1 files changed, 2 insertions, 0 deletions

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index a48a327..65a0339 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -33,40 +33,41 @@ multi_instance_enable = yes
 mydestination        =
 local_transport      = error:5.1.1 Mailbox unavailable
 alias_maps           =
 alias_database       =
 local_recipient_maps =
 
 message_size_limit  = 67108864
 recipient_delimiter = +
 
 # Forward everything to our internal outgoing proxy
 relayhost     = [{{ postfix_instance.out.addr | ipaddr }}]:{{ postfix_instance.out.port }}
 relay_domains =
 
 
 # Don't rewrite remote headers
 local_header_rewrite_clients     =
 # Avoid splitting the envelope and scanning messages multiple times
 smtp_destination_recipient_limit = 1000
 # Tolerate occasional high latency
 smtp_data_done_timeout           = 1200s
+policyd-spf_time_limit           = $ipc_timeout
 
 # Anonymize the (authenticated) sender; pass the mail to the antivirus
 header_checks  = pcre:$config_directory/anonymize_sender.pcre
 #content_filter = amavisfeed:unix:public/amavisfeed-antivirus
 
 
 # TLS
 smtp_tls_security_level         = none
 smtpd_tls_security_level        = encrypt
 smtpd_tls_ciphers               = high
 smtpd_tls_protocols             = !SSLv2, !SSLv3
 smtpd_tls_exclude_ciphers       = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
 smtpd_tls_cert_file             = $config_directory/ssl/smtp.fripost.org.pem
 smtpd_tls_key_file              = $config_directory/ssl/smtp.fripost.org.key
 smtpd_tls_dh1024_param_file     = /etc/ssl/dhparams.pem
 smtpd_tls_session_cache_database=
 smtpd_tls_received_header       = yes
 
 # SASL
 smtpd_sasl_auth_enable          = yes
@@ -90,33 +91,34 @@ address_verify_relayhost             =
 address_verify_sender_ttl            = 8069m
 address_verify_negative_refresh_time = 5m
 unverified_recipient_defer_code      = 250
 unverified_recipient_reject_code     = 550
 address_verify_map                   = lmdb:$data_directory/verify_cache
 address_verify_default_transport     = smtp_verify
 
 smtpd_client_restrictions =
     permit_sasl_authenticated
     reject
 
 smtpd_helo_required     = yes
 smtpd_helo_restrictions =
     reject_invalid_helo_hostname
 
 smtpd_sender_login_maps   = socketmap:unix:private/sender-login:sender_login
 smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
     check_sender_access lmdb:$config_directory/check_sender_access
+    check_policy_service unix:private/policyd-spf
     reject_known_sender_login_mismatch
 
 smtpd_relay_restrictions =
     reject_non_fqdn_recipient
     reject_unknown_recipient_domain
     reject_unverified_recipient
     permit_sasl_authenticated
     reject
 
 smtpd_data_restrictions =
     reject_unauth_pipelining
 
 # vim: set filetype=pfmain :