github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

scripts: get all policyd-spf setup in one place (#3263)

Browse source
This commit is contained in:
Georg Lauterbach 2023-04-15 00:40:42 +02:00 committed by GitHub
parent 1076aac37d
commit 03772f612a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
target/postfix/main.cf
View file

@ -48,7 +48,7 @@ smtpd_helo_required = yes
smtpd_delay_reject = yes smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
smtpd_sender_restrictions = $dms_smtpd_sender_restrictions smtpd_sender_restrictions = $dms_smtpd_sender_restrictions
disable_vrfy_command = yes disable_vrfy_command = yes
@ -96,9 +96,6 @@ milter_default_action = accept
smtpd_milters = smtpd_milters =
non_smtpd_milters = non_smtpd_milters =
# SPF policy settings
policyd-spf_time_limit = 3600
# Header checks for content inspection on receiving # Header checks for content inspection on receiving
header_checks = pcre:/etc/postfix/maps/header_checks.pcre header_checks = pcre:/etc/postfix/maps/header_checks.pcre

8
target/scripts/startup/setup.d/dmarc_dkim_spf.sh
View file

@ -97,8 +97,14 @@ function _setup_policyd_spf
policyd-spf unix - n n - 0 spawn policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policyd-spf user=policyd-spf argv=/usr/bin/policyd-spf
EOF EOF
sedfile -i -E \
's|^(smtpd_recipient_restrictions.*reject_unauth_destination)(.*)|\1, check_policy_service unix:private/policyd-spf\2|' \
/etc/postfix/main.cf
# SPF policy settings
postconf 'policyd-spf_time_limit = 3600'
EOF
else else
_log 'debug' 'Disabling policyd-spf' _log 'debug' 'Disabling policyd-spf'
sedfile -i -E 's|check_policy_service unix:private/policyd-spf, ||g' /etc/postfix/main.cf
fi fi
} }