Image

Knowledge base → Configuring SPF Checking in Postfix

[Virtual servers]
Date of publication: 11.06.2023

Setting the SPF check will reduce the amount of spam, i.e. reject emails from domains that do not pass this check.

1. Installing required packages:

apt install postfix-policyd-spf-python

2. Activating settings:

nano /etc/postfix/main.cf

policy-spf_time_limit = 3600s ... smtpd_recipient_restrictions = ... check_policy_service unix:private/policy-spf permit

  • policy-spf_time_limit — sets the threshold of time that the mail server will be able to allocate for checking the SPF record.
  • check_policy_service — specify the path to the file with additional settings.

Let's add the settings to the file:

nano /etc/postfix/master.cf
... policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf ...

Let's make changes to the additional settings file:

nano /etc/postfix-policyd-spf-python/policyd-spf.conf

... HELO_reject = Fail Mail_From_reject = Softfail

Softfail — deviation on HELO Softfail or Fail. HELO/EHLO is known first in the SMTP conversation, and there is no practical reason to waste resources on Mail From checks if the HELO check would already result in the message being rejected. This should not cause compatibility issues when used for HELO.

To try the settings, restart postfix:

systemctl restart postfix




No Comments Yet