{"id":1743,"date":"2019-07-19T17:57:53","date_gmt":"2019-07-20T00:57:53","guid":{"rendered":"http:\/\/jim-zimmerman.com\/?p=1743"},"modified":"2019-07-19T17:57:53","modified_gmt":"2019-07-20T00:57:53","slug":"spf-verification-in-postfix","status":"publish","type":"post","link":"https:\/\/jim-zimmerman.com\/?p=1743","title":{"rendered":"SPF Verification in Postfix"},"content":{"rendered":"

OS: CentOS7<\/p>\n

You should have your TXT record set in your DNS prior to implementing this on your server:
\n“v=spf1 mx ip4:aaa.bbb.ccc.ddd ip4:eee.fff.ggg.hhh -all”<\/p>\n

Here is link I found useful to understand the options for the DNS record:
\nhttps:\/\/support.dnsimple.com\/articles\/spf-record\/<\/a><\/p>\n

You need to have the EPEL repository enabled to install the pypolicyd-spf package using the methodology I have outlined here.<\/p>\n

To install and enable the EPEL repository:<\/p>\n

# yum install https:\/\/dl.fedoraproject.org\/pub\/epel\/epel-release-latest-7.noarch.rpm<\/p><\/blockquote>\n

Install the package Python package:<\/p>\n

# yum install pypolicyd-spf<\/p><\/blockquote>\n

Modify the main.cf to add SPF verifcation to postix:
\nThe master.cf and main.cf need to modified:<\/p>\n

# cd \/etc\/postfix\/
\n# cp -p master.cf master.cf.20190716
\n# vi master.cf
\n…
\npolicy<\/em> unix – n n – 0 spawn user=nobody argv=\/bin\/python \/usr\/libexec\/postfix\/policyd-spf
\n…<\/p>\n

# cp -p main.cf main.cf.20190716
\n# vi main.cf
\n…
\nsmtpd_recipient_restrictions =
\n permit_sasl_authenticated,
\n reject_unauth_destination
\n check_policy_service unix:private\/policy<\/em>
\n…<\/p><\/blockquote>\n

Note: the policy<\/em> defined in the master.cf does not need to be named “policy”. However, if you change that, you need to also change it in your “check_policy_service” statement in the main.cf.<\/p>\n

Restart postfix to implement changes:
\n# systemctl restart postfix<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

OS: CentOS7 You should have your TXT record set in your DNS prior to implementing this on your server: “v=spf1 mx ip4:aaa.bbb.ccc.ddd ip4:eee.fff.ggg.hhh -all” Here is link I found useful to understand the options for the DNS record: https:\/\/support.dnsimple.com\/articles\/spf-record\/ You need to have the EPEL repository enabled to install the pypolicyd-spf package using the methodology [&hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[40,124,486],"class_list":["post-1743","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-centos","tag-postfix","tag-sfp"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1743"}],"version-history":[{"count":1,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1743\/revisions"}],"predecessor-version":[{"id":1744,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1743\/revisions\/1744"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}