community: use a custom policyd-spf.conf

author Grant Slater <github@firefishy.com>

Mon, 9 Sep 2024 22:06:53 +0000 (23:06 +0100)

committer Grant Slater <github@firefishy.com>

Mon, 9 Sep 2024 22:06:53 +0000 (23:06 +0100)
author Grant Slater <github@firefishy.com>
Mon, 9 Sep 2024 22:06:53 +0000 (23:06 +0100)
committer Grant Slater <github@firefishy.com>
Mon, 9 Sep 2024 22:06:53 +0000 (23:06 +0100)
diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb

index fdf9379800071b688a2fabb52ed301ed1f94e63f..000a57a7e00cac990e9ebafa1c9e4aba3ec37deb 100644 (file)
--- a/cookbooks/community/recipes/default.rb
+++ b/cookbooks/community/recipes/default.rb
@@ -95,6 +95,14 @@ template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do
    notifies :run, "notify_group[discourse_container_new_web_only]"
  end
  
+template "/srv/community.openstreetmap.org/files/policyd-spf.conf" do
+  source "policyd-spf.conf.erb"
+  owner "community"
+  group "community"
+  mode "644"
+  notifies :run, "notify_group[discourse_container_new_mail_receiver]"
+end
+
  template "/srv/community.openstreetmap.org/docker/containers/mail-receiver.yml" do
    source "mail-receiver.yml.erb"
    owner "root"
diff --git a/cookbooks/community/templates/default/mail-receiver.yml.erb b/cookbooks/community/templates/default/mail-receiver.yml.erb

index 2d214e942fe3c226e0ef2003d2cdd917c74cf1e7..ac847b9ffe2985c87eea1dfe6d6dbf318b2f028b 100644 (file)
--- a/cookbooks/community/templates/default/mail-receiver.yml.erb
+++ b/cookbooks/community/templates/default/mail-receiver.yml.erb
@@ -49,3 +49,6 @@ volumes:
    - volume:
        host: /etc/ssl/private/community.openstreetmap.org.key
        guest: /shared/ssl/ssl.key
+  - volume:
+      host: /srv/community.openstreetmap.org/files/policyd-spf.conf
+      guest: /etc/postfix-policyd-spf-python/policyd-spf.conf
diff --git a/cookbooks/community/templates/default/policyd-spf.conf.erb b/cookbooks/community/templates/default/policyd-spf.conf.erb

new file mode 100644 (file)

index 0000000..439704a
--- /dev/null
+++ b/cookbooks/community/templates/default/policyd-spf.conf.erb
@@ -0,0 +1,16 @@
+# Source: https://github.com/discourse/mail-receiver/blob/main/policyd-spf.conf
+#  For a fully commented sample config file see policyd-spf.conf.commented
+
+debugLevel = 1
+TestOnly = 1
+
+# Change these options to False if you want to pass SPF failures through to DMARC milter
+HELO_reject = Fail
+Mail_From_reject = Fail
+
+
+PermError_reject = False
+TempError_Defer = False
+
+skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,10.0.0.0/8
+
author	Grant Slater <github@firefishy.com>
	Mon, 9 Sep 2024 22:06:53 +0000 (23:06 +0100)
committer	Grant Slater <github@firefishy.com>
	Mon, 9 Sep 2024 22:06:53 +0000 (23:06 +0100)
cookbooks/community/recipes/default.rb		patch \| blob \| history
cookbooks/community/templates/default/mail-receiver.yml.erb		patch \| blob \| history
cookbooks/community/templates/default/policyd-spf.conf.erb	[new file with mode: 0644]	patch \| blob