Update postfix deployment

templates/etc/postfix/main.cf.j2

@@ -806,7 +806,7 @@ message_size_limit = 51200000
 smtpd_milters           = inet:127.0.0.1:8891, inet:127.0.0.1:8893
 non_smtpd_milters       = $smtpd_milters
 milter_default_action   = accept
-milter_protocol         = 2
+milter_protocol         = 6
 
 # SASL 
 smtpd_sasl_auth_enable = yes
@@ -882,7 +882,8 @@ smtpd_sender_restrictions =
     reject_unknown_sender_domain,
     reject_unknown_reverse_client_hostname,
     reject_unknown_client_hostname,
-    warn_if_reject reject_unverified_sender
+    warn_if_reject reject_unverified_sender,
+    check_policy_service unix:private/policyd-spf
 
 smtpd_recipient_restrictions =
 #    check_client_access hash:/usr/local/etc/postfix/access,
@@ -895,7 +896,7 @@ smtpd_recipient_restrictions =
     reject_unauth_pipelining,
     reject_invalid_hostname,
 #    check_policy_service inet:127.0.0.1:10031,
-#    check_policy_service unix:private/policyd-spf,
+    check_policy_service unix:private/policyd-spf,
     check_policy_service unix:postgrey/socket,
 #    check_client_access hash:/etc/postfix/rbl_override,
 #    reject_rhsbl_helo dbl.spamhaus.org,
@@ -909,4 +910,6 @@ smtpd_recipient_restrictions =
 #    reject_rbl_client rbl.efnet.org,
 #    reject_rbl_client bl.spamcop.net,
     permit
+
+policyd-spf_time_limit = 3600s
 {% endif %}

templates/etc/postfix/master.cf.j2

@@ -159,3 +159,7 @@ postlog   unix-dgram n  -       n       -       1       postlogd
 #mailman   unix  -       n       n       -       -       pipe
 #  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}
+{% if postfix_mydestination is defined %}
+policyd-spf unix -       n       n       -       -       spawn
+  user=nobody argv=/usr/libexec/postfix/policyd-spf
+{% endif %}

vars/RedHat_server.yml

@@ -4,3 +4,4 @@ postfix_packages:
   - opendkim
   - opendmarc
   - wget
+  - pypolicyd-spf