# Postfix SPF Option



## srg (May 29, 2014)

Hey guys. I'm running postfix-2.11.1,1 built from ports on FreeBSD 10.0-RELEASE. The port has an option to support SPF via libspf2. I enabled the option. However, I can't figure out how to get it working in Postfix.

Reading mail/postfix's Makefile, enabling the SPF option fetches a patch from http://distcache.freebsd.org/local-distfiles/mm/postfix-2.8.0-libspf2-1.2.x-0.patch.gz.

Reading that patch file, the patch adds some sender restrictions, as well as adds a "Received-SPF:" header. I added a few options to my /usr/local/etc/postfix/main.cf from the patchfile:

```
spf_received_header = yes
spf_mark_only = yes
spf_reject_code = 550
spf_global_whitelist = no
```
I restarted postfix, then sent myself some mail from a Gmail account. The Received-SPF: header was not in those test emails. Am I missing something?

Thank you for the tips/advice/help!


----------



## wblock@ (May 29, 2014)

SPF does not detect spam, just forged domains.  And spammers do use it, but not all of them.


----------



## srg (May 29, 2014)

wblock@ said:
			
		

> SPF does not detect spam, just forged domains.  And spammers do use it, but not all of them.


I do understand that and how SPF works. I ran SPF, DKIM, and A/V checking in the past through security/amavisd-new with security/clamav and mail/spamassassin. However, due to the high maintenance requirements when upgrading Perl, I decided to uninstall them for the time being and rely on postfix's sender restrictions and mail/maildrop for a bit of _elementary_ filtering. This is a very low volume email system. I planned on using maildrop to read the Received-SPF: header and filtering based on that. It may or may not help, but we'll see once I do it 

It seemed to me that the SPF option/patch wasn't having an affect. I was just wondering if I was missing something in the configuration.


----------



## wblock@ (May 29, 2014)

mail/maildrop can certainly do that.  I do something similar with mail/bogofilter.  In .mailfilter, it runs `bogofilter`, then tests the added header to decide what to do with the message.


----------



## srg (May 30, 2014)

wblock@ said:
			
		

> mail/maildrop can certainly do that.  I do something similar with mail/bogofilter.  In .mailfilter, it runs `bogofilter`, then tests the added header to decide what to do with the message.


It seems that you're missing my problem. I have mail/postfix configured and installed with the SPF patch. However, the Received-SPF: header *not present* in emails from domains that *do* have a SPF record (such as GMail). My conclusion is that either the patch is not working correctly and needs to be fixed or removed from the port, or I am blindly missing a (non-documented?) configuration option to enable it. I have already searched /var/log/mail.log for any SPF- or DNS-related errors to no avail.


----------



## wblock@ (May 30, 2014)

Sorry, just responding to parts of the question that I can address.


----------

