From: Grant Slater Date: Mon, 9 Sep 2024 22:06:53 +0000 (+0100) Subject: community: use a custom policyd-spf.conf X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/9a6fabc89f05283c96e6eaff97935cc10e788c62 community: use a custom policyd-spf.conf --- diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb index fdf937980..000a57a7e 100644 --- a/cookbooks/community/recipes/default.rb +++ b/cookbooks/community/recipes/default.rb @@ -95,6 +95,14 @@ template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do notifies :run, "notify_group[discourse_container_new_web_only]" end +template "/srv/community.openstreetmap.org/files/policyd-spf.conf" do + source "policyd-spf.conf.erb" + owner "community" + group "community" + mode "644" + notifies :run, "notify_group[discourse_container_new_mail_receiver]" +end + template "/srv/community.openstreetmap.org/docker/containers/mail-receiver.yml" do source "mail-receiver.yml.erb" owner "root" diff --git a/cookbooks/community/templates/default/mail-receiver.yml.erb b/cookbooks/community/templates/default/mail-receiver.yml.erb index 2d214e942..ac847b9ff 100644 --- a/cookbooks/community/templates/default/mail-receiver.yml.erb +++ b/cookbooks/community/templates/default/mail-receiver.yml.erb @@ -49,3 +49,6 @@ volumes: - volume: host: /etc/ssl/private/community.openstreetmap.org.key guest: /shared/ssl/ssl.key + - volume: + host: /srv/community.openstreetmap.org/files/policyd-spf.conf + guest: /etc/postfix-policyd-spf-python/policyd-spf.conf diff --git a/cookbooks/community/templates/default/policyd-spf.conf.erb b/cookbooks/community/templates/default/policyd-spf.conf.erb new file mode 100644 index 000000000..439704a38 --- /dev/null +++ b/cookbooks/community/templates/default/policyd-spf.conf.erb @@ -0,0 +1,16 @@ +# Source: https://github.com/discourse/mail-receiver/blob/main/policyd-spf.conf +# For a fully commented sample config file see policyd-spf.conf.commented + +debugLevel = 1 +TestOnly = 1 + +# Change these options to False if you want to pass SPF failures through to DMARC milter +HELO_reject = Fail +Mail_From_reject = Fail + + +PermError_reject = False +TempError_Defer = False + +skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,10.0.0.0/8 +