Restore policyd-spf support

2015-08-22 13:59:29 +02:00 · 2015-08-22 13:59:29 +02:00 · cbd9aeebe9
parent 04f97681eb
commit cbd9aeebe9
5 changed files with 25 additions and 1 deletions
--- a/pillar.example
+++ b/pillar.example
@ -7,6 +7,10 @@ postfix:
    enabled: True
    location: inet:172.16.0.5:6379

+  policyd-spf:
+    enabled: True
+    time_limit: 7200s
+
  config:
    smtpd_banner: $myhostname ESMTP $mail_name
    biff: 'no'
--- a/postfix/files/main.cf
+++ b/postfix/files/main.cf
@ -57,7 +57,14 @@
 {{ set_parameter('recipient_delimiter', '+') }}
 {{ set_parameter('inet_interfaces', 'all') }}
 {{ set_parameter('message_size_limit', '41943040') }}
-{{ set_parameter('smtpd_relay_restrictions', ['permit_mynetworks', 'permit_sasl_authenticated', 'defer_unauth_destination']) }}
+
+{% set relay_restrictions = ['permit_mynetworks', 'permit_sasl_authenticated', 'defer_unauth_destination'] %}
+{% set policyd_spf = salt['pillar.get']('postfix:policyd-spf', {}) %}
+{% if policyd_spf.get('enabled', False) %}
+{% set relay_restrictions = relay_restrictions + ['check_policy_server unix:private/policyd-spf'] %}
+policy-spf_time_limit = {{ policyd_spf.get('time_limit', '3600s') }}
+{% endif %}
+{{ set_parameter('smtpd_relay_restrictions', relay_restrictions) }}

 {% set recipient_restrictions = ['permit_mynetworks', 'permit_sasl_authenticated', 'reject_unauth_destination'] %}
 {% set postgrey_config = salt['pillar.get']('postfix:postgrey', {}) %}
--- a/postfix/files/master.cf
+++ b/postfix/files/master.cf
@ -131,3 +131,7 @@ scache    unix  -       -       n       -       1       scache
 #mailman   unix  -       n       n       -       -       pipe
 #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}
+{% if salt['pillar.get']('postfix:policyd-spf:enabled', False) %}
+policy-spf  unix  -       n       n       -       -       spawn
+  user=nobody argv=/usr/bin/policyd-spf
+{%- endif %}
--- a/postfix/map.jinja
+++ b/postfix/map.jinja
@ -1,24 +1,28 @@
 {% set postfix = salt['grains.filter_by']({
    'Debian': {
        'package': 'postfix',
+        'policyd_spf_pkg': 'postfix-policyd-spf-python',
        'postgrey_pkg': 'postgrey',
        'service': 'postfix',
        'aliases': '/etc/aliases',
    },
    'Gentoo': {
        'package': 'mail-mta/postfix',
+        'policyd_spf_pkg': 'mail-filter/pypolicyd-spf',
        'postgrey_pkg': 'mail-filter/postgrey',
        'service': 'postfix',
        'aliases': '/etc/mail/aliases',
    },
    'RedHat': {
        'package': 'postfix',
+        'policyd_spf_pkg': 'pypolicyd-spf',
        'postgrey_pkg': 'postgrey',
        'service': 'postfix',
        'aliases': '/etc/aliases',
    },
    'Arch' : {
        'package': 'postfix',
+        'policyd_spf_pkg': 'python-postfix-policyd-spf',
        'postgrey_pkg': 'postgrey',
        'service': 'postfix',
        'aliases': '/etc/aliases',
--- a/postfix/policyd-spf.sls
+++ b/postfix/policyd-spf.sls
@ -0,0 +1,5 @@
+{% from "postfix/map.jinja" import postfix with context %}
+
+policyd_spf:
+  pkg.installed:
+    - name: {{ postfix.policyd_spf_pkg }}