On 5/11/2016 5:18 PM, list...@tutanota.com wrote: > > I installed the policyd-spf milter with Postfix 3.1. It also has > postscreen. > > I want to reject email that does not pass the SPF check. > > In the main.cf configuration I added > > smtpd_relay_restrictions = > [...] > reject_unauth_destination > check_policy_service unix:private/policy > [...] > > In the mail I get I alway see the headers > > [...] > Authentication-Results: mail.example.com ... > [...] > > so that's good. > > But on one recent spam that was delivered and was under > investigation for the reasons I caught this > > [...] > Authentication-Results: mail.example.com; spf=fail (SPF fail - > not authorized) smtp.mailfrom=cantv.com (client-ip=213.160.81.59; > helo=mail.ddd-server1.de; envelope-from=i...@cantv.com > <mailto:envelope-from=i...@cantv.com>; receiver=u...@dom.tld) > [...] > > I am wondering why the policy is checked but the email still did not > get rejected? > > Since the configuration is in the main.cf I think its postscreen > that would do it? > > Is that the wrong way? > > Or maybe I need to move it to a different section like > > smtpd_recipient_restrictions = > [...] > reject_unauth_destination > check_policy_service unix:private/policy > [...] > > What do I need to reject the email as soon as it fails the spf like > that? >
Configure your policy service to reply with REJECT if you wish for it to reject mail that fails SPF. The rest of your configuration is fine. -- Noel Jones
