Estou usando o postfix 2.11.3-1 + deb8u2 + amavis 1: 2.10.1-2 ~ deb8u1 + postgrey 1.35-1 + postfix-policyd-spf-python 2.0.1-1 ~ bpo8 + 1 no Debian GNU / Linux Jessie.
Esta é a configuração do postfix-policyd-spf-python ( /etc/postfix-policyd-spf-python/policyd-spf.conf ):
debugLevel = 2
TestOnly = 1
HELO_reject = Fail
Mail_From_reject = Fail
PermError_reject = False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
Esta é a configuração em /etc/postfix/master.cf para o daemon SPF:
policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policyd-spf
E este é o resultado de postconf -n :
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 5d
config_directory = /etc/postfix
content_filter = smtp-amavis:127.0.0.1:10024
default_destination_recipient_limit = 25
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 0
maildrop_destination_recipient_limit = 1
maildrop_time_limit = 2000s
maximal_queue_lifetime = 5d
message_size_limit = 28311552
mydestination = $myhostname, localhost
myhostname = ...
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
parent_domain_matches_subdomains = debug_peer_list,
fast_flush_domains,
mynetworks,
permit_mx_backup_networks,
qmqpd_authorized_clients
policyd-spf_time_limit = 3600
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relayhost =
sender_bcc_maps = hash:/etc/postfix/sender-bcc
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_note_starttls_offer = no
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_connection_rate_limit = 10
smtpd_client_event_limit_exceptions =
${smtpd_client_connection_limit_exceptions:$mynetworks} ...
smtpd_client_message_rate_limit = 10
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_mx_backup,
check_client_access hash:/etc/postfix/client-accept-whitelist,
check_sender_access hash:/etc/postfix/sender-accept-whitelist,
check_sender_access hash:/etc/postfix/sender-reject-forged_domain,
check_sender_access regexp:/etc/postfix/sender-reject-blacklist,
reject_unauth_destination, reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client psbl.surriel.com,
reject_rhsbl_client rhsbl.sorbs.net,
reject_rhsbl_client bogusmx.rfc-ignorant.org,
reject_rhsbl_client dsn.rfc-ignorant.org,
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_sender bogusmx.rfc-ignorant.org,
reject_rhsbl_sender dsn.rfc-ignorant.org,
check_policy_service unix:private/policyd-spf,
check_policy_service inet:127.0.0.1:10023
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
permit_mx_backup,
check_client_access hash:/etc/postfix/client-accept-whitelist,
check_sender_access hash:/etc/postfix/sender-accept-whitelist,
check_sender_access hash:/etc/postfix/sender-reject-forged_domain,
check_sender_access regexp:/etc/postfix/sender-reject-blacklist,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client psbl.surriel.com,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rhsbl_client rhsbl.sorbs.net,
reject_rhsbl_client bogusmx.rfc-ignorant.org,
reject_rhsbl_client dsn.rfc-ignorant.org,
reject_rhsbl_sender rhsbl.sorbs.net,
reject_rhsbl_sender bogusmx.rfc-ignorant.org,
reject_rhsbl_sender dsn.rfc-ignorant.org,
check_policy_service unix:private/policyd-spf,
check_policy_service inet:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/postfix.chain.crt
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/valias
virtual_gid_maps = static:5000
virtual_mailbox_base = /srv/...
virtual_mailbox_domains = ...
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_transport = maildrop
virtual_uid_maps = static:5000
Eu verifiquei que o programa de política do SPF funciona bem na linha de comando, mas não vejo o cabeçalho Received-SPF no email processado pelo postfix nem qualquer tipo de informação de log.
Tags postfix