From 8fb8cd65d5cdb8ac380eed07bc7784dadae5e876 Mon Sep 17 00:00:00 2001
From: Daniel Frank <git@danielfrank.net>
Date: Fri, 21 Jun 2019 22:12:58 +0200
Subject: [PATCH] postfix: increase privacy by removing the first received
 header if the mail was sent to the submission port by an authorized user

---
 postfix.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/postfix.nix b/postfix.nix
index 1650023..5473c75 100644
--- a/postfix.nix
+++ b/postfix.nix
@@ -1,6 +1,9 @@
 { config, lib, pkgs, ... }:
 
 let
+  submission_header_cleanup_regex = pkgs.writeText "submission_header_cleanup_regex" ''
+    /^Received:.*by ${config.variables.myFQDN} \(Postfix/ IGNORE
+  '';
   pfvirtual_mailbox_domains = pkgs.writeText "virtual_mailbox_domains.cf" ''
     dbpath = ${config.variables.pfadminDataDir}/postfixadmin.db
     query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
@@ -75,6 +78,13 @@ in
       virtual_mailbox_maps = "proxy:sqlite:${pfvirtual_mailbox_maps}, proxy:sqlite:${pfvirtual_alias_domain_mailbox_maps}";
       virtual_transport = "lmtp:unix:${config.variables.dovecotLmtpSocket}";
     };
+    masterConfig.submission.args = [ "-o" "cleanup_service_name=submission_cleanup" ];
+    masterConfig."submission_cleanup" = {
+        command = "cleanup";
+        args = [ "-o" "header_checks=regexp:${submission_header_cleanup_regex}" ];
+        private = false;
+        maxproc = 0;
+    };
     rootAlias = config.variables.mailAdmin;
     postmasterAlias = config.variables.mailAdmin;
   };