From 5eb3dca39ea4c01eb38a8c6f329e6d5e9c845732 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 14 Apr 2021 18:50:02 -0300 Subject: Feat: support for SPF checking --- manifests/base.pp | 6 +++++- manifests/packages.pp | 2 +- manifests/system.pp | 4 ++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/manifests/base.pp b/manifests/base.pp index eb84c76..4e3472e 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -22,12 +22,16 @@ class mail::base { # Recipient restrictions postfix::config { "smtpd_recipient_restrictions": - value => "permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client psbl.surriel.com, check_policy_service inet:127.0.0.1:${postgrey_port}" } + value => "permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client psbl.surriel.com, check_policy_service unix:private/policyd-spf, check_policy_service inet:127.0.0.1:${postgrey_port}" } postfix::hash { "/etc/postfix/virtual": ensure => present, } + postfix::config { "policy-spf_time_limit": + value => "3600", + } + postfix::hash { "/etc/postfix/transport": ensure => present, } diff --git a/manifests/packages.pp b/manifests/packages.pp index 45c1063..1a59c8b 100644 --- a/manifests/packages.pp +++ b/manifests/packages.pp @@ -1,6 +1,6 @@ class mail::packages { # The needed packages - package { [ 'postgrey', 'amavisd-new', 'spamassassin', 'spamc', 'pflogsumm' ]: + package { [ 'postgrey', 'amavisd-new', 'spamassassin', 'spamc', 'pflogsumm', 'postfix-policyd-spf-python' ]: ensure => installed, } diff --git a/manifests/system.pp b/manifests/system.pp index a4fc57b..7d9841b 100644 --- a/manifests/system.pp +++ b/manifests/system.pp @@ -28,6 +28,10 @@ class mail::system( true => "yes", default => "no", }, + use_spf => lookup('mail::spf', undef, undef, false) ? { + true => "yes", + default => "no", + }, use_submission => "yes", use_smtps => "no", anon_sasl => "yes", -- cgit v1.2.3