RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Update SPF and tighten DMARC for poste.io (#5)

Browse source 
* update SPF record: replace protonmail with poste.io mail server

PESO-77

- replace include:_spf.protonmail.ch with ip4:167.235.134.154 and ip6:2a01:4f8:1c1e:9c53::1 (nuremberg-a / mail.pez.sh)
- tighten from ~all (softfail) to -all (hardfail)

* tighten DMARC policy from p=none to p=quarantine

PESO-78

- enforce DMARC with p=quarantine (failed messages get quarantined)
- add adkim=r and aspf=r for relaxed DKIM/SPF alignment
This commit is contained in:
Rasmus Wejlgaard 2026-03-28 20:46:50 +00:00 committed by GitHub
parent 03ce524730
commit b00791f1b1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
terraform/cloudflare_dns.tf
View file

@ -424,7 +424,7 @@ resource "cloudflare_dns_record" "dmarc" {
zone_id = cloudflare_zone.pez-sh.id zone_id = cloudflare_zone.pez-sh.id
name = "_dmarc" name = "_dmarc"
type = "TXT" type = "TXT"
content = "v=DMARC1; p=none; rua=mailto:pez@pez.sh" content = "v=DMARC1; p=quarantine; rua=mailto:pez@pez.sh; adkim=r; aspf=r"
ttl = 1 ttl = 1
} }
@ -432,7 +432,7 @@ resource "cloudflare_dns_record" "root-txt-spf" {
zone_id = cloudflare_zone.pez-sh.id zone_id = cloudflare_zone.pez-sh.id
name = "@" name = "@"
type = "TXT" type = "TXT"
content = "v=spf1 include:_spf.protonmail.ch ~all" content = "v=spf1 ip4:167.235.134.154 ip6:2a01:4f8:1c1e:9c53::1 -all"
ttl = 1 ttl = 1
} }