From 9ee33a81b7e78b3f1164ff153b226f00b571eb1b Mon Sep 17 00:00:00 2001
From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Date: Tue, 11 Apr 2023 08:52:43 +0200
Subject: [PATCH] scripts: make `policyd-spf` configurable (#3246)

---
 docs/content/config/environment.md             |  7 +++++++
 mailserver.env                                 |  8 ++++++++
 target/postfix/master.cf                       |  3 ---
 target/scripts/start-mailserver.sh             |  1 +
 .../scripts/startup/setup.d/dmarc_dkim_spf.sh  | 18 ++++++++++++++++++
 target/scripts/startup/variables-stack.sh      |  1 +
 6 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index f0b548b2..8c2d108c 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -110,6 +110,13 @@ Enables the OpenDMARC service.
 - **1** => Enabled
 - 0 => Disabled
 
+##### ENABLE_POLICYD_SPF
+
+Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this to `0` in case you're using Rspamd ([`ENABLE_RSPAMD=1`](#enable_rspamd)).
+
+- 0 => Disabled
+- **1** => Enabled
+
 ##### ENABLE_POP3
 
 - **empty** => POP3 service disabled
diff --git a/mailserver.env b/mailserver.env
index 09a40b8e..020d4050 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -105,6 +105,14 @@ ENABLE_OPENDKIM=1
 #   0   => Disabled
 ENABLE_OPENDMARC=1
 
+
+# Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
+# to `0` in case you're using Rspamd (`ENABLE_RSPAMD=1`).
+#
+# - 0     => Disabled
+# - **1** => Enabled
+ENABLE_POLICYD_SPF=1
+
 # 1 => Enables POP3 service
 # empty => disables POP3
 ENABLE_POP3=
diff --git a/target/postfix/master.cf b/target/postfix/master.cf
index beb3b216..3746b6f6 100644
--- a/target/postfix/master.cf
+++ b/target/postfix/master.cf
@@ -48,9 +48,6 @@ sender-cleanup unix  n       -       n       -       0       cleanup
   -o syslog_name=postfix/sender-cleanup
   -o header_checks=pcre:/etc/postfix/maps/sender_header_filter.pcre
 
-policyd-spf    unix  -       n       n       -       0       spawn
-    user=policyd-spf argv=/usr/bin/policyd-spf
-
 cleanup        unix  n       -       n       -       0       cleanup
 qmgr           unix  n       -       n       300     1       qmgr
 tlsmgr         unix  -       -       n       1000?   1       tlsmgr
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index 83209267..ff550dee 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -80,6 +80,7 @@ function _register_functions
 
   _register_setup_function '_setup_opendkim'
   _register_setup_function '_setup_opendmarc' # must come after `_setup_opendkim`
+  _register_setup_function '_setup_policyd_spf'
 
   _register_setup_function '_setup_security_stack'
   _register_setup_function '_setup_spam_to_junk'
diff --git a/target/scripts/startup/setup.d/dmarc_dkim_spf.sh b/target/scripts/startup/setup.d/dmarc_dkim_spf.sh
index f541eeaa..c27e5258 100644
--- a/target/scripts/startup/setup.d/dmarc_dkim_spf.sh
+++ b/target/scripts/startup/setup.d/dmarc_dkim_spf.sh
@@ -84,3 +84,21 @@ function _setup_opendmarc
     _log 'debug' 'Disabling OpenDMARC'
   fi
 }
+
+# Configures the SPF check inside Postfix's configuration via policyd-spf. When
+# using Rspamd, you will likely want to turn that off.
+function _setup_policyd_spf
+{
+  if [[ ${ENABLE_POLICYD_SPF} -eq 1 ]]
+  then
+    _log 'debug' 'Configuring policyd-spf'
+    cat >>/etc/postfix/master.cf <<EOF
+
+policyd-spf    unix  -       n       n       -       0       spawn
+    user=policyd-spf argv=/usr/bin/policyd-spf
+EOF
+  else
+    _log 'debug' 'Disabling policyd-spf'
+    sedfile -i -E 's|check_policy_service unix:private/policyd-spf, ||g' /etc/postfix/main.cf
+  fi
+}
diff --git a/target/scripts/startup/variables-stack.sh b/target/scripts/startup/variables-stack.sh
index 85412197..4611dba4 100644
--- a/target/scripts/startup/variables-stack.sh
+++ b/target/scripts/startup/variables-stack.sh
@@ -74,6 +74,7 @@ function __environment_variables_general_setup
   VARS[ENABLE_MANAGESIEVE]="${ENABLE_MANAGESIEVE:=0}"
   VARS[ENABLE_OPENDKIM]="${ENABLE_OPENDKIM:=1}"
   VARS[ENABLE_OPENDMARC]="${ENABLE_OPENDMARC:=1}"
+  VARS[ENABLE_POLICYD_SPF]="${ENABLE_POLICYD_SPF:=1}"
   VARS[ENABLE_POP3]="${ENABLE_POP3:=0}"
   VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
   VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"