summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <pngwjpgh@users.noreply.github.com>2016-06-24 19:19:00 +0200
committerGregor Kleen <pngwjpgh@users.noreply.github.com>2016-06-24 19:19:00 +0200
commit28338b17723993862209e89a39fbae8f0669d28e (patch)
treec4d33dd76668b16a8bb505e59e4d981a70344cb4
parentec218d0097d5397c65e1ea32dc2049c6f5ce26fd (diff)
downloadnixos-28338b17723993862209e89a39fbae8f0669d28e.tar
nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.gz
nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.bz2
nixos-28338b17723993862209e89a39fbae8f0669d28e.tar.xz
nixos-28338b17723993862209e89a39fbae8f0669d28e.zip
testing spf verification on ymir
-rw-r--r--ymir.nix13
-rw-r--r--ymir/spf.conf13
2 files changed, 21 insertions, 5 deletions
diff --git a/ymir.nix b/ymir.nix
index 16fa4b1a..c8d6811b 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -409,22 +409,25 @@ in rec {
409 check_policy_service unix:policy, 409 check_policy_service unix:policy,
410 permit_mynetworks, 410 permit_mynetworks,
411 permit_sasl_authenticated, 411 permit_sasl_authenticated,
412 reject_unauth_destination 412 reject_unauth_destination,
413 check_policy_service unix:privat/policy-spf
413 414
414 smtpd_relay_restrictions = 415 smtpd_relay_restrictions =
415 permit_mynetworks, 416 permit_mynetworks,
416 permit_sasl_authenticated, 417 permit_sasl_authenticated,
417 reject_unauth_destination 418 reject_unauth_destination
418 419
419 mlmmj_destination_recipient_limit = 1 420 mlmmj_destination_recipient_limit = 1
421 policy-spf_time_limit = 3600s
420 propagate_unmatched_extensions = virtual 422 propagate_unmatched_extensions = virtual
421 423
422 alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm 424 alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm
423 ''; 425 '';
424 extraMasterConf = '' 426 extraMasterConf = ''
425 uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) 427 uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient)
426 mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} 428 mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user}
427 mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} 429 mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension}
430 policy-spf unix - n n - - spawn user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}
428 ''; 431 '';
429 networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; 432 networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
430 }; 433 };
diff --git a/ymir/spf.conf b/ymir/spf.conf
new file mode 100644
index 00000000..b958e9e3
--- /dev/null
+++ b/ymir/spf.conf
@@ -0,0 +1,13 @@
1# For a fully commented sample config file see policyd-spf.conf.commented
2
3debugLevel = 2
4defaultSeedOnly = 0
5
6HELO_reject = SPF_Not_Pass
7Mail_From_reject = Fail
8
9PermError_reject = False
10TempError_Defer = False
11
12skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
13