Am 18.01.2015 um 12:28 schrieb SW:
Am 18.01.2015 um 12:01 schrieb SW:I have an SPF record created in DNS for my domain. In my main.cf config file for Postfix I have the following SPF settings: spf_received_header = yes spf_mark_only = no smtpd_recipient_restrictions = peject_spf_invalid_sender, permit_spf_valid_sender, smtpd_sender_restrictions = reject_spf_invalid_sender, permit_spf_valid_sender Is the above config correct to reject received emails that is NOT being delivered from the specified IP addresses in SPF?a) postfix don' t support SPF out of the box there are policy daemons for that task b) hence all the spf_ params are fantasy c) SPF of your own domain is not relevant for yourself to receive mails, to prevent forged mails just add you domains in a access table with a reject and place "permit_mynetworks" and "permit_sasl_authenticated" in front of that restriction When I ran make config (on FreeBSD) to install the Postfix port I selected the SPF support option. I assumed that would allow me to do SPF checking with the options I mentioned? Although, I just noticed that when I ran make config now it says: SPF - SPF support (via libspf2 1.2.x)
that's a unofficial patch i guess and would have been a good idea to mention your environemnt in the initial post
Is this the policy you were referring to? I do have libspf2 installed currently.
i referred to a *policy daemon* http://www.postfix.org/SMTPD_POLICY_README.html https://www.google.at/search?q=spf+policyd
If I check the mail headers I can see the SPF: Received-SPF: pass (mail.domain.com: domain of anotherdomain.net designates xxx.xxx.xxx.xxx as permitted sender) Does this mean SPF is working correctly?
looks so but that's likely the wrong mailing list because these options are *not* part of a stock postfix
https://www.google.at/search?q=postfix+reject_spf_invalid_sender
