summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-12-07 20:03:15 +0100
committertv <tv@krebsco.de>2022-12-07 20:03:39 +0100
commit1796bf491246bc3e728d8b8502cc27c7ea9d06ea (patch)
treeeb06aaf3a59e597ed35ff8308ca12ef9ffe56454 /krebs/3modules
parentdf93a24faae49012aae107031b12c43f2e6e5c54 (diff)
exim-smarthost: make SPF check optional
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/exim-smarthost.nix67
1 files changed, 36 insertions, 31 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 218d83ab4..7c176d224 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -12,6 +12,8 @@ let
api = {
enable = mkEnableOption "krebs.exim-smarthost";
+ enableSPFVerification = mkEnableOption "SPF verification";
+
authenticators = mkOption {
type = types.attrsOf types.str;
default = {};
@@ -181,37 +183,40 @@ let
accept
acl_check_mail:
- accept
- authenticated = *
- accept
- sender_domains = +sender_domains
- hosts = +relay_from_hosts
- deny
- spf = fail : softfail
- log_message = spf=$spf_result
- message = SPF validation failed: \
- $sender_host_address is not allowed to send mail from \
- ''${if def:sender_address_domain\
- {$sender_address_domain}\
- {$sender_helo_name}}
- deny
- spf = permerror
- log_message = spf=$spf_result
- message = SPF validation failed: \
- syntax error in SPF record(s) for \
- ''${if def:sender_address_domain\
- {$sender_address_domain}\
- {$sender_helo_name}}
- defer
- spf = temperror
- log_message = spf=$spf_result; deferred
- message = temporary error during SPF validation; \
- please try again later
- warn
- spf = none : neutral
- log_message = spf=$spf_result
- accept
- add_header = $spf_received
+ ${if cfg.enableSPFVerification then indent /* exim */ ''
+ accept
+ authenticated = *
+ accept
+ hosts = +relay_from_hosts
+ deny
+ spf = fail : softfail
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ $sender_host_address is not allowed to send mail from \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ deny
+ spf = permerror
+ log_message = spf=$spf_result
+ message = SPF validation failed: \
+ syntax error in SPF record(s) for \
+ ''${if def:sender_address_domain\
+ {$sender_address_domain}\
+ {$sender_helo_name}}
+ defer
+ spf = temperror
+ log_message = spf=$spf_result; deferred
+ message = temporary error during SPF validation; \
+ please try again later
+ warn
+ spf = none : neutral
+ log_message = spf=$spf_result
+ accept
+ add_header = $spf_received
+ '' else indent /* exim */ ''
+ accept
+ ''}
begin routers