Replace reverse dns check with greylisting

1 files changed, 6 insertions, 2 deletions

diff --git a/ymir.nix b/ymir.nix
index 6fffb856..ef56d98e 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -426,7 +426,6 @@ in rec {
         permit_sasl_authenticated,
         reject_non_fqdn_helo_hostname,
         reject_invalid_helo_hostname,
-        reject_unknown_reverse_client_hostname,
         reject_unauth_destination,
         check_client_access regexp:${pkgs.writeText "spfpolicy" ''
           /(^|\.)tu-muenchen\.de$/ DUNNO
@@ -444,7 +443,8 @@ in rec {
         ''}
       smtpd_restriction_classes = spfcheck
       spfcheck =
-        check_policy_service unix:private/policy-spf
+        check_policy_service unix:private/policy-spf,
+        check_policy_service unix:/var/run/postgrey.sock
 
       smtpd_relay_restrictions =
         permit_mynetworks,
@@ -532,6 +532,10 @@ in rec {
     '';
   };
 
+  services.postgrey = {
+    enable = true;
+  };
+
   services.dovecot2 = {
     enable = true;
     enableImap = true;