Hi I finally got around to implementing SPF for my mail server and domains. A lot easier than I thought it would be, certainly much easier than DKIM and I'm ashamed I didn't do it earlier.
In the course of doing that, I noticed that gmail/yahoo both add X-Headers about the validity of the SPF record. I would like to do the same. It doesn't, however, seem sensible to me to have the MTA do that if the content-filter will do it - so I fiddled around with amavis, installed Mail::SPF and now amavis purports to check the SPF record. Well, and good, except that a) it doesn't add a specific tag line about the SPF validity (unless it's a fail) and b) I probably want to REJECT forged mail and not DISCARD or TAG.. Although the last option isn't the worst option in the world. Looking at how to get postfix to do the lifting on this, I find on http://www.postfix.org/addon.html that " Note: Postfix already ships with SPF support, in the form of a plug-in policy daemon. This is the preferred integration model, at least until SPF is mandated by standards." Well and good - but I don't seem to find further information in the documentation. Added to which, I already pass incoming mail off to postfix-policyd for greylisting. Do I really want to pass it off to a separate content filter adding even more hops? On http://www.postfix.org/docs.html I found http://www.freesoftwaremagazine.com/articles/focus_spam_postfix?page=0%2C1# which says " use the smtpd-policy.pl script that ships with Postfix to handle SPF, and Postgrey as an add-on greylisting policy server. They’re defined in my master.cf file as: spfpolicy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/local/libexec/postfix/smtpd-policy.pl" But I don't find smtpd-policy.pl in the files installed with Postfix - so I assume that's poetic licence..? And it's actually installed from postfix-policyd-spf-perl, yes? But I notice there's also a python option - postfix-policyd-spf-python. So my obvious question to the list is - Can I get amavis to explicity add a header with the SPF validity, and if not, can I do this with policyd? And if not, and I must install postfix-policyd-spf-python or postfix-policyd-spf-perl which do you recommend and why? Thanks. Simon
