From a0d439f832721ab1b4bdcf9ab844ee20d4dc1682 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 11 Dec 2018 21:13:19 +0100
Subject: submission: Prospective SPF checking.

Cf. http://www.openspf.org/Best_Practices/Outbound .
---
 roles/MSA/templates/etc/postfix/main.cf.j2 | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'roles/MSA/templates/etc/postfix/main.cf.j2')

diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index a48a327..65a0339 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -50,6 +50,7 @@ local_header_rewrite_clients     =
 smtp_destination_recipient_limit = 1000
 # Tolerate occasional high latency
 smtp_data_done_timeout           = 1200s
+policyd-spf_time_limit           = $ipc_timeout
 
 # Anonymize the (authenticated) sender; pass the mail to the antivirus
 header_checks  = pcre:$config_directory/anonymize_sender.pcre
@@ -107,6 +108,7 @@ smtpd_sender_restrictions =
     reject_non_fqdn_sender
     reject_unknown_sender_domain
     check_sender_access lmdb:$config_directory/check_sender_access
+    check_policy_service unix:private/policyd-spf
     reject_known_sender_login_mismatch
 
 smtpd_relay_restrictions =
-- 
cgit v1.2.3