SMTP Relays: Allow the user to paste an SPF record directly from their provider

management/daemon.py

@@ -734,6 +734,7 @@ def smtp_relay_get():
 		"port": config.get("SMTP_RELAY_PORT", None),
 		"user": config.get("SMTP_RELAY_USER", ""),
 		"authorized_servers": config.get("SMTP_RELAY_AUTHORIZED_SERVERS", []),
+		"spf_record": config.get("SMTP_RELAY_SPF_RECORD", None),
 		"dkim_selector": config.get("SMTP_RELAY_DKIM_SELECTOR", None),
 		"dkim_rr": dkim_rrtxt
 	}
@@ -769,7 +770,7 @@ def smtp_relay_set():
 			if len(sp) != 2:
 				return ("DKIM public key RR is malformed!", 400)
 			components[sp[0]] = sp[1]
-		
+
 		if not components.get("p"):
 			return ("The DKIM public key doesn't exist!", 400)
 
@@ -780,7 +781,7 @@ def smtp_relay_set():
 	implicit_tls = False
 
 	if newconf.get("enabled") == "true":
-		relay_on = True		
+		relay_on = True
 
 		# Try negotiating TLS directly. We need to know this because we need to configure Postfix
 		# to be aware of this detail.
@@ -813,6 +814,7 @@ def smtp_relay_set():
 		config["SMTP_RELAY_PORT"] = int(newconf.get("port"))
 		config["SMTP_RELAY_USER"] = newconf.get("user")
 		config["SMTP_RELAY_AUTHORIZED_SERVERS"] = [s.strip() for s in re.split(r"[, ]+", newconf.get("authorized_servers", []) or "") if s.strip() != ""]
+		config["SMTP_RELAY_SPF_RECORD"] = newconf.get("spf_record")
 		utils.write_settings(config, env)
 
 		# Write on Postfix configs
@@ -822,7 +824,7 @@ def smtp_relay_set():
 		], delimiter_re=r"\s*=\s*", delimiter="=", comment_char="#")
 
 		# Edit the sasl password (still will edit the file, but keep the pw)
-		
+
 		with open(pw_file, "a+") as f:
 			f.seek(0)
 			pwm = re.match(r"\[.+\]\:[0-9]+\s.+\:(.*)", f.readline())

management/dns_update.py

@@ -173,7 +173,7 @@ def build_zones(env):
 
 def build_zone(domain, domain_properties, additional_records, env, is_zone=True):
 	records = []
-	
+
 	# Are there any other authorized servers for this domain?
 	settings = load_settings(env)
 	spf_extra = None
@@ -331,10 +331,12 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 		# the domain, and no one else (unless the user is using an SMTP relay and authorized other servers).
 		# Skip if the user has set a custom SPF record.
 		if not has_rec(None, "TXT", prefix="v=spf1 "):
-			if spf_extra is None:
-				records.append((None, "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain, None))
+			if settings.get("SMTP_RELAY_SPF_RECORD", "").strip() != "" and settings.get("SMTP_RELAY_ENABLED", False):
+				records.append((None, "TXT", settings.get("SMTP_RELAY_SPF_RECORD"), "Added by your SMTP Relay provider so that they can send @%s mail on your behalf." % domain, None))
+			elif spf_extra is None:
+				records.append((None, "TXT", "v=spf1 mx -all", "Recommended. Specifies that only the box is permitted to send @%s mail." % domain, None))
 			else:
-				records.append((None, "TXT", f'v=spf1 mx {spf_extra}-all', "Recommended. Specifies that only the box and the server(s) you authorized are permitted to send @%s mail." % domain, None))
+				records.append((None, "TXT", f"v=spf1 mx {spf_extra}-all", "Recommended. Specifies that only the box and the server(s) you authorized are permitted to send @%s mail." % domain, None))
 
 		# Append the DKIM TXT record to the zone as generated by OpenDKIM.
 		# Skip if the user has set a DKIM record already.
@@ -346,7 +348,7 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
 
 			if not has_rec(rname, "TXT", prefix="v=DKIM1; "):
 				records.append((rname, "TXT", val, "Recommended. Provides a way for recipients to verify that this machine sent @%s mail." % domain, None))
-		
+
 		# Append the DKIM TXT record relative to the SMTP relay, if applicable.
 		# Skip if manually set by the user.
 		relay_ds = settings.get("SMTP_RELAY_DKIM_SELECTOR")

management/templates/smtp-relays.html

@@ -98,7 +98,7 @@
 				placeholder="mail1.example.net mail2.example.net">
 			<p class="small">You can separate multiple servers with commas or spaces. You can also add IP addresses or
 				subnets using <code>10.20.30.40</code> or <code>10.0.0.0/8</code>. You can "import" SPF records using
-				<code>spf:example.com</code>.
+				<code>spf:example.com</code>. If your provider gave you an SPF record to add to your DNS, you can also paste it here.
 			</p>
 		</div>
 
@@ -174,9 +174,13 @@
 				relay_auth_pass.value = ""
 				relay_authorized_servers.value = ""
 
-				data.authorized_servers.forEach(element => {
-					relay_authorized_servers.value += `${element} `
-				});
+				if (data.spf_record) {
+					relay_authorized_servers.value = data.spf_record
+				}else if (data.authorized_servers) {
+					data.authorized_servers.forEach(element => {
+						relay_authorized_servers.value += `${element} `
+					});
+				}
 
 				if (data.dkim_selector) {
 					relay_dkim_sel.value = data.dkim_selector
@@ -189,19 +193,25 @@
 	}
 
 	function set_smtp_relay_config() {
+		let relay_configuration = {
+			enabled: use_relay.checked,
+			host: relay_host.value,
+			port: relay_port.value,
+			user: relay_auth_user.value,
+			key: relay_auth_pass.value,
+			dkim_selector: relay_dkim_sel.value,
+			dkim_rr: relay_dkim_key.value
+		}
+		if (relay_authorized_servers.value.substr(0, 7) === "v=spf1 ") {
+			relay_configuration.spf_record = relay_authorized_servers.value
+		} else {
+			relay_configuration.authorized_servers = relay_authorized_servers.value
+		}
+
 		api(
 			"/system/smtp/relay",
 			"POST",
-			{
-				enabled: use_relay.checked,
-				host: relay_host.value,
-				port: relay_port.value,
-				user: relay_auth_user.value,
-				key: relay_auth_pass.value,
-				authorized_servers: relay_authorized_servers.value,
-				dkim_selector: relay_dkim_sel.value,
-				dkim_rr: relay_dkim_key.value
-			},
+			relay_configuration,
 			() => {
 				show_modal_error("Done!", "The configuration has been updated and Postfix was restarted successfully. Please make sure everything is functioning as intended.", () => {
 					return false