virtualmin
This is an old revision of the document!
Check SPF records
Step 1
Install the SPF Checker for postfix
apt-get install postfix-policyd-spf-python
Step 2
edit your /etc/postfix/master.cf
policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policyd-spf
Step 3
edit your /etc/postfix/main.cf
policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
...
reject_unauth_destination,
check_policy_service unix:private/policyd-spf,
...
Make sure, you are putting the check_policy_service unix after the reject_unauth_destination line, to not become an open relay to the world.
Step 4
Finally, do not forget to reload / restart your postfix
/etc/init.d/postfix restart
Step 5
If you find the following in received Email Headers, your SPF is working properly
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.216.181; helo=mail-qt0-f181.google.com; envelope-from=yourmailaddress@gmail.com; receiver=info@miyw.de
Step 6 (optional)
instead of blocking wrong SPF Senders(default behaviour), you can just let python-spf tag them for spamassasin
edit /etc/postfix-policyd-spf-python/policyd-spf.conf and set
HELO_reject False
Mail_From_reject False
this will accept Emails with wrong SPF but SA will mark them as spam afterwards.
virtualmin.1741273487.txt.gz · Last modified: 2025/03/06 12:04 by protocol