diff --git a/default.nix b/default.nix index 39d1e09..ad000ff 100644 --- a/default.nix +++ b/default.nix @@ -678,6 +678,31 @@ in default = [ ]; }; + rejectSenderMessage = mkOption { + type = types.str; + default = ""; + example = "Your e-mail has not been delivered because we have blocked your e-mai address. If you believe that your e-mail address has been blocked by mistake, or if you have any other legitimate concern, please contact
."; + description = '' + SMTP message returned to rejected senders. If not set the Postfix + default will be used. + + The message must be a single line and typically much shorter than 512 + characters. + + This could for example be used to provide a contact method (postal + address, phone or alternative email) so rejected senders can exercise + their [Art. 21 GDPR] right to object. + + It is good practice to inform senders in advance that their email + addresses may be processed for this purpose in accordance with [Art. 13 + GDPR]. Storing their mail address for this purpose is generally + regarded as a legitimate interest. + + [Art. 13 GDPR]: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng#:~:text=Article%2013 + [Art. 21 GDPR]: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng#:~:text=Article%2021 + ''; + }; + rejectRecipients = mkOption { type = types.listOf types.str; example = [ diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index 3a21894..d860cbd 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -133,7 +133,12 @@ let lib.concatStringsSep "\n" denied_recipients_postfix ); - reject_senders_postfix = map (sender: "${sender} REJECT") cfg.rejectSender; + reject_senders_postfix = map ( + sender: + "${sender} REJECT${ + lib.optionalString (cfg.rejectSenderMessage != "") " ${cfg.rejectSenderMessage}" + }" + ) cfg.rejectSender; reject_senders_file = builtins.toFile "reject_senders" ( lib.concatStringsSep "\n" reject_senders_postfix );