scripts: make policyd-spf configurable (#3246)

2024-01-19 02:48:50 +00:00 · 2023-04-11 08:52:43 +02:00 · 2023-04-11 08:52:43 +02:00 · 9ee33a81b7
parent bbe1d2da31
commit 9ee33a81b7
6 changed files with 35 additions and 3 deletions
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@ -110,6 +110,13 @@ Enables the OpenDMARC service.
 - **1** => Enabled
 - 0 => Disabled

+##### ENABLE_POLICYD_SPF
+
+Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this to `0` in case you're using Rspamd ([`ENABLE_RSPAMD=1`](#enable_rspamd)).
+
+- 0 => Disabled
+- **1** => Enabled
+
 ##### ENABLE_POP3

 - **empty** => POP3 service disabled
--- a/mailserver.env
+++ b/mailserver.env
@ -105,6 +105,14 @@ ENABLE_OPENDKIM=1
 #   0   => Disabled
 ENABLE_OPENDMARC=1

+
+# Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
+# to `0` in case you're using Rspamd (`ENABLE_RSPAMD=1`).
+#
+# - 0     => Disabled
+# - **1** => Enabled
+ENABLE_POLICYD_SPF=1
+
 # 1 => Enables POP3 service
 # empty => disables POP3
 ENABLE_POP3=
--- a/target/postfix/master.cf
+++ b/target/postfix/master.cf
@ -48,9 +48,6 @@ sender-cleanup unix  n       -       n       -       0       cleanup
  -o syslog_name=postfix/sender-cleanup
  -o header_checks=pcre:/etc/postfix/maps/sender_header_filter.pcre

-policyd-spf    unix  -       n       n       -       0       spawn
-    user=policyd-spf argv=/usr/bin/policyd-spf
-
 cleanup        unix  n       -       n       -       0       cleanup
 qmgr           unix  n       -       n       300     1       qmgr
 tlsmgr         unix  -       -       n       1000?   1       tlsmgr
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@ -80,6 +80,7 @@ function _register_functions

  _register_setup_function '_setup_opendkim'
  _register_setup_function '_setup_opendmarc' # must come after `_setup_opendkim`
+  _register_setup_function '_setup_policyd_spf'

  _register_setup_function '_setup_security_stack'
  _register_setup_function '_setup_spam_to_junk'
--- a/target/scripts/startup/setup.d/dmarc_dkim_spf.sh
+++ b/target/scripts/startup/setup.d/dmarc_dkim_spf.sh
@ -84,3 +84,21 @@ function _setup_opendmarc
    _log 'debug' 'Disabling OpenDMARC'
  fi
 }
+
+# Configures the SPF check inside Postfix's configuration via policyd-spf. When
+# using Rspamd, you will likely want to turn that off.
+function _setup_policyd_spf
+{
+  if [[ ${ENABLE_POLICYD_SPF} -eq 1 ]]
+  then
+    _log 'debug' 'Configuring policyd-spf'
+    cat >>/etc/postfix/master.cf <<EOF
+
+policyd-spf    unix  -       n       n       -       0       spawn
+    user=policyd-spf argv=/usr/bin/policyd-spf
+EOF
+  else
+    _log 'debug' 'Disabling policyd-spf'
+    sedfile -i -E 's|check_policy_service unix:private/policyd-spf, ||g' /etc/postfix/main.cf
+  fi
+}
--- a/target/scripts/startup/variables-stack.sh
+++ b/target/scripts/startup/variables-stack.sh
@ -74,6 +74,7 @@ function __environment_variables_general_setup
  VARS[ENABLE_MANAGESIEVE]="${ENABLE_MANAGESIEVE:=0}"
  VARS[ENABLE_OPENDKIM]="${ENABLE_OPENDKIM:=1}"
  VARS[ENABLE_OPENDMARC]="${ENABLE_OPENDMARC:=1}"
+  VARS[ENABLE_POLICYD_SPF]="${ENABLE_POLICYD_SPF:=1}"
  VARS[ENABLE_POP3]="${ENABLE_POP3:=0}"
  VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
  VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"