From 2378f973e772c49fb68fe11fac27dcf590f25376 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Thu, 27 Oct 2016 16:36:10 +0200
Subject: try to exclude LRZ-domains from spf checking

---
 ymir.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/ymir.nix b/ymir.nix
index 25e3d9b7..0f32b998 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -421,6 +421,22 @@ in rec {
         permit_mynetworks,
         permit_sasl_authenticated,
         reject_unauth_destination,
+        check_sender_mx_access regex:${pkgs.writeText "spfpolicy" ''
+          /(^|\.)tu-muenchen\.de$/ DUNNO
+          /(^|\.)tum\.de$/ DUNNO
+          /(^|\.)lmu\.de$/ DUNNO
+          /(^|\.)uni-muenchen\.de$/ DUNNO
+          /(^|\.)lrz\.de$/ DUNNO
+          /(^|\.)badw-muenchen\.de$/ DUNNO
+          /(^|\.)badw\.de$/ DUNNO
+          /(^|\.)hm\.edu$/ DUNNO
+          /(^|\.)hswt\.de$/ DUNNO
+          /(^|\.)mhn\.de$/ DUNNO
+          /(^|\.)mwn\.de$/ DUNNO
+          /.*/ spfcheck
+        ''}
+      smtpd_restriction_classes = spfcheck
+      spfcheck =
         check_policy_service unix:private/policy-spf
 
       smtpd_relay_restrictions =
-- 
cgit v1.2.3