From d46242a4b6347484dc5985a8ed196410ca8a1977 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Wed, 27 Sep 2023 13:47:38 -0700
Subject: [PATCH] Submission restrictions ought to be different?

---
 postfix.nix | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/postfix.nix b/postfix.nix
index cde806b..7d7b175 100644
--- a/postfix.nix
+++ b/postfix.nix
@@ -267,6 +267,20 @@ in {
           cfg.blacklist.dns)
           ++ [ "permit_mynetworks" "permit_sasl_authenticated" "reject" ];
 
+        submission-recipient-restrictions = [
+          "reject_unknown_sender_domain"
+          "reject_unknown_recipient_domain"
+          "reject_unauth_pipelining"
+          "reject_unauth_destination"
+          "reject_invalid_hostname"
+          "reject_non_fqdn_hostname"
+          "reject_non_fqdn_sender"
+          "reject_non_fqdn_recipient"
+          "permit_mynetworks"
+          "permit_sasl_authenticated"
+          "reject"
+        ];
+
         client-restrictions =
           [ "permit_sasl_authenticated" "permit_mynetworks" "reject" ];
 
@@ -448,7 +462,7 @@ in {
           smtpd_client_restrictions = makeRestrictionsList client-restrictions;
           smtpd_sender_restrictions = makeRestrictionsList sender-restrictions;
           smtpd_recipient_restrictions =
-            makeRestrictionsList recipient-restrictions;
+            makeRestrictionsList submission-recipient-restrictions;
           cleanup_service_name = "submission-header-cleanup";
         };
 
@@ -466,7 +480,7 @@ in {
           smtpd_client_restrictions = makeRestrictionsList client-restrictions;
           smtpd_sender_restrictions = makeRestrictionsList sender-restrictions;
           smtpd_recipient_restrictions =
-            makeRestrictionsList recipient-restrictions;
+            makeRestrictionsList submission-recipient-restrictions;
           cleanup_service_name = "submission-header-cleanup";
         };