Hi. I have Ubuntu 11.04 with Postfix+Dovecot (virtual users). I have implemented SPF in Postfix, according to this How to: http://www.howtoforge.com/postfix_spf I've downloaded latest postfix-policyd-spf-perl (2.010), set everything up, and tested it, as in How to. That worked fine, and I can see postfix/policy-spf entries in syslog. But when receiving emails, nothing happens, emails are received without SPF check. In syslog there aren't any postfix/policy-spf entries, everything as there is not postfix-policyd-spf-perl. What could be the problem? Thanks in advance, Vlad
Have you checked incoming mail from domains that actually contain SPF DNS records? It won't work for all mail unless the senders domain has an SPF record and they do, or not, send out via the authorized mailserver IP. Even so, the "TXT" record (usually TXT, could be SPF) has to end with "-all" to force a hard fail.
Well, I've tried to send email as [email protected] from smtp server in my company, that somedomain.com has SPF record (checked with online SPF tool), and I receive that email. When I send email to my gmail account, I get it, but with softfail.
That could be the issue, if the end of the SPF record is not "-all" (hardfail) then the email will still (probably) be delivered. A softfail is meant to be picked up in the next layer of mail software after SMTP delivery. It's usually then managed by seive/maildrop filtering or end user client programs. I could be way off base but it would be worth checking from a domain with SPF hardfail set, and then maybe postfix will drop it at the SMTP level. I could set up a test case if you are desperate.
Thanks, markc. But email received by gmail has Received-SPF: softfail, and one received by my email server does not. I used same data (sender/receiver etc.) for testing (perl /usr/lib/postfix/policyd-spf-perl ) and for sending real email. When testing there were entries in syslog. That is why I think that SPF check is not working at all (not triggered).
