...

author: Gregor Kleen <gkleen@yggdrasil.li> 2019-02-10 19:01:29 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2019-02-10 19:01:29 +0100
commit: ee59ed6d96f7647668a5a569f8d1553c395decec (patch)
tree: 7c30e0f27bccd2cc7987384d12d065f78604a437
parent: 973decde79d05d0a41e81c0ed0cdb9fb90b0df4f (diff)
download: nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar
nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.gz
nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.bz2
nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.xz
nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.zip
2 files changed, 5 insertions, 38 deletions
diff --git a/ymir.nix b/ymir.nix
index 83c2bf60..4983dd43 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -560,24 +560,7 @@ in rec {
        "reject_non_fqdn_helo_hostname"
        "reject_invalid_helo_hostname"
        "reject_unauth_destination"
-        ''check_client_access regexp:${pkgs.writeText "spfpolicy" ''
-          /(^|\.)tu-muenchen\.de$/ DUNNO
-          /(^|\.)tum\.de$/ DUNNO
-          /(^|\.)lmu\.de$/ DUNNO
-          /(^|\.)uni-muenchen\.de$/ DUNNO
-          /(^|\.)lrz\.de$/ DUNNO
-          /(^|\.)badw-muenchen\.de$/ DUNNO
-          /(^|\.)badw\.de$/ DUNNO
-          /(^|\.)hm\.edu$/ DUNNO
-          /(^|\.)hswt\.de$/ DUNNO
-          /(^|\.)mhn\.de$/ DUNNO
-          /(^|\.)mwn\.de$/ DUNNO
-          /(^|\.)boulderwelt\.de$/ DUNNO
-          /.*/ spfcheck
-        ''}''
      ];
-      smtpd_restriction_classes = "spfcheck";
-      spfcheck = "check_policy_service unix:private/policy-spf";
      smtpd_relay_restrictions = [
        "permit_mynetworks"
@@ -587,7 +570,6 @@ in rec {
      mlmmj_destination_recipient_limit = "1";
      mlmmj-subs_destination_recipient_limit = "1";
-      policy-spf_time_limit = "3600s";
      propagate_unmatched_extensions = ["canonical" "virtual" "alias"];
      smtpd_authorized_verp_clients = "$authorized_verp_clients";
      authorized_verp_clients = "$mynetworks";
@@ -648,14 +630,6 @@ in rec {
        command = "pipe";
        args = [ "flags=Fqhu" "user=mlmmj" ''argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /srv/mail/lists/''${user} ''${extension}'' ];
      };
-      policy-spf = {
-        type = "unix";
-        private = true;
-        privileged = true;
-        chroot = false;
-        command = "spawn";
-        args = [ "user=nobody" "argv=${pkgs.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}" ];
-      };
    };
    networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
  };
@@ -1116,5 +1090,10 @@ in rec {
        '';
      };
    };
+    locals = {
+      "milter_headers.conf".text = ''
+        extended_spam_headers = true;
+      '';
+    };
  };
 }
diff --git a/ymir/spf.conf b/ymir/spf.conf
deleted file mode 100644
index efac6880..00000000
--- a/ymir/spf.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-#  For a fully commented sample config file see policyd-spf.conf.commented
-debugLevel = 2
-# defaultSeedOnly = 1
-HELO_reject = SPF_Not_Pass
-Mail_From_reject = Fail
-PermError_reject = True
-TempError_Defer = True
-skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,10.0.0.0/8,172.16.0.0/20,192.168.0.0/16,fd00::/8
-\ No newline at end of file
author	Gregor Kleen <gkleen@yggdrasil.li>	2019-02-10 19:01:29 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2019-02-10 19:01:29 +0100
commit	ee59ed6d96f7647668a5a569f8d1553c395decec (patch)
tree	7c30e0f27bccd2cc7987384d12d065f78604a437
parent	973decde79d05d0a41e81c0ed0cdb9fb90b0df4f (diff)
download	nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.gz nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.bz2 nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.tar.xz nixos-ee59ed6d96f7647668a5a569f8d1553c395decec.zip

diff --git a/ymir.nix b/ymir.nix index 83c2bf60..4983dd43 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -560,24 +560,7 @@ in rec {
560	"reject_non_fqdn_helo_hostname"	560	"reject_non_fqdn_helo_hostname"
561	"reject_invalid_helo_hostname"	561	"reject_invalid_helo_hostname"
562	"reject_unauth_destination"	562	"reject_unauth_destination"
563	''check_client_access regexp:${pkgs.writeText "spfpolicy" ''
564	/(^\|\.)tu-muenchen\.de$/ DUNNO
565	/(^\|\.)tum\.de$/ DUNNO
566	/(^\|\.)lmu\.de$/ DUNNO
567	/(^\|\.)uni-muenchen\.de$/ DUNNO
568	/(^\|\.)lrz\.de$/ DUNNO
569	/(^\|\.)badw-muenchen\.de$/ DUNNO
570	/(^\|\.)badw\.de$/ DUNNO
571	/(^\|\.)hm\.edu$/ DUNNO
572	/(^\|\.)hswt\.de$/ DUNNO
573	/(^\|\.)mhn\.de$/ DUNNO
574	/(^\|\.)mwn\.de$/ DUNNO
575	/(^\|\.)boulderwelt\.de$/ DUNNO
576	/.*/ spfcheck
577	''}''
578	];	563	];
579	smtpd_restriction_classes = "spfcheck";
580	spfcheck = "check_policy_service unix:private/policy-spf";
581		564
582	smtpd_relay_restrictions = [	565	smtpd_relay_restrictions = [
583	"permit_mynetworks"	566	"permit_mynetworks"
@@ -587,7 +570,6 @@ in rec {
587		570
588	mlmmj_destination_recipient_limit = "1";	571	mlmmj_destination_recipient_limit = "1";
589	mlmmj-subs_destination_recipient_limit = "1";	572	mlmmj-subs_destination_recipient_limit = "1";
590	policy-spf_time_limit = "3600s";
591	propagate_unmatched_extensions = ["canonical" "virtual" "alias"];	573	propagate_unmatched_extensions = ["canonical" "virtual" "alias"];
592	smtpd_authorized_verp_clients = "$authorized_verp_clients";	574	smtpd_authorized_verp_clients = "$authorized_verp_clients";
593	authorized_verp_clients = "$mynetworks";	575	authorized_verp_clients = "$mynetworks";
@@ -648,14 +630,6 @@ in rec {
648	command = "pipe";	630	command = "pipe";
649	args = [ "flags=Fqhu" "user=mlmmj" ''argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /srv/mail/lists/''${user} ''${extension}'' ];	631	args = [ "flags=Fqhu" "user=mlmmj" ''argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /srv/mail/lists/''${user} ''${extension}'' ];
650	};	632	};
651	policy-spf = {
652	type = "unix";
653	private = true;
654	privileged = true;
655	chroot = false;
656	command = "spawn";
657	args = [ "user=nobody" "argv=${pkgs.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}" ];
658	};
659	};	633	};
660	networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];	634	networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
661	};	635	};
@@ -1116,5 +1090,10 @@ in rec {
1116	'';	1090	'';
1117	};	1091	};
1118	};	1092	};
		1093	locals = {
		1094	"milter_headers.conf".text = ''
		1095	extended_spam_headers = true;
		1096	'';
		1097	};
1119	};	1098	};
1120	}	1099	}


diff --git a/ymir/spf.conf b/ymir/spf.conf deleted file mode 100644 index efac6880..00000000 --- a/ymir/spf.conf +++ /dev/null
@@ -1,12 +0,0 @@
1	# For a fully commented sample config file see policyd-spf.conf.commented
2
3	debugLevel = 2
4	# defaultSeedOnly = 1
5
6	HELO_reject = SPF_Not_Pass
7	Mail_From_reject = Fail
8
9	PermError_reject = True
10	TempError_Defer = True
11
12	skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,10.0.0.0/8,172.16.0.0/20,192.168.0.0/16,fd00::/8 \ No newline at end of file