From ee59ed6d96f7647668a5a569f8d1553c395decec Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 10 Feb 2019 19:01:29 +0100
Subject: ...

---
 ymir.nix      | 31 +++++--------------------------
 ymir/spf.conf | 12 ------------
 2 files changed, 5 insertions(+), 38 deletions(-)
 delete mode 100644 ymir/spf.conf

diff --git a/ymir.nix b/ymir.nix
index 83c2bf60..4983dd43 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -560,24 +560,7 @@ in rec {
         "reject_non_fqdn_helo_hostname"
         "reject_invalid_helo_hostname"
         "reject_unauth_destination"
-        ''check_client_access regexp:${pkgs.writeText "spfpolicy" ''
-          /(^|\.)tu-muenchen\.de$/ DUNNO
-          /(^|\.)tum\.de$/ DUNNO
-          /(^|\.)lmu\.de$/ DUNNO
-          /(^|\.)uni-muenchen\.de$/ DUNNO
-          /(^|\.)lrz\.de$/ DUNNO
-          /(^|\.)badw-muenchen\.de$/ DUNNO
-          /(^|\.)badw\.de$/ DUNNO
-          /(^|\.)hm\.edu$/ DUNNO
-          /(^|\.)hswt\.de$/ DUNNO
-          /(^|\.)mhn\.de$/ DUNNO
-          /(^|\.)mwn\.de$/ DUNNO
-          /(^|\.)boulderwelt\.de$/ DUNNO
-          /.*/ spfcheck
-        ''}''
       ];
-      smtpd_restriction_classes = "spfcheck";
-      spfcheck = "check_policy_service unix:private/policy-spf";
 
       smtpd_relay_restrictions = [
         "permit_mynetworks"
@@ -587,7 +570,6 @@ in rec {
 
       mlmmj_destination_recipient_limit = "1";
       mlmmj-subs_destination_recipient_limit = "1";
-      policy-spf_time_limit = "3600s";
       propagate_unmatched_extensions = ["canonical" "virtual" "alias"];
       smtpd_authorized_verp_clients = "$authorized_verp_clients";
       authorized_verp_clients = "$mynetworks";
@@ -648,14 +630,6 @@ in rec {
         command = "pipe";
         args = [ "flags=Fqhu" "user=mlmmj" ''argv=${pkgs.mlmmj-exposed}/bin/mlmmj-exposed /srv/mail/lists/''${user} ''${extension}'' ];
       };
-      policy-spf = {
-        type = "unix";
-        private = true;
-        privileged = true;
-        chroot = false;
-        command = "spawn";
-        args = [ "user=nobody" "argv=${pkgs.pypolicyd-spf}/bin/policyd-spf ${./ymir/spf.conf}" ];
-      };
     };
     networks = ["127.0.0.0/8" "[::ffff:127.0.0.0]/104" "[::1]/128" "10.141.0.0/16"];
   };
@@ -1116,5 +1090,10 @@ in rec {
         '';
       };
     };
+    locals = {
+      "milter_headers.conf".text = ''
+        extended_spam_headers = true;
+      '';
+    };
   };
 }
diff --git a/ymir/spf.conf b/ymir/spf.conf
deleted file mode 100644
index efac6880..00000000
--- a/ymir/spf.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-#  For a fully commented sample config file see policyd-spf.conf.commented
-
-debugLevel = 2
-# defaultSeedOnly = 1
-
-HELO_reject = SPF_Not_Pass
-Mail_From_reject = Fail
-
-PermError_reject = True
-TempError_Defer = True
-
-skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,10.0.0.0/8,172.16.0.0/20,192.168.0.0/16,fd00::/8
\ No newline at end of file
-- 
cgit v1.2.3