diff options
| author | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-06-24 19:19:00 +0200 |
|---|---|---|
| committer | Gregor Kleen <pngwjpgh@users.noreply.github.com> | 2016-06-24 19:19:00 +0200 |
| commit | 28338b17723993862209e89a39fbae8f0669d28e (patch) | |
| tree | c4d33dd76668b16a8bb505e59e4d981a70344cb4 | |
| parent | ec218d0097d5397c65e1ea32dc2049c6f5ce26fd (diff) | |
| download | nixos-28338b17723993862209e89a39fbae8f0669d28e.tar nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.gz nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.bz2 nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.xz nixos-28338b17723993862209e89a39fbae8f0669d28e.zip | |
testing spf verification on ymir
| -rw-r--r-- | ymir.nix | 13 | ||||
| -rw-r--r-- | ymir/spf.conf | 13 |
2 files changed, 21 insertions, 5 deletions
| @@ -409,22 +409,25 @@ in rec { | |||
| 409 | check_policy_service unix:policy, | 409 | check_policy_service unix:policy, |
| 410 | permit_mynetworks, | 410 | permit_mynetworks, |
| 411 | permit_sasl_authenticated, | 411 | permit_sasl_authenticated, |
| 412 | reject_unauth_destination | 412 | reject_unauth_destination, |
| 413 | check_policy_service unix:privat/policy-spf | ||
| 413 | 414 | ||
| 414 | smtpd_relay_restrictions = | 415 | smtpd_relay_restrictions = |
| 415 | permit_mynetworks, | 416 | permit_mynetworks, |
| 416 | permit_sasl_authenticated, | 417 | permit_sasl_authenticated, |
| 417 | reject_unauth_destination | 418 | reject_unauth_destination |
| 418 | 419 | ||
| 419 | mlmmj_destination_recipient_limit = 1 | 420 | mlmmj_destination_recipient_limit = 1 |
| 421 | policy-spf_time_limit = 3600s | ||
| 420 | propagate_unmatched_extensions = virtual | 422 | propagate_unmatched_extensions = virtual |
| 421 | 423 | ||
| 422 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm | 424 | alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm |
| 423 | ''; | 425 | ''; |
| 424 | extraMasterConf = '' | 426 | extraMasterConf = '' |
| 425 | uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) | 427 | uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) |
| 426 | mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} | 428 | mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} |
| 427 | mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} | 429 | mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} |
| 430 | policy-spf unix - n n - - spawn user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf} | ||
| 428 | ''; | 431 | ''; |
| 429 | networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; | 432 | networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; |
| 430 | }; | 433 | }; |
diff --git a/ymir/spf.conf b/ymir/spf.conf new file mode 100644 index 00000000..b958e9e3 --- /dev/null +++ b/ymir/spf.conf | |||
| @@ -0,0 +1,13 @@ | |||
| 1 | # For a fully commented sample config file see policyd-spf.conf.commented | ||
| 2 | |||
| 3 | debugLevel = 2 | ||
| 4 | defaultSeedOnly = 0 | ||
| 5 | |||
| 6 | HELO_reject = SPF_Not_Pass | ||
| 7 | Mail_From_reject = Fail | ||
| 8 | |||
| 9 | PermError_reject = False | ||
| 10 | TempError_Defer = False | ||
| 11 | |||
| 12 | skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 | ||
| 13 | |||