mail/postfix.nix | 2 |
2 files changed, 11 insertions, 3 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml index 09358f3af23..be6ad59ac5d 100644 --- a/nixos/doc/manual/release-notes/rl-1703.xml +++ b/nixos/doc/manual/release-notes/rl-1703.xml @@ -46,6 +46,7 @@ following incompatible changes:</para> for what those parameters represent. </para> </listitem> + <listitem> <para> <literal>ansible</literal> now defaults to ansible version 2 as version 1 @@ -54,6 +55,7 @@ following incompatible changes:</para> vulnerability</link> unpatched by upstream. </para> </listitem> + <listitem> <para> <literal>gnome</literal> alias has been removed along with @@ -116,7 +118,6 @@ following incompatible changes:</para> </listitem> <listitem> - <para><literal>overridePackages</literal> function no longer exists. It is replaced by <link xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install"> @@ -153,6 +154,15 @@ following incompatible changes:</para> </para> </listitem> + <listitem> + <para> + <literal>local_recipient_maps</literal> is not set to empty value by + Postfix service. It's an insecure default as stated by Postfix + documentation. Those who want to retain this setting need to set it via + <literal>services.postfix.extraConfig</literal>. + </para> + </listitem> + </itemizedlist> diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix index cdde4144622..caaa87b94d6 100644 --- a/nixos/modules/services/mail/postfix.nix +++ b/nixos/modules/services/mail/postfix.nix @@ -79,8 +79,6 @@ let relay_domains = ${concatStringsSep ", " cfg.relayDomains} '' + '' - local_recipient_maps = - relayhost = ${if cfg.lookupMX || cfg.relayHost == "" then cfg.relayHost else |