Allow spf to be disabled

2024-03-13 11:40:01 -07:00 · 2024-03-13 11:40:01 -07:00 · 56ed59014a
parent 293553c9ed
commit 56ed59014a
1 changed files with 13 additions and 8 deletions
--- a/postfix.nix
+++ b/postfix.nix
@ -93,11 +93,15 @@ in {
      description = "SASL domain to use for authentication.";
    };

-    policy-spf.extra-config = mkOption {
-      type = str;
-      default = "";
-      example = "skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1";
-      description = "Extra configuration options for policyd-spf.";
+    policy-spf = {
+      enable = mkDisableOption "Enable Sender Policy Framework checking.";
+
+      extra-config = mkOption {
+        type = str;
+        default = "";
+        example = "skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1";
+        description = "Extra configuration options for policyd-spf.";
+      };
    };

    user = mkOption {
@ -262,9 +266,10 @@ in {
          "reject_non_fqdn_hostname"
          "reject_non_fqdn_sender"
          "reject_non_fqdn_recipient"
-          "check_policy_service unix:private/policy-spf"
-        ] ++ (map (blacklist: "reject_rbl_client ${blacklist}")
-          cfg.blacklist.dns)
+        ] ++ (optional cfg.policy-spf.enable
+          "check_policy_service unix:private/policy-spf")
+          ++ (map (blacklist: "reject_rbl_client ${blacklist}")
+            cfg.blacklist.dns)
          ++ [ "permit_mynetworks" "reject_unauth_destination" "permit" ];

        client-restrictions =