Sender Policy Framework (SPF), as defined in RFC 4408, is an e-mail validation system designed to prevent e-mail spam by addressing a common vulnerability, source address spoofing. SPF allows administrators to specify which hosts are allowed to send e-mail from a given domain by creating a specific DNS SPF record in the public DNS. Mail exchangers then use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.
It’s assumed that you have already installed Postfix and MailScanner. If not, check these tutorials:
1. Install the Postfix policy engine
apt-get install postfix-policyd-spf-perl
2. Add the policy check to smtpd_recipient_restrictions (pico /etc/postfix/main.cf)
smtpd_recipient_restrictions = [...], check_policy_service unix:private/policy
Make sure you don’t remove other restrictions, just add it to the end of the line.
3. Add the policy engine to the Postfix master.cf (pico /etc/postfix/master.cf)
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl
4. Reload Postfix configuration
5. Check if this is working
telnet yourserver 25
MAIL FROM: <email@example.com>
RCPT TO: <firstname.lastname@example.org>
Replace email@example.com with a e-mail address hosted on your Postfix mailserver and firstname.lastname@example.org with a valid Gmail e-mail address.
Look at /var/log/mail.log and you should see that the MailScanner score has been increased by SPF related rules:
Message 62ACA1813C.AFC5A from 192.168.1.4 ([email protected]) to domain.com is spam, SpamAssassin (score=7.394, required 6, MISSING_SUBJECT 1.28, SPF_HELO_NEUTRAL 2.00, SPF_NEUTRAL 1.21, TVD_SPACE_RATIO 2.90)