From 52c7e647ab81383c72117800b8cd5cd49bec9030 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Sat, 4 Feb 2017 14:48:11 +0300
Subject: [PATCH] postfix service: don't empty local_recipient_maps

From Postfix documentation:

With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
---
 nixos/doc/manual/release-notes/rl-1703.xml | 12 +++++++++++-
 nixos/modules/services/mail/postfix.nix    |  2 --
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/nixos/doc/manual/release-notes/rl-1703.xml b/nixos/doc/manual/release-notes/rl-1703.xml
index 09358f3af231..be6ad59ac5d7 100644
--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -46,6 +46,7 @@ following incompatible changes:</para>
       for what those parameters represent.
     </para>
   </listitem>
+
   <listitem>
     <para>
       <literal>ansible</literal> now defaults to ansible version 2 as version 1
@@ -54,6 +55,7 @@ following incompatible changes:</para>
       vulnerability</link> unpatched by upstream.
     </para>
   </listitem>
+
   <listitem>
     <para>
       <literal>gnome</literal> alias has been removed along with
@@ -116,7 +118,6 @@ following incompatible changes:</para>
   </listitem>
 
   <listitem>
-
     <para><literal>overridePackages</literal> function no longer exists.
     It is replaced by <link
     xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
@@ -153,6 +154,15 @@ following incompatible changes:</para>
     </para>
   </listitem>
 
+  <listitem>
+    <para>
+      <literal>local_recipient_maps</literal> is not set to empty value by
+      Postfix service. It's an insecure default as stated by Postfix
+      documentation. Those who want to retain this setting need to set it via
+      <literal>services.postfix.extraConfig</literal>.
+    </para>
+  </listitem>
+
 </itemizedlist>
 
 
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
index cdde41446224..caaa87b94d61 100644
--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@@ -79,8 +79,6 @@ let
       relay_domains = ${concatStringsSep ", " cfg.relayDomains}
     ''
     + ''
-      local_recipient_maps =
-
       relayhost = ${if cfg.lookupMX || cfg.relayHost == "" then
           cfg.relayHost
         else