From 11afd23d99fa6ac930b65f472455b83baca91045 Mon Sep 17 00:00:00 2001
From: jaina heartles <me@heartles.xyz>
Date: Sun, 9 Mar 2025 22:22:33 -0400
Subject: [PATCH] Add firewall rules that mitigate spam

---
 postfix.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/postfix.nix b/postfix.nix
index c9654b1..e7a1f5c 100644
--- a/postfix.nix
+++ b/postfix.nix
@@ -1,6 +1,12 @@
 { pkgs, config, ... }:
 
 {
+  networking.firewall.extraCommands = let user = config.services.postfix.user;
+  in ''
+    iptables -I OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp-admin-prohibited
+    ip6tables -I OUTPUT -m owner ! --uid-owner ${user} -m tcp -p tcp --dport 25 -j REJECT --reject-with icmp6-adm-prohibited
+  '';
+
   services.postfix = {
     enable = true;
     enableSubmission = true;