From ab6ad880774f9122242755c6aa66ba2e7d42d6ff Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 13 Jun 2023 14:20:14 +0300 Subject: [PATCH] Support whitelist domain PTR --- defaults/main.yml | 1 + templates/policyd-spf.conf.j2 | 3 +++ 2 files changed, 4 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index d508821..4da926e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -99,6 +99,7 @@ postfix_spf_policy_mail_from_reject: 'Fail' # CIDR notation, 192.168.0.0/31,192.168.1.12 postfix_spf_policy_whitelist: '' postfix_spf_policy_domain_whitelist: '' +postfix_spf_policy_domain_whitelist_ptr: '' # Using this option, a list of domains can be defined for special processing when messages do not Pass SPF. This can be useful for commonly spoofed domains that are not yet publishing SPF records with -all. Specifically, if mail from a domain in this list has a Neutral/Softfail result, it will be rejected (as if it had a Fail result). If needed, it is better to do it on a per-domain basis rather than globally. es: 'gmail.com,aol.com,hotmail.com' postfix_spf_policy_reject_not_pass_domains: '' postfix_spf_policy_lookup_time: 20 diff --git a/templates/policyd-spf.conf.j2 b/templates/policyd-spf.conf.j2 index bdcbde0..83fea38 100644 --- a/templates/policyd-spf.conf.j2 +++ b/templates/policyd-spf.conf.j2 @@ -16,6 +16,9 @@ Whitelist = {{ postfix_spf_policy_whitelist }} {% if postfix_spf_policy_domain_whitelist != '' %} Domain_Whitelist = {{ postfix_spf_policy_domain_whitelist }} {% endif %} +{% if postfix_spf_policy_domain_whitelist_ptr != '' %} +Domain_Whitelist_PTR = {{ postfix_spf_policy_domain_whitelist_ptr }} +{% endif %} {% if postfix_spf_policy_reject_not_pass_domains != '' %} Reject_Not_Pass_Domains = {{ postfix_spf_policy_reject_not_pass_domains }} {% endif %}