Feat: support for SPF checking

3 files changed, 10 insertions, 2 deletions

diff --git a/manifests/base.pp b/manifests/base.pp
index eb84c76..4e3472e 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -22,12 +22,16 @@ class mail::base {
 
   # Recipient restrictions
   postfix::config { "smtpd_recipient_restrictions":
-    value => "permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client psbl.surriel.com, check_policy_service inet:127.0.0.1:${postgrey_port}" }
+    value => "permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client psbl.surriel.com, check_policy_service unix:private/policyd-spf, check_policy_service inet:127.0.0.1:${postgrey_port}" }
 
   postfix::hash { "/etc/postfix/virtual":
     ensure => present,
   }
 
+  postfix::config { "policy-spf_time_limit":
+    value => "3600",
+  }
+
   postfix::hash { "/etc/postfix/transport":
     ensure => present,
   }
diff --git a/manifests/packages.pp b/manifests/packages.pp
index 45c1063..1a59c8b 100644
--- a/manifests/packages.pp
+++ b/manifests/packages.pp
@@ -1,6 +1,6 @@
 class mail::packages {
   # The needed packages
-  package { [ 'postgrey', 'amavisd-new', 'spamassassin', 'spamc', 'pflogsumm' ]:
+  package { [ 'postgrey', 'amavisd-new', 'spamassassin', 'spamc', 'pflogsumm', 'postfix-policyd-spf-python' ]:
     ensure => installed,
   }
 
diff --git a/manifests/system.pp b/manifests/system.pp
index a4fc57b..7d9841b 100644
--- a/manifests/system.pp
+++ b/manifests/system.pp
@@ -28,6 +28,10 @@ class mail::system(
       true    => "yes",
       default => "no",
     },
+    use_spf               => lookup('mail::spf', undef, undef, false) ? {
+      true    => "yes",
+      default => "no",
+    },
     use_submission          => "yes",
     use_smtps               => "no",
     anon_sasl               => "yes",