2 files changed, 43 insertions, 1 deletions

diff --git a/ansible/roles/postfix/files/policyd-spf.conf b/ansible/roles/postfix/files/policyd-spf.conf
new file mode 100644
index 0000000..6a1e4ba
--- /dev/null
+++ b/ansible/roles/postfix/files/policyd-spf.conf
@@ -0,0 +1,12 @@
+# Ansible Managed
+
+debugLevel = 1
+TestOnly = 1
+
+HELO_reject = Fail
+Mail_From_reject = Fail
+
+PermError_reject = False
+TempError_Defer = False
+
+skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
diff --git a/ansible/roles/postfix/tasks/main.yml b/ansible/roles/postfix/tasks/main.yml
index fdf4612..3340989 100644
--- a/ansible/roles/postfix/tasks/main.yml
+++ b/ansible/roles/postfix/tasks/main.yml
@@ -2,10 +2,15 @@
 - name: Install postfix & mail client
   package:
     name:
+      # Postfix & routing plugins
       - postfix
       - postfix-ldap
-      - neomutt
+      # Relay routing utilities
       - postsrsd
+      # Security and anti-spam tools
+      - postfix-policyd-spf-python
+      # Mail clients
+      - neomutt
     state: present
   tags:
     - role::postfix
@@ -67,3 +72,28 @@
   notify:
     - Regenerate virtual table
     - Reload postfix
+
+- name: Copy policyd-spf config
+  copy:
+    src: policyd-spf.conf
+    dest: /etc/postfix-policyd-spf-python/policyd-spf.conf
+    mode: "0644"
+    group: root
+    owner: root
+  tags:
+    - role::postfix
+  notify:
+    - Restart postfix
+
+- name: Add custom services to master.cf
+  blockinfile:
+    path: /etc/postfix/master.cf
+    append_newline: true
+    prepend_newline: true
+    block: |
+      policyd-spf  unix  -       n       n       -       0       spawn
+        user=policyd-spf argv=/usr/bin/policyd-spf
+  tags:
+    - role::postfix
+  notify:
+    - Restart postfix