Hi, I've set up postfix to use policyd-spf using python-policyd-spf and have some questions. Hopefully this isn't off-topic, as my search returns results from only many years ago. Is this still the best SPF policy service for postfix integration on Linux?
smtpd_recipient_restrictions = ... check_sender_access pcre:$config_directory/sender_checks.pcre, check_policy_service unix:private/policy-spf, My problem is with allowing mail from domains using servers not listed in the domain's SPF record. I would like to allow mail from domain1 being processed by secureserver.net to bypass SPF restrictions for mydomain.com. Jun 21 15:14:52 xavier postfix-117/smtpd[1636578]: NOQUEUE: reject: RCPT from p3plsmtpa06-06.prod.phx3.secureserver.net[173.201.192.107]: 550 5.7.23 <complia...@mydomain.com>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=pharri...@domain1.com;ip=173.201.192.107;r=<UNKNOWN>; from=<pharri...@domain1.com> to=<complia...@mydomain.com> proto=ESMTP helo=<p3plsmtpa06-06.prod.phx3.secureserver.net> Perhaps I add a check_sender_access check above the policy check, and bypass the policyd altogether? The problem I have is how to allow domain1.com, and obviously not secureserver.net. Also, any idea on a replacement for the incredibly helpful openspf.net/Why service from some years ago? I've tried the following, but I believe it is operating on the connecting server level, not the client domain level. # grep -Ev '^$|^#' policyd-spf.conf debugLevel = 1 TestOnly = 1 HELO_reject = Fail Mail_From_reject = Fail PermError_reject = False TempError_Defer = False skip_addresses = 127.0.0.0/8,209.216.99.0/24,::ffff:127.0.0.0/104,::1 Domain_Whitelist = domain1.com Reject_Not_Pass_Domains = domain1.com
