From 28338b17723993862209e89a39fbae8f0669d28e Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 24 Jun 2016 19:19:00 +0200 Subject: testing spf verification on ymir --- ymir.nix | 13 ++++++++----- ymir/spf.conf | 13 +++++++++++++ 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 ymir/spf.conf diff --git a/ymir.nix b/ymir.nix index 16fa4b1a..c8d6811b 100644 --- a/ymir.nix +++ b/ymir.nix @@ -409,22 +409,25 @@ in rec { check_policy_service unix:policy, permit_mynetworks, permit_sasl_authenticated, - reject_unauth_destination + reject_unauth_destination, + check_policy_service unix:privat/policy-spf smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination - mlmmj_destination_recipient_limit = 1 + mlmmj_destination_recipient_limit = 1 + policy-spf_time_limit = 3600s propagate_unmatched_extensions = virtual alias_maps = hash:/etc/postfix/aliases texthash:/srv/mail/spm ''; extraMasterConf = '' - uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) - mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} - mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} + uucp unix - n n - - pipe flags=Fqhu user=uucp argv=/var/setuid-wrappers/uux -z -a$sender - $nexthop!rmail ($recipient) + mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L /var/spool/lists/''${user} + mlmmj-subs unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /var/spool/lists/''${user} ''${extension} + policy-spf unix - n n - - spawn user=nobody argv=${pkgs.pythonPackages.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf} ''; networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"]; }; diff --git a/ymir/spf.conf b/ymir/spf.conf new file mode 100644 index 00000000..b958e9e3 --- /dev/null +++ b/ymir/spf.conf @@ -0,0 +1,13 @@ +# For a fully commented sample config file see policyd-spf.conf.commented + +debugLevel = 2 +defaultSeedOnly = 0 + +HELO_reject = SPF_Not_Pass +Mail_From_reject = Fail + +PermError_reject = False +TempError_Defer = False + +skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 + -- cgit v1.2.3