public
/
mail-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow spf to be disabled

This commit is contained in:
niten 2024-03-13 11:40:01 -07:00
parent 293553c9ed
commit 56ed59014a
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
postfix.nix
View File

@ -93,11 +93,15 @@ in {
description = "SASL domain to use for authentication."; description = "SASL domain to use for authentication.";
}; };
policy-spf.extra-config = mkOption { policy-spf = {
type = str; enable = mkDisableOption "Enable Sender Policy Framework checking.";
default = "";
example = "skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1"; extra-config = mkOption {
description = "Extra configuration options for policyd-spf."; type = str;
default = "";
example = "skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1";
description = "Extra configuration options for policyd-spf.";
};
}; };
user = mkOption { user = mkOption {
@ -262,9 +266,10 @@ in {
"reject_non_fqdn_hostname" "reject_non_fqdn_hostname"
"reject_non_fqdn_sender" "reject_non_fqdn_sender"
"reject_non_fqdn_recipient" "reject_non_fqdn_recipient"
"check_policy_service unix:private/policy-spf" ] ++ (optional cfg.policy-spf.enable
] ++ (map (blacklist: "reject_rbl_client ${blacklist}") "check_policy_service unix:private/policy-spf")
cfg.blacklist.dns) ++ (map (blacklist: "reject_rbl_client ${blacklist}")
cfg.blacklist.dns)
++ [ "permit_mynetworks" "reject_unauth_destination" "permit" ]; ++ [ "permit_mynetworks" "reject_unauth_destination" "permit" ];
client-restrictions = client-restrictions =