From 54f859ea6260270cb5ed1dec159087da58a02d96 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <pngwjpgh@users.noreply.github.com>
Date: Mon, 2 Jan 2017 14:10:14 +0100
Subject: Replace reverse dns check with greylisting

---
 ymir.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 6fffb856..ef56d98e 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -426,7 +426,6 @@ in rec {
         permit_sasl_authenticated,
         reject_non_fqdn_helo_hostname,
         reject_invalid_helo_hostname,
-        reject_unknown_reverse_client_hostname,
         reject_unauth_destination,
         check_client_access regexp:${pkgs.writeText "spfpolicy" ''
           /(^|\.)tu-muenchen\.de$/ DUNNO
@@ -444,7 +443,8 @@ in rec {
         ''}
       smtpd_restriction_classes = spfcheck
       spfcheck =
-        check_policy_service unix:private/policy-spf
+        check_policy_service unix:private/policy-spf,
+        check_policy_service unix:/var/run/postgrey.sock
 
       smtpd_relay_restrictions =
         permit_mynetworks,
@@ -532,6 +532,10 @@ in rec {
     '';
   };
 
+  services.postgrey = {
+    enable = true;
+  };
+
   services.dovecot2 = {
     enable = true;
     enableImap = true;
-- 
cgit v1.2.3