Discussion in 'Suggest HOWTO' started by sneaky_russian, Oct 5, 2006.

  1. sneaky_russian

    sneaky_russian New Member

    Does anyone know of any decent SPF how to's?

    I keep getting stuck with it either rejecting all emails from domains without spf records, or with nothing happening at all

    I would like to use it to prevent spammers using my domain name is sending out emails

    i am right in thinking SPF can do this arent i?

    Cheers everyone
  2. sjau

    sjau Local Meanie Moderator

  3. sneaky_russian

    sneaky_russian New Member

    yeah thats what i used but i just couldnt get it working
  4. falko

    falko Super Moderator ISPConfig Developer

    Why do you think it isn't working? Do you have problems with it?
  5. sneaky_russian

    sneaky_russian New Member

    i just cant get the config right
    either it rejects all emails from domains which do not have an SPF record or it does nothing at all
    (mind you i was running Plesk when i tried all this)
    I have now reinstalled with fedora 5 and no plesk
    i have qmail running with courier imap and bind
    i would like it setup so that it doesnt allow any servers (apart from my own)
    to send mail using my domain name - can you also confirm that this is the right service i should be looking at??

  6. falko

    falko Super Moderator ISPConfig Developer

    You must put the SPF record in your domain's zone file. You don't have to configure your mail server.
  7. sneaky_russian

    sneaky_russian New Member

    tried that and was still getting the problems i mentioned before :confused:
  8. falko

    falko Super Moderator ISPConfig Developer

    Can you post one of your zone files where you use SPF?
    Are there any errors in your mail log?
  9. djtremors

    djtremors ISPConfig Developer ISPConfig Developer

    You only modify your mail server if you want to check SPF protected mail coming in (block unauthorized MX senders) otherwise all your doing in the DNS is telling everyone who your mail senders for your domain is.

    here is mine as an example which uses version 1 SPF and just says that only our MX records servers are the only ones who send mail out as companydomain.com.au, otherwise block the email if you get something from elsewhere.

    TXT SPF records
    .com.auIN TXT "v=spf1 a mx -all"
    for my server to check mail coming in, my /etc/postfix/master.cf has these lines.

    policy  unix  -       n       n       -       -       spawn
    =nobody argv=/usr/bin/perl /usr/libexec/postfix/smtpd-policy.pl
    my main.conf has this added to the section of 'smtpd_recipient_restrictions'

                check_policy_service unix:private/policy,
    and of course "/usr/libexec/postfix/smtpd-policy.pl" must be installed.

    hope this clears things up a little.
    Last edited: Oct 27, 2006

Share This Page