ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2025-05-04 17:50:51 +05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'remove-policy-spf' into 'master'

Browse Source 
Remove policy-spf

See merge request simple-nixos-mailserver/nixos-mailserver!380
This commit is contained in:
Sandro 2025-04-17 20:26:07 +02:00
commit a2bafcfbe3
3 changed files with 5 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
default.nix
View File

@ -1022,18 +1022,6 @@ in
''; '';
}; };
policydSPFExtraConfig = mkOption {
type = types.lines;
default = "";
example = ''
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
'';
description = ''
Extra configuration options for policyd-spf. This can be use to among
other things skip spf checking for some IP addresses.
'';
};
monitoring = { monitoring = {
enable = mkEnableOption "monitoring via monit"; enable = mkEnableOption "monitoring via monit";
@ -1303,7 +1291,6 @@ in
'') '')
./mail-server/assertions.nix ./mail-server/assertions.nix
./mail-server/borgbackup.nix ./mail-server/borgbackup.nix
./mail-server/debug.nix
./mail-server/rsnapshot.nix ./mail-server/rsnapshot.nix
./mail-server/clamav.nix ./mail-server/clamav.nix
./mail-server/monit.nix ./mail-server/monit.nix
@ -1317,5 +1304,9 @@ in
./mail-server/rspamd.nix ./mail-server/rspamd.nix
./mail-server/nginx.nix ./mail-server/nginx.nix
./mail-server/kresd.nix ./mail-server/kresd.nix
(lib.mkRemovedOptionModule [ "mailserver" "policydSPFExtraConfig" ] ''
SPF checking has been migrated to Rspamd, which makes this config redundant. Please look into the rspamd config to migrate your settings.
It may be that they are redundant and are already configured in rspamd like for skip_addresses.
'')
]; ];
} }

4
mail-server/debug.nix
View File

@ -1,4 +0,0 @@
{ config, lib, ... }:
{
mailserver.policydSPFExtraConfig = lib.mkIf config.mailserver.debug "debugLevel = 4";
}

12
mail-server/postfix.nix
View File

@ -255,19 +255,16 @@ in
"permit_mynetworks" "permit_sasl_authenticated" "reject_unauth_destination" "permit_mynetworks" "permit_sasl_authenticated" "reject_unauth_destination"
]; ];
policy-spf_time_limit = "3600s";
# reject selected senders # reject selected senders
smtpd_sender_restrictions = [ smtpd_sender_restrictions = [
"check_sender_access ${mappedFile "reject_senders"}" "check_sender_access ${mappedFile "reject_senders"}"
]; ];
# quota and spf checking # quota checking
smtpd_recipient_restrictions = [ smtpd_recipient_restrictions = [
"check_recipient_access ${mappedFile "denied_recipients"}" "check_recipient_access ${mappedFile "denied_recipients"}"
"check_recipient_access ${mappedFile "reject_recipients"}" "check_recipient_access ${mappedFile "reject_recipients"}"
"check_policy_service inet:localhost:12340" "check_policy_service inet:localhost:12340"
"check_policy_service unix:private/policy-spf"
]; ];
# TLS settings, inspired by https://github.com/jeaye/nix-files # TLS settings, inspired by https://github.com/jeaye/nix-files
@ -321,13 +318,6 @@ in
# D => Delivered-To, O => X-Original-To, R => Return-Path # D => Delivered-To, O => X-Original-To, R => Return-Path
args = [ "flags=O" ]; args = [ "flags=O" ];
}; };
"policy-spf" = {
type = "unix";
privileged = true;
chroot = false;
command = "spawn";
args = [ "user=nobody" "argv=${pkgs.spf-engine}/bin/policyd-spf" "${policyd-spf}"];
};
"submission-header-cleanup" = { "submission-header-cleanup" = {
type = "unix"; type = "unix";
private = false; private = false;