diff options
| author |  Joe Banks <[email protected]> | 2024-07-29 21:13:55 +0100 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2024-07-31 13:25:55 +0100 |
| commit | 383d8fa0ad4a4d8909838ffa0b1d33ad7cc67a9d (patch) | |
| tree | c7b94b1ef10db8026093212e7359a25bc1a5dc7b | |
| parent | postfix: add handler to restart postfix (diff) | |
spf: run inbound mail through policyd-spf filter
| -rw-r--r-- | ansible/roles/postfix/templates/main.cf.j2 | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/ansible/roles/postfix/templates/main.cf.j2 b/ansible/roles/postfix/templates/main.cf.j2 index cf7004f..43a93eb 100644 --- a/ansible/roles/postfix/templates/main.cf.j2 +++ b/ansible/roles/postfix/templates/main.cf.j2 @@ -19,11 +19,18 @@ smtpd_tls_auth_only=yes smtp_tls_security_level = encrypt -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination reject_unauth_pipelining +smtpd_relay_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination, + reject_unauth_pipelining + check_policy_service unix:private/policyd-spf, myorigin = /etc/mailname myhostname = mail.pydis.wtf +policyd-spf_time_limit = 3600 + sender_canonical_maps = tcp:localhost:10001 sender_canonical_classes = envelope_sender recipient_canonical_maps = tcp:localhost:10002 @@ -37,7 +44,7 @@ virtual_alias_maps = relay_recipient_maps = ldap:/etc/postfix/ldap-relay-recipients.cf, - ldap:/etc/postfix/ldap-group-aliases.cf.j2, + ldap:/etc/postfix/ldap-group-aliases.cf, hash:/etc/postfix/virtual mydestination = mail.pydis.wtf, pydis.wtf, localhost |