Add support for sender rewriting using postsrsd

With SRS we support forwarding of mails without (fully) breaking SPF alignment.
2025-07-10 23:10:45 +02:00
parent b633223a33
commit eeda8ba39e
9 changed files with 160 additions and 4 deletions
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@@ -261,6 +261,24 @@ in
      configurePostfix = true;
    };

+    # Sender Rewriting Scheme (https://www.libsrs2.net/srs/srs.pdf)
+    services.postsrsd = {
+      inherit (cfg.srs) enable;
+      configurePostfix = true;
+      settings = {
+        domains = lib.unique (
+          [
+            cfg.fqdn
+            cfg.sendingFqdn
+            cfg.systemDomain
+          ]
+          ++ cfg.domains
+        );
+        separator = "=";
+        srs-domain = cfg.srs.domain;
+      };
+    };
+
    systemd.services.postfix-setup = lib.mkIf cfg.ldap.enable {
      preStart = ''
        ${appendPwdInVirtualMailboxMap}
--- a/mail-server/rspamd.nix
+++ b/mail-server/rspamd.nix
@@ -50,6 +50,8 @@ let
        echo "Generated key for domain ${domain} and selector ${cfg.dkimSelector}"
      fi
    '';
+
+  dkimDomains = lib.unique (cfg.domains ++ (lib.optionals cfg.srs.enable [ cfg.srs.domain ]));
 in
 {
  config = lib.mkIf cfg.enable {
@@ -201,7 +203,7 @@ in
          SupplementaryGroups = [ config.services.redis.servers.rspamd.group ];
        }
        (lib.optionalAttrs cfg.dkimSigning {
-          ExecStartPre = map createDkimKeypair cfg.domains;
+          ExecStartPre = map createDkimKeypair dkimDomains;
          ReadWritePaths = [ cfg.dkimKeyDirectory ];
        })
      ];