SPF
SPF
DNS txt record
Add a txt record to DNS server:
@ TXT 300 v=spf1 a ip4:11.22.33.44/32 include:mydomain.com ~all
Test it by sending an email to check-auth@verifier.port25.com and will get a report back.
SPF on Postfix
To prevent sender address forgery, we setup The Sender Policy Framework (SPF) on the postfix. When there is an incoming email, postfix will check the SPF record.
yum install perl-Mail-SPF perl-Sys-Hostname-Long
cd /usr/local/src
wget https://launchpad.net/postfix-policyd-spf-perl/trunk/release2.010/+download/postfix-policyd-spf-perl-2.010.tar.gz
tar zvxf postfix-policyd-spf-perl-2.010.tar.gz
cd postfix-policyd-spf-perl-2.010
cp postfix-policyd-spf-perl /usr/local/sbin/.
Then edit /etc/postfix/master.cf and add the following stanza at the end:
[...]
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/local/sbin/postfix-policyd-spf-perl
(The leading spaces before user=nobody ... are important so that Postfix knows that this line belongs to the previous one!)
Then open /etc/postfix/main.cf and search for the smtpd_recipient_restrictions directive. You should have reject_unauth_destination in that directive, and right after reject_unauth_destination you add check_policy_service unix:private/policy like this:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy
policy_time_limit = 3600