From 4bca7891a2b2214c81a708bf4202dfea8c30f3a3 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Sat, 9 Mar 2024 20:02:29 +0000
Subject: [PATCH] Switch SPF from fail to softfail (`~all` instead of `-all`)

This is recommended to prevent SPF failure
from rejecting the message early in case messages
are remailed without breaking DKIM.
---
 cmdeploy/src/cmdeploy/chatmail.zone.f | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmdeploy/src/cmdeploy/chatmail.zone.f b/cmdeploy/src/cmdeploy/chatmail.zone.f
index 4ce6767b..6219d466 100644
--- a/cmdeploy/src/cmdeploy/chatmail.zone.f
+++ b/cmdeploy/src/cmdeploy/chatmail.zone.f
@@ -6,7 +6,7 @@ _submissions._tcp.{chatmail_domain}. SRV 0 1 465 {chatmail_domain}.
 _imap._tcp.{chatmail_domain}.        SRV 0 1 143 {chatmail_domain}.
 _imaps._tcp.{chatmail_domain}.       SRV 0 1 993 {chatmail_domain}.
 {chatmail_domain}.                   CAA 128 issue "letsencrypt.org;accounturi={acme_account_url}"
-{chatmail_domain}.                   TXT "v=spf1 a:{chatmail_domain} -all"
+{chatmail_domain}.                   TXT "v=spf1 a:{chatmail_domain} ~all"
 _dmarc.{chatmail_domain}.            TXT "v=DMARC1;p=reject;adkim=s;aspf=s"
 _mta-sts.{chatmail_domain}.          TXT "v=STSv1; id={sts_id}"
 mta-sts.{chatmail_domain}.           CNAME {chatmail_domain}.