Unverified Commit 77bf0b01 authored by Martin Weinelt's avatar Martin Weinelt
Browse files

nixos/tlsrpt: reuse sender address as envelope sender 

This prevents leaking the local user and hostname into the envelope,
which could prevent DKIM signing due to lack of keys for the MX hostname.
parent d902e285

nixos/modules/services/mail/tlsrpt.nix

+2 −2
Original line number Diff line number Diff line
@@ -244,12 +244,12 @@ in 
              type = with types; nullOr str;

              default =

                if config.services.postfix.enable && config.services.postfix.setSendmail then

                  "/run/wrappers/bin/sendmail -i -t"

                  "/run/wrappers/bin/sendmail -i -t -f ${cfg.reportd.settings.sender_address}"

                else

                  null;

              defaultText = lib.literalExpression ''

                if config.services.postfix.enable && config.services.postfix.setSendmail then

                  "/run/wrappers/bin/sendmail -i -t"

                  "/run/wrappers/bin/sendmail -i -t -f $${cfg.reportd.settings.sender_address}"

                else

                  null

              '';