diff options
author | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-06-24 19:19:00 +0200 |
---|---|---|
committer | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-06-24 19:19:00 +0200 |
commit | 28338b17723993862209e89a39fbae8f0669d28e (patch) | |
tree | c4d33dd76668b16a8bb505e59e4d981a70344cb4 | |
parent | ec218d0097d5397c65e1ea32dc2049c6f5ce26fd (diff) | |
download | nixos-28338b17723993862209e89a39fbae8f0669d28e.tar nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.gz nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.bz2 nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.xz nixos-28338b17723993862209e89a39fbae8f0669d28e.zip |
testing spf verification on ymir
-rw-r--r-- | ymir.nix | 13 | ||||
-rw-r--r-- | ymir/spf.conf | 13 |
2 files changed, 21 insertions, 5 deletions
@@ -409,22 +409,25 @@ in rec { | |||
409 | check_policy_service unix:policy, | 409 | check_policy_service unix:policy, |
410 | permit_mynetworks, | 410 | permit_mynetworks, |
411 | permit_sasl_authenticated, | 411 | permit_sasl_authenticated, |
412 | reject_unauth_destination | 412 | reject_unauth_destination, |
413 | check_policy_service unix:privat/policy-spf | ||
413 | 414 | ||
414 | smtpd_relay_restrictions = | 415 | smtpd_relay_restrictions = |
415 | permit_mynetworks, | 416 | permit_mynetworks, |
416 | permit_sasl_authenticated, | 417 | permit_sasl_authenticated, |
417 | reject_unauth_destination | 418 | reject_unauth_destination |
418 | 419 | ||
419 | mlmmj_destination_recipient_limit = 1 | 420 | mlmmj_destination_recipient_limit = 1 |
421 | policy-spf_time_limit = 3600s | ||
420 | propagate_unmatched_extensions = virtual | 422 | propagate_unmatched_extensions = virtual |
421 | 423 | ||
422 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm | 424 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm |
423 | ''; | 425 | ''; |
424 | extraMasterConf = '' | 426 | extraMasterConf = '' |
425 | uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) | 427 | uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) |
426 | mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} | 428 | mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} |
427 | mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} | 429 | mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} |
430 | policy-spf unix - n n - - spawn user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf} | ||
428 | ''; | 431 | ''; |
429 | networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; | 432 | networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; |
430 | }; | 433 | }; |
diff --git a/ymir/spf.conf b/ymir/spf.conf new file mode 100644 index 00000000..b958e9e3 --- /dev/null +++ b/ymir/spf.conf | |||
@@ -0,0 +1,13 @@ | |||
1 | # For a fully commented sample config file see policyd-spf.conf.commented | ||
2 | |||
3 | debugLevel = 2 | ||
4 | defaultSeedOnly = 0 | ||
5 | |||
6 | HELO_reject = SPF_Not_Pass | ||
7 | Mail_From_reject = Fail | ||
8 | |||
9 | PermError_reject = False | ||
10 | TempError_Defer = False | ||
11 | |||
12 | skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 | ||
13 | |||