UPDATE Thu Nov 26 11:28:05 EET 2015
Does SPF break forwarding?
(like in mailing lists)
- Yes, it does break forwarding.
So learn from my mistake and think this through.
Wednesday, 25 November 2015
There is a very simply way to add spf [check] support to your postfix setup.
Below are my notes on CentOS 6.7
Step One: install python policy daemon for spf
# yum -y install pypolicyd-spf
Step Two: Create a new postfix service, called spfcheck
# vim + /etc/postfix/master.cf
spfcheck unix - n n - - spawn
user=nobody argv=/usr/libexec/postfix/policyd-spf
Step Three: Add a new smtp daemon recipient restrictions
# vim +/^smtpd_recipient_restrictions /etc/postfix/main.cf
smtpd_recipient_restrictions =
permit_mynetworks,
...
check_policy_service unix:private/spfcheck
policy_time_limit = 3600
And that’s what we see in the end on a receiver’s source-view email:
Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=xxx.xxx.xxx.xxx;
helo=server.mydomain.tld; envelope-from=user@mydomain.tld; receiver=username@example.com
where xxx.xxx.xxx.xxx is the IP of the sender mail server
server.mydomain.tld is the name of the sender mail server
user@mydomain.tld is the sender’s email address
and of-course
username@example.com is the receiver’s mail address
You can take a better look on postfix python SPF policy daemon by clicking here: python-postfix-policyd-spf
A few days ago, I gave a presentation on fosscomm 2015 about DNS, OpenNic Project and DNScrypt
So without further ado, here it is: dns_opennic_dnscrypt.pdf