From 03772f612a39fcfe2c4deedde750c77e3f7f0585 Mon Sep 17 00:00:00 2001 From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Date: Sat, 15 Apr 2023 00:40:42 +0200 Subject: [PATCH] scripts: get all `policyd-spf` setup in one place (#3263) --- target/postfix/main.cf | 5 +---- target/scripts/startup/setup.d/dmarc_dkim_spf.sh | 8 +++++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/target/postfix/main.cf b/target/postfix/main.cf index 881c3796..4827c47c 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -48,7 +48,7 @@ smtpd_helo_required = yes smtpd_delay_reject = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain +smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining smtpd_sender_restrictions = $dms_smtpd_sender_restrictions disable_vrfy_command = yes @@ -96,9 +96,6 @@ milter_default_action = accept smtpd_milters = non_smtpd_milters = -# SPF policy settings -policyd-spf_time_limit = 3600 - # Header checks for content inspection on receiving header_checks = pcre:/etc/postfix/maps/header_checks.pcre diff --git a/target/scripts/startup/setup.d/dmarc_dkim_spf.sh b/target/scripts/startup/setup.d/dmarc_dkim_spf.sh index c27e5258..bb92e774 100644 --- a/target/scripts/startup/setup.d/dmarc_dkim_spf.sh +++ b/target/scripts/startup/setup.d/dmarc_dkim_spf.sh @@ -97,8 +97,14 @@ function _setup_policyd_spf policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spf EOF + + sedfile -i -E \ + 's|^(smtpd_recipient_restrictions.*reject_unauth_destination)(.*)|\1, check_policy_service unix:private/policyd-spf\2|' \ + /etc/postfix/main.cf + # SPF policy settings + postconf 'policyd-spf_time_limit = 3600' +EOF else _log 'debug' 'Disabling policyd-spf' - sedfile -i -E 's|check_policy_service unix:private/policyd-spf, ||g' /etc/postfix/main.cf fi }