scripts: make policyd-spf configurable (docker-mailserver#3246)

georglauterbach · web-flow · commit 9ee33a81b7e7 · 2023-04-11T08:52:43.000+02:00
diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
@@ -110,6 +110,13 @@ Enables the OpenDMARC service.
 - **1** => Enabled
 - 0 => Disabled
 
+##### ENABLE_POLICYD_SPF
+
+Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this to `0` in case you're using Rspamd ([`ENABLE_RSPAMD=1`](#enable_rspamd)).
+
+- 0 => Disabled
+- **1** => Enabled
+
 ##### ENABLE_POP3
 
 - **empty** => POP3 service disabled
diff --git a/mailserver.env b/mailserver.env
@@ -105,6 +105,14 @@ ENABLE_OPENDKIM=1
 #   0   => Disabled
 ENABLE_OPENDMARC=1
 
+
+# Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
+# to `0` in case you're using Rspamd (`ENABLE_RSPAMD=1`).
+#
+# - 0     => Disabled
+# - **1** => Enabled
+ENABLE_POLICYD_SPF=1
+
 # 1 => Enables POP3 service
 # empty => disables POP3
 ENABLE_POP3=
diff --git a/target/postfix/master.cf b/target/postfix/master.cf
@@ -48,9 +48,6 @@ sender-cleanup unix  n       -       n       -       0       cleanup
   -o syslog_name=postfix/sender-cleanup
   -o header_checks=pcre:/etc/postfix/maps/sender_header_filter.pcre
 
-policyd-spf    unix  -       n       n       -       0       spawn
-    user=policyd-spf argv=/usr/bin/policyd-spf
-
 cleanup        unix  n       -       n       -       0       cleanup
 qmgr           unix  n       -       n       300     1       qmgr
 tlsmgr         unix  -       -       n       1000?   1       tlsmgr
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
@@ -80,6 +80,7 @@ function _register_functions
 
   _register_setup_function '_setup_opendkim'
   _register_setup_function '_setup_opendmarc' # must come after `_setup_opendkim`
+  _register_setup_function '_setup_policyd_spf'
 
   _register_setup_function '_setup_security_stack'
   _register_setup_function '_setup_spam_to_junk'
diff --git a/target/scripts/startup/setup.d/dmarc_dkim_spf.sh b/target/scripts/startup/setup.d/dmarc_dkim_spf.sh
@@ -84,3 +84,21 @@ function _setup_opendmarc
     _log 'debug' 'Disabling OpenDMARC'
   fi
 }
+
+# Configures the SPF check inside Postfix's configuration via policyd-spf. When
+# using Rspamd, you will likely want to turn that off.
+function _setup_policyd_spf
+{
+  if [[ ${ENABLE_POLICYD_SPF} -eq 1 ]]
+  then
+    _log 'debug' 'Configuring policyd-spf'
+    cat >>/etc/postfix/master.cf <<EOF
+
+policyd-spf    unix  -       n       n       -       0       spawn
+    user=policyd-spf argv=/usr/bin/policyd-spf
+EOF
+  else
+    _log 'debug' 'Disabling policyd-spf'
+    sedfile -i -E 's|check_policy_service unix:private/policyd-spf, ||g' /etc/postfix/main.cf
+  fi
+}
diff --git a/target/scripts/startup/variables-stack.sh b/target/scripts/startup/variables-stack.sh
@@ -74,6 +74,7 @@ function __environment_variables_general_setup
   VARS[ENABLE_MANAGESIEVE]="${ENABLE_MANAGESIEVE:=0}"
   VARS[ENABLE_OPENDKIM]="${ENABLE_OPENDKIM:=1}"
   VARS[ENABLE_OPENDMARC]="${ENABLE_OPENDMARC:=1}"
+  VARS[ENABLE_POLICYD_SPF]="${ENABLE_POLICYD_SPF:=1}"
   VARS[ENABLE_POP3]="${ENABLE_POP3:=0}"
   VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
   VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
