On 3/15/2010 12:18 PM, Security Admin (NetSec) wrote:
Running Postfix as a mail gateway, version 2.6.5 and am finally getting
around to implementing SPF in Postfix. I thought the TXT record in DNS
would suffice which is how I have been running it.
Found this how-to link http://www.howtoforge.com/postfix_spf
Is this the proper way or is another recommended?
Enabling SPF for your domain only requires adding a DNS TXT
record, no modifications to postfix are required.
If you want to check/verify SPF of incoming mail with postfix,
you should use a policy service or a milter.
Either of the openspf.org policy services should work well, as
does the sendmail-spf-milter. At a quick glance the
howtoforge instructions look reasonable.
Warning: following a how-to is no substitute for reading the
official documentation.
Unless you're planning on rejecting all mail that fails SPF
(which will likely reject some legit mail), you might find it
more useful to to use a scoring method such as SpamAssassin
that looks at SPF and other factors before deciding if mail is
good or not.
-- Noel Jones
