Postfix/SPF

Introduction
Sender Policy Framework (SPF) allows domain owners to state in their DNS records which IP addressess should be allowed to send mails from their domain. This will prevent spammers from spoofing the.

Outbound
First, domain owners have to create a special  DNS record. Then an SPF-enabled MTA can read this and if the mail originates from a server that is not described in the SPF record the mail can be rejected. An example entry could look like this:

The  means to reject all mail by default but allow mail from the ,   and   DNS records. For more info consult further resources below.

Inbound
grab the with:

This Perl script also needs some Perl libraries that are not in portage but it is still quite simple to install them:

Now that we have everything in place all we need is to configure Postfix to use this new policy.

Now add the SPF check in. Properly configured SPF should do no harm so we could check SPF for all domains:

Testing
A restart or reload may be required to synchronize this new record to the secondary servers and propagated through the DNS system. Once the record is visible in the DNS system, it will begin to be used. Keep this in mind if testing fails, check the domain's TXT record(s).

Or, the same command using a specific DNS server.