Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is an extension to the Simple Mail Transfer Protocol (SMTP). SPF allows software to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path), a typical nuisance in e-mail spam. SPF is defined in Experimental RFC 4408.

SPF DNS Server Setup
The first and maybe the most important part is setting up the DNS TXT entry for SPF. Keep it simple. "v=spf1 mx -all" "v=spf1 a -all" "v=spf1 a ptr:mail.external-server.net -all"
 * If your lone email server is going to be the only server sending your mail then this will work nicely
 * Or if your A recorded is your host recorded and the only server to send mail
 * If you have to relay your mail threw an external server.

Troubleshooting & Testing SPF's DNS records

 * http://old.openspf.org/wizard.html - A setup wizard for your DNS server.
 * http://old.openspf.org/faq.html#checkers
 * http://old.openspf.org/why.html - Is SPF working?

SPF Postfix Server Setup (from RPMS)
Using the MDR Yum repo install the pypolicyd-spf by running: yum install pypolicyd-spf Once you have installed pypolicyd-spf you now need to setup the software. In /etc/postfix/main.cf as close to the bottom of your smtpd_recipient_restrictions as you can but above any DNSBL add the following. smtpd_recipient_restrictions = check_policy_service unix:private/spfcheck policy_time_limit = 3600 And add the following to your /etc/postfix/master.cf file, somewhere near the bottom. spfcheck    unix  -       n       n       -       -       spawn user=nobody argv=/usr/bin/policyd-spf Next lets reload postfix postfix reload
 * /etc/postfix/main.cf
 * /etc/postfix/master.cf

SPF Postfix Server Setup (from Source)
Today were going to use python-postfix-policyd-spf 0.7.3 (released 2010-02-17) from launchpad.net, or from my mirror (0.7.2). wget http://launchpad.net/pypolicyd-spf/0.7/0.7.3/+download/pypolicyd-spf-0.7.3.tar.gz tar -xzf pypolicyd-spf-0.7.3.tar.gz cd pypolicyd-spf-0.7.3 ./setup.py build cd build/scripts-2.5/ cp policyd-spf /usr/local/bin/policyd-spf cd ../lib cp policydspfsupp.py /usr/lib/python2.5/policydspfsupp.py cd ../../ mkdir /etc/python-policyd-spf/ cp policyd-spf.conf /etc/python-policyd-spf/policyd-spf.conf cp policyd-spf.1 /usr/share/man/man1/policyd-spf.1 cp policyd-spf.conf.5 /usr/share/man/man5/policyd-spf.conf.5 Next we need to update the main.cf file As close to the bottom of your smtpd_recipient_restrictions as you can but above any DNSBL add the following. smtpd_recipient_restrictions = check_policy_service unix:private/policy policy_time_limit = 3600 Now we need to setup the master.cf file
 * /etc/postfix/main.cf
 * /etc/postfix/master.cf

Add the following to your master.cf file, somewhere near the bottom. policy    unix  -       n       n       -       -       spawn user=nobody argv=/usr/local/bin/policyd-spf Next lets reload postfix postfix reload

Troubleshooting python-postfix-policyd-spf
The only two modules it needs are pydns and pyspf. Both are on sourceforge and have RPMs: (pyspf is a separate download in the pymilter project)
 * http://sourceforge.net/projects/pydns
 * http://sourceforge.net/projects/pymilter

SPF Postfix Server Setup using postfix-policyd-spf-perl
First thing we need to do is install is install perl-Mail-SPF.noarch using yum yum install perl-Mail-SPF.noarch Next you will need to download the SPF perl script from http://www.openspf.org/Software wget http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.005.tar.gz tar -xzf postfix-policyd-spf-perl-2.005.tar.gz cd postfix-policyd-spf-perl-2.005 cp postfix-policyd-spf-perl /usr/local/bin/ Next we need to update the main.cf file /etc/postfix/main.cf

As close to the bottom of your smtpd_recipient_restrictions as you can but above any DNSBL add the following. smtpd_recipient_restrictions = check_policy_service unix:private/policy Now we need to setup the master.cf file /etc/postfix/master.cf

Add the following to your master.cf file, somewhere near the bottom. policy    unix  -       n       n       -       -       spawn user=nobody argv=/usr/bin/perl /usr/local/bin/postfix-policyd-spf-perl Next lets reload postfix postfix reload