Thats not planned as most large providers dropped spf support already. The reason for that is that nearly 100% of all spammer domains have valid spf records while only some "normal" domains have correct SPF records in their DNS. If you want to use spf anyway, you can configure it in postfix directly.
Then create a spf record in your dns. Thats not related to installing your own spf filter in postfix.
I can create the DNS zones and not having the filter SPF postifx? It's correct? Look this error: Code: Jul 19 10:47:34 turbo amavis[1960]: (01960-06) Passed CLEAN, [189.2.157.157] [189.2.157.157] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: ssOWOvnhxVO6, Hits: -0.393, size: 21479, queued_as: 0136550C081D, 6123 ms Jul 19 11:05:26 turbo postfix/policy-spf[6330]: : Policy action=PREPEND Received-SPF: none (msig.com.br: No applicable sender policy available) receiver=turbo.macromind.com.br; identity=mailfrom; envelope-from="[email protected]"; helo=mail.ms-seg.com.br; client-ip=189.2.157.157 Jul 19 11:05:27 turbo postfix/policy-spf[6330]: 910CF50C081D: Policy action=PREPEND Received-SPF: none (msig.com.br: No applicable sender policy available) receiver=turbo.macromind.com.br; identity=mailfrom; envelope-from="[email protected]"; helo=mail.ms-seg.com.br; client-ip=189.2.157.157
Maybe not a right place for this question, but wonder if this is correct SPF usage in DNS templates: TXT|{DOMAIN}.|v=spf1 ip4:1.2.3.4 include:_spf.google.com ~all|3600
Use this instead: Code: TXT|{DOMAIN}.|v=spf1 ip4:1.2.3.4 include:_spf.google.com ~all[COLOR="Red"]|0|[/COLOR]3600
Just something I'd like to point out - As far as I know, ISPConfig doesn't properly escape/scramble SPF in its routing, so if a domain has a 'hard' SPF record - ISPConfig will fail to forward these messages. What would be the proper way to configure ISPConfig to escape SPF properly when forwarding or sending a copy to another address? So in the following configuration the mail may get lost: - Mail sent from [email protected] (example.com has a hard SPF record) - Mail is sent to: [email protected] - ispconfig.host.com forwards it to [email protected] - GMAIL rejects ispconfig.host.com, because it doesn't match SPF record in the originating example.com domain of the mail source. - E-mail is lost
Is SRS the (only) solution to this? Does it open another can of worms? Any advice? I'd like to follow this howto but am unsure about all the implications: https://www.mind-it.info/2014/02/22/forward-postfix-spf-srs/