postfix: add support for policyd-spf

2022-04-30 05:48:12 +02:00 · 2022-04-30 05:48:12 +02:00 · a1d6885e2d
commit a1d6885e2d
parent f7af25c2c0
6 changed files with 25 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -68,6 +68,17 @@ postfix_master_processes: |
  {{ postfix_default_master_processes }}
 ```

+Also includes support for postfix-policyd-spf-python.  To enable, set
+
+```yaml
+postfix_policyd_spf_enable: yes
+postfix_smtpd_recipient_restrictions:
+  # ...
+  - reject_unauth_destination
+  - check_policy_service unix:private/policyd-spf
+  # ...
+```
+
 Run `ansible-playbook -t role::postfix` to deploy.

 ### PostSRSd
--- a/galaxy.yml
+++ b/galaxy.yml
@ -8,7 +8,7 @@ namespace: s3lph
 name: mailserver

 # The version of the collection. Must be compatible with semantic versioning
-version: '0.2.5'
+version: '0.3.0'

 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
--- a/roles/postfix/defaults/main/global.yml
+++ b/roles/postfix/defaults/main/global.yml
@ -19,6 +19,7 @@ postfix_additional_relay_domains: []
 postfix_postfixadmin_enable: no
 postfix_mailman_enable: no
 postfix_schleuder_enable: no
+postfix_policyd_spf_enable: no
 postfix_srsd_enable: no
 postfix_srsd_nodefault: no
 postfix_spamassassin_enable: no
@ -29,3 +30,5 @@ postfix_srsd_reverse_lookup: "tcp:localhost:10002"
 postfix_additional_tables: {}
 postfix_aliases:
  postmaster: root
+
+postfix_policyd_spf_time_limit: 3600s
--- a/roles/postfix/tasks/install.yml
+++ b/roles/postfix/tasks/install.yml
@ -6,3 +6,4 @@
      - postfix
      - postfix-mysql
      - mailutils
+      - postfix-policyd-spf-python
--- a/roles/postfix/templates/etc/postfix/main.cf.j2
+++ b/roles/postfix/templates/etc/postfix/main.cf.j2
@ -166,4 +166,8 @@ recipient_canonical_classes= envelope_recipient,header_recipient
 # milter macros useful for spamass-milter
 milter_connect_macros = j {daemon_name} v {if_name} _
 milter_data_macros = j i {daemon_name} v {if_name} _
+{% endif %}
+
+{% if postfix_policyd_spf_enable %}
+policy-spf_time_limit = {{ postfix_policyd_spf_time_limit }}
 {% endif %}
--- a/roles/postfix/templates/etc/postfix/master.cf.j2
+++ b/roles/postfix/templates/etc/postfix/master.cf.j2
@ -17,6 +17,11 @@
 {% endfor %}
 {% endfor %}

+{% if postfix_policyd_spf_enable %}
+policyd-spf	unix	-	n	n	-	0	spawn
+	user=policyd-spf argv=/usr/bin/policyd-spf
+{% endif %}
+
 {% if postfix_schleuder_enable %}
 schleuder	unix	y	n	n	-	-	pipe
 	flags=DRhu user=schleuder argv=/usr/bin/schleuder work ${recipient}