OS: CentOS7

You should have your TXT record set in your DNS prior to implementing this on your server:
“v=spf1 mx ip4:aaa.bbb.ccc.ddd ip4:eee.fff.ggg.hhh -all”

Here is link I found useful to understand the options for the DNS record:
https://support.dnsimple.com/articles/spf-record/

You need to have the EPEL repository enabled to install the pypolicyd-spf package using the methodology I have outlined here.

To install and enable the EPEL repository:

# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Install the package Python package:

# yum install pypolicyd-spf

Modify the main.cf to add SPF verifcation to postix:
The master.cf and main.cf need to modified:

# cd /etc/postfix/
# cp -p master.cf master.cf.20190716
# vi master.cf

policy unix – n n – 0 spawn user=nobody argv=/bin/python /usr/libexec/postfix/policyd-spf

# cp -p main.cf main.cf.20190716
# vi main.cf

smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unauth_destination
check_policy_service unix:private/policy

Note: the policy defined in the master.cf does not need to be named “policy”. However, if you change that, you need to also change it in your “check_policy_service” statement in the main.cf.

Restart postfix to implement changes:
# systemctl restart postfix