submission: Prospective SPF checking.

Cf. http://www.openspf.org/Best_Practices/Outbound .
author: Guilhem Moulin <guilhem@fripost.org> 2018-12-11 21:13:19 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2018-12-12 13:46:44 +0100
commit: a0d439f832721ab1b4bdcf9ab844ee20d4dc1682 (patch)
tree: 64b56a401e9a92622fb7bf734453882ca4f9d6a4 /roles/MSA/templates/etc/postfix-policyd-spf-python
parent: 7beb915bb8dddac847ca3aca85c187e314a6c0fa (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/roles/MSA/templates/etc/postfix-policyd-spf-python/policyd-spf.conf.j2 b/roles/MSA/templates/etc/postfix-policyd-spf-python/policyd-spf.conf.j2
new file mode 100644
index 0000000..2cc1074
--- /dev/null
+++ b/roles/MSA/templates/etc/postfix-policyd-spf-python/policyd-spf.conf.j2
@@ -0,0 +1,18 @@
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+
+debugLevel = 1
+TestOnly = 1
+
+HELO_reject = Softfail
+Mail_From_reject = Softfail
+
+PermError_reject = False
+TempError_Defer = False
+
+# We're just trying to keep our outgoing IPs clean of SPF violations,
+# not seeking 100% accurate reports.  While it's possible that the
+# message is routed through a different IP (eg, IPv4 vs v6), giving a
+# potentially inaccurate prospective report, it's quite unlikely in
+# practice.
+Prospective = {{ lookup('pipe', 'dig outgoing.fripost.org A +short | sort | head -n1') }}
author	Guilhem Moulin <guilhem@fripost.org>	2018-12-11 21:13:19 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2018-12-12 13:46:44 +0100
commit	a0d439f832721ab1b4bdcf9ab844ee20d4dc1682 (patch)
tree	64b56a401e9a92622fb7bf734453882ca4f9d6a4 /roles/MSA/templates/etc/postfix-policyd-spf-python
parent	7beb915bb8dddac847ca3aca85c187e314a6c0fa (diff)