Sender Policy Framework (SPF) – is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. – Wikipedia
I assume you have working postfix server already. Also I assume that you follow guide that have been posted here Postfix i Dovecot – perfect duo for mail server which use Debian/Ubuntu to achieve that.
Install needed package:
#debina/ubuntu apt-get install postfix-policyd-spf-python
Default configuration that is present in package give us almost complete implementation we need to tweak it a bit to make it perfect:
#vim /etc/postfix-policyd-spf-python/policyd-spf.conf # For a fully commented sample config file see policyd-spf.conf.commented debugLevel = 1 defaultSeedOnly = 1 HELO_reject = False Mail_From_reject = False PermError_reject = False TempError_Defer = False skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
Let postfix know that we use more anti-spam technics:
#vim /etc/postfix/main.cf policy-spf_time_limit = 3600s smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policy-spf
#vim /etc/postfix/master.cf
policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf
We need to restart postfix to make thise work
/etc/init.d/postfix restart
Rest post related to this topic:
Postfix i Dovecot – perfect duo for mail server
Fight against spam part 2 – Postfix DKIM
Fight against spam part 3 – Postfix DMARC
Fight against spam part 4 – Postfix SpamAssassin
Fight against spam part 5 – Dovecot Sieve