diff --git a/default.nix b/default.nix index 376d47a..0134541 100644 --- a/default.nix +++ b/default.nix @@ -454,6 +454,18 @@ in ''; }; + policydSPFExtraConfig = mkOption { + type = types.lines; + default = ""; + example = '' + skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 + ''; + description = '' + Extra configuration options for policyd-spf. This can be use to among + other things skip spf checking for some IP addresses. + ''; + }; + monitoring = { enable = mkEnableOption "monitoring via monit"; diff --git a/mail-server/postfix.nix b/mail-server/postfix.nix index 01006ef..4a00e39 100644 --- a/mail-server/postfix.nix +++ b/mail-server/postfix.nix @@ -98,17 +98,9 @@ let (lib.optional cfg.dkimSigning "unix:/run/opendkim/opendkim.sock") ++ [ "unix:/run/rspamd/rspamd-milter.sock" ]; - policyd-spf = pkgs.writeText "policyd-spf.conf" ('' - TestOnly = 1 - - HELO_reject = Fail - Mail_From_reject = Fail - - PermError_reject = False - TempError_Defer = False - - skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 - '' + (lib.optionalString cfg.debug '' + policyd-spf = pkgs.writeText "policyd-spf.conf" ( + cfg.policydSPFExtraConfig + + (lib.optionalString cfg.debug '' debugLevel = 4 '')); in