I'm trying to get our incoming mail set up to do SPF checks in hopes of cutting down on spoofed addresses. We run Postfix from the good old mail-stack-delivery package on Ubuntu 18.04. I followed this tutorial, but couldn't get it to work in the end: https://help.ubuntu.com/community/Postfix/SPF
What happens is that soon as I enable the policy in Postfix's main.cf and reload Postfix, messages start getting rejected. Looking at the logs, it's as if the policy file pointed to, unix:private/policy-spf, isn't even found. I've tried a couple of variations like adding a 'd' and using unix:/usr/bin/policyd-spf but nothing works.
Would anyone in a similar situation care to share a working config? Where did the tutorial go off the rails?
(FWIW, I went the Python route, not the Perl route.)
Ok, looks like the right magic letters can be found in this tutorial: https://makeityourway.de/enabling-spf-sender-policy-framework-checking-on-postfix/
Specifically, the chunk that goes into master.cf should be:
policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spfAnd then the part for main.cf should be:
check_policy_service unix:private/policyd-spfAnother thing to get into is what to do with the defaults in /etc/postfix-policyd-spf-python/policyd-spf.conf: https://www.flomain.de/2015/08/how-to-postfix-with-spf/
I am finding a lot of conflicting information. What I want is:
No SPF for the domain? Could just be a scrub sysadmin like me. Accept the message.
SPF for the domain, but the test fails? OK, go ahead and reject.
Why is e-mail so hard?