update mail - migrate from opendkim and opendmarc to rspamd

2021-01-17 03:18:43 +03:00
parent 2cd9fc4fd5
commit 814a48e3a7
6 changed files with 90 additions and 19 deletions
--- a/roles/postfix/defaults/main.yaml
+++ b/roles/postfix/defaults/main.yaml
@ -82,7 +82,7 @@ postfix_default_values:
        # Filters for mail
        smtpd_helo_required = yes
        #smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_unauth_destination
-        smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unauth_destination, check_policy_service unix:private/policyd-spf
+        smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unauth_destination
        
        # SASL auth with dovecot options
        smtpd_sasl_auth_enable = yes
@ -93,7 +93,8 @@ postfix_default_values:
        smtpd_sasl_local_domain = $myorigin
        
        milter_protocol = 6
-        smtpd_milters = inet:opendkim.{{ namespace }}.svc.cluster.local:8891, inet:opendmarc.{{ namespace }}.svc.cluster.local:8893
+        milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
+        smtpd_milters = inet:rspamd.{{ namespace }}.svc.cluster.local:11332
        non_smtpd_milters = $smtpd_milters
        milter_default_action = accept
        
@ -194,6 +195,7 @@ postfix_default_values:
          -o smtpd_sasl_auth_enable=yes
          -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
          -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+          -o milter_macro_daemon_name=ORIGINATING
          -o smtpd_sasl_type=dovecot
          -o smtpd_sasl_path=inet:dovecot.{{ namespace }}.svc.cluster.local:12345
          -o smtpd_upstream_proxy_protocol=haproxy
@ -202,6 +204,7 @@ postfix_default_values:
          -o smtpd_tls_wrappermode=yes
          -o smtpd_sasl_auth_enable=yes
          -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
+          -o milter_macro_daemon_name=ORIGINATING
          -o smtpd_sasl_type=dovecot
          -o smtpd_sasl_path=inet:dovecot.{{ namespace }}.svc.cluster.local:12345
          -o smtpd_upstream_proxy_protocol=haproxy
@ -274,7 +277,7 @@ postfix_default_values:
        #dane       unix  -       -       n       -       -       smtp
        #  -o smtp_dns_support_level=dnssec
        #  -o smtp_tls_security_level=dane
-        policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/libexec/postfix/policyd-spf
+        #policyd-spf unix - n n - 0 spawn user=nobody argv=/usr/libexec/postfix/policyd-spf
      ldap-local-recipients: |
        debuglevel = 0
        version = 3