diff options
author | 2024-07-29 21:13:34 +0100 | |
---|---|---|
committer | 2024-07-31 13:25:54 +0100 | |
commit | 6663c1fe23d1fc0d01c356d54c51de649776bb92 (patch) | |
tree | 12e564b156f028f29505f28d051355d3e9f5a9ae /ansible | |
parent | postfix: add group email to alias maps and relay recipients (diff) |
spf: add policyd-spf to validate SPF of inbound mail
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/roles/postfix/files/policyd-spf.conf | 12 | ||||
-rw-r--r-- | ansible/roles/postfix/tasks/main.yml | 32 |
2 files changed, 43 insertions, 1 deletions
diff --git a/ansible/roles/postfix/files/policyd-spf.conf b/ansible/roles/postfix/files/policyd-spf.conf new file mode 100644 index 0000000..6a1e4ba --- /dev/null +++ b/ansible/roles/postfix/files/policyd-spf.conf @@ -0,0 +1,12 @@ +# Ansible Managed + +debugLevel = 1 +TestOnly = 1 + +HELO_reject = Fail +Mail_From_reject = Fail + +PermError_reject = False +TempError_Defer = False + +skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 diff --git a/ansible/roles/postfix/tasks/main.yml b/ansible/roles/postfix/tasks/main.yml index fdf4612..3340989 100644 --- a/ansible/roles/postfix/tasks/main.yml +++ b/ansible/roles/postfix/tasks/main.yml @@ -2,10 +2,15 @@ - name: Install postfix & mail client package: name: + # Postfix & routing plugins - postfix - postfix-ldap - - neomutt + # Relay routing utilities - postsrsd + # Security and anti-spam tools + - postfix-policyd-spf-python + # Mail clients + - neomutt state: present tags: - role::postfix @@ -67,3 +72,28 @@ notify: - Regenerate virtual table - Reload postfix + +- name: Copy policyd-spf config + copy: + src: policyd-spf.conf + dest: /etc/postfix-policyd-spf-python/policyd-spf.conf + mode: "0644" + group: root + owner: root + tags: + - role::postfix + notify: + - Restart postfix + +- name: Add custom services to master.cf + blockinfile: + path: /etc/postfix/master.cf + append_newline: true + prepend_newline: true + block: | + policyd-spf unix - n n - 0 spawn + user=policyd-spf argv=/usr/bin/policyd-spf + tags: + - role::postfix + notify: + - Restart postfix |