I installed the policyd-spf milter with Postfix 3.1. It also has postscreen.
I want to reject email that does not pass the SPF check. In the main.cf configuration I added smtpd_relay_restrictions = [...] reject_unauth_destination check_policy_service unix:private/policy [...] In the mail I get I alway see the headers [...] Authentication-Results: mail.example.com ... [...] so that's good. But on one recent spam that was delivered and was under investigation for the reasons I caught this [...] Authentication-Results: mail.example.com; spf=fail (SPF fail - not authorized) smtp.mailfrom=cantv.com (client-ip=213.160.81.59; helo=mail.ddd-server1.de; envelope-from=i...@cantv.com; receiver=u...@dom.tld) [...] I am wondering why the policy is checked but the email still did not get rejected? Since the configuration is in the main.cf I think its postscreen that would do it? Is that the wrong way? Or maybe I need to move it to a different section like smtpd_recipient_restrictions = [...] reject_unauth_destination check_policy_service unix:private/policy [...] What do I need to reject the email as soon as it fails the spf like that?
