postfix service: don't empty local_recipient_maps

From Postfix documentation:

With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
This commit is contained in:
Nikolay Amiantov 2017-02-04 14:48:11 +03:00
parent ede8adc441
commit 52c7e647ab
2 changed files with 11 additions and 3 deletions

View File

@ -46,6 +46,7 @@ following incompatible changes:</para>
for what those parameters represent. for what those parameters represent.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<literal>ansible</literal> now defaults to ansible version 2 as version 1 <literal>ansible</literal> now defaults to ansible version 2 as version 1
@ -54,6 +55,7 @@ following incompatible changes:</para>
vulnerability</link> unpatched by upstream. vulnerability</link> unpatched by upstream.
</para> </para>
</listitem> </listitem>
<listitem> <listitem>
<para> <para>
<literal>gnome</literal> alias has been removed along with <literal>gnome</literal> alias has been removed along with
@ -116,7 +118,6 @@ following incompatible changes:</para>
</listitem> </listitem>
<listitem> <listitem>
<para><literal>overridePackages</literal> function no longer exists. <para><literal>overridePackages</literal> function no longer exists.
It is replaced by <link It is replaced by <link
xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install"> xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
@ -153,6 +154,15 @@ following incompatible changes:</para>
</para> </para>
</listitem> </listitem>
<listitem>
<para>
<literal>local_recipient_maps</literal> is not set to empty value by
Postfix service. It's an insecure default as stated by Postfix
documentation. Those who want to retain this setting need to set it via
<literal>services.postfix.extraConfig</literal>.
</para>
</listitem>
</itemizedlist> </itemizedlist>

View File

@ -79,8 +79,6 @@ let
relay_domains = ${concatStringsSep ", " cfg.relayDomains} relay_domains = ${concatStringsSep ", " cfg.relayDomains}
'' ''
+ '' + ''
local_recipient_maps =
relayhost = ${if cfg.lookupMX || cfg.relayHost == "" then relayhost = ${if cfg.lookupMX || cfg.relayHost == "" then
cfg.relayHost cfg.relayHost
else else