ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2025-04-28 18:40:52 +05:00
Code Issues Packages Projects Releases Wiki Activity

Remove policy-spf

Browse Source 
Rspamd can do the same as policy-spf, only better, with more settings, is well integrated and better maintained.
Other projects are going the same route [1].

[1]: https://docker-mailserver.github.io/docker-mailserver/latest/config/best-practices/dkim_dmarc_spf/
This commit is contained in:
Sandro Jäckel 2025-04-17 02:54:47 +02:00
parent 745c6ee861
commit bba070a1fe
No known key found for this signature in database
GPG Key ID: 3AF5A43A3EECC2E5
3 changed files with 5 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
default.nix
View File

@ -1022,18 +1022,6 @@ in
''; '';
}; };
policydSPFExtraConfig = mkOption {
type = types.lines;
default = "";
example = ''
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
'';
description = ''
Extra configuration options for policyd-spf. This can be use to among
other things skip spf checking for some IP addresses.
'';
};
monitoring = { monitoring = {
enable = mkEnableOption "monitoring via monit"; enable = mkEnableOption "monitoring via monit";
@ -1303,7 +1291,6 @@ in
'') '')
./mail-server/assertions.nix ./mail-server/assertions.nix
./mail-server/borgbackup.nix ./mail-server/borgbackup.nix
./mail-server/debug.nix
./mail-server/rsnapshot.nix ./mail-server/rsnapshot.nix
./mail-server/clamav.nix ./mail-server/clamav.nix
./mail-server/monit.nix ./mail-server/monit.nix
@ -1317,5 +1304,9 @@ in
./mail-server/rspamd.nix ./mail-server/rspamd.nix
./mail-server/nginx.nix ./mail-server/nginx.nix
./mail-server/kresd.nix ./mail-server/kresd.nix
(lib.mkRemovedOptionModule [ "mailserver" "policydSPFExtraConfig" ] ''
SPF checking has been migrated to Rspamd, which makes this config redundant. Please look into the rspamd config to migrate your settings.
It may be that they are redundant and are already configured in rspamd like for skip_addresses.
'')
]; ];
} }

4
mail-server/debug.nix
View File

@ -1,4 +0,0 @@
{ config, lib, ... }:
{
mailserver.policydSPFExtraConfig = lib.mkIf config.mailserver.debug "debugLevel = 4";
}

12
mail-server/postfix.nix
View File

@ -255,19 +255,16 @@ in
"permit_mynetworks" "permit_sasl_authenticated" "reject_unauth_destination" "permit_mynetworks" "permit_sasl_authenticated" "reject_unauth_destination"
]; ];
policy-spf_time_limit = "3600s";
# reject selected senders # reject selected senders
smtpd_sender_restrictions = [ smtpd_sender_restrictions = [
"check_sender_access ${mappedFile "reject_senders"}" "check_sender_access ${mappedFile "reject_senders"}"
]; ];
# quota and spf checking # quota checking
smtpd_recipient_restrictions = [ smtpd_recipient_restrictions = [
"check_recipient_access ${mappedFile "denied_recipients"}" "check_recipient_access ${mappedFile "denied_recipients"}"
"check_recipient_access ${mappedFile "reject_recipients"}" "check_recipient_access ${mappedFile "reject_recipients"}"
"check_policy_service inet:localhost:12340" "check_policy_service inet:localhost:12340"
"check_policy_service unix:private/policy-spf"
]; ];
# TLS settings, inspired by https://github.com/jeaye/nix-files # TLS settings, inspired by https://github.com/jeaye/nix-files
@ -321,13 +318,6 @@ in
# D => Delivered-To, O => X-Original-To, R => Return-Path # D => Delivered-To, O => X-Original-To, R => Return-Path
args = [ "flags=O" ]; args = [ "flags=O" ];
}; };
"policy-spf" = {
type = "unix";
privileged = true;
chroot = false;
command = "spawn";
args = [ "user=nobody" "argv=${pkgs.spf-engine}/bin/policyd-spf" "${policyd-spf}"];
};
"submission-header-cleanup" = { "submission-header-cleanup" = {
type = "unix"; type = "unix";
private = false; private = false;