Postfix SPF

aalmazan@rackspace.com (alex almazan) — Wed, 30 Jul 2008 08:18:00 -0500

This article is to ouline the specifics for implementing SPF policy framework for Postfix provided in Redhat Enterprise Linux (es4/es5).

1.) First install all the necessary perl modules via RPM that you will require:

http://dag.wieers.com/rpm/packages/perl-Net-Address-IPv4-Local/ http://dag.wieers.com/rpm/packages/perl-NetAddr-IP/ http://dag.wieers.com/rpm/packages/perl-Mail-SPF/

(additional RPMs may be required) I would recommend that you refrain from installing via CPAN as a mix of RPM installed and CPAN installed modules can lead to issues in the future.

2.) Obtain and install the SPF perl script

cd /usr/src
wget http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.001.tar.gz
tar xvfz postfix-policyd-spf-perl-2.001.tar.gz
cd postfix-policyd-spf-perl-2.001
cp postfix-policyd-spf-perl /usr/libexec/postfix/postfix-policyd-spf-perl
chomd o+x /usr/libexec/postfix/postfix-policyd-spf-perl

Ensure that you set the script to executable, or errors such as these are recieved

warning: command /usr/bin/perl exit status 2
postfix/smtpd: warning: premature end-of-input on private/policy while reading input attribute name

3.)Next, edit the postfix configuration file ’/etc/postfix/master.cf’ This line should be appended to the end of the configuration.

policy  unix  -       n       n       -       -       spawn
        user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl

4.)Next open /etc/postfix/main.cf and find the directive “smtpd_recipient_restrictions” You should have reject_unauth_destination in that directive, and right after reject_unauth_destination add ‘check_policy_service unix:private/policy’

smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unix:private/policy

important ensure that you specify “check_policy_service” AFTER “reject_unauth_destination” or else you will have an open relay!

alexalmazan.com: Postfix SPF

Postfix SPF