# Implementing python policy-spf



## gariac (Oct 19, 2015)

FreebsdFreeBSD 10.1

I'm trying to implement spf. The manpage for policy-spf contains the instruction to change the postfix configuration files, but doesn't really explain how to implement the policyd-spf daemon. I located the default configuration file for policyd-spf at /usr/local/etc/postfix-policyd-spf-python/policyd-spf.conf. I have tried to run the daemon directly using `policyd-spf /usr/local/etc/postfix-policyd-spf-python/policyd-spf.conf` but it wants some input. Clearly I have to do something else start this at boot. That is, what do I enter in the rc.conf file.

There is some data on the interwebs for the Perl spf implementation, but apparently the Perl version is frozen and the Python version, is the replacement. However there is little written on setting up the python policy-spf.


----------



## ohauer (Oct 22, 2015)

Take a look into policyd-spf(1), there is explained how to re configure postfix


----------



## gariac (Oct 23, 2015)

policyd-spf(1) just in case someone else can't figure it out.

I found my mistake and policyd-spf is running. It works so well that all email is rejected. ;-) Yeah, I know, check the config file. I wasn't sure if this daemon needed to be in rc.conf, but I guess the spaw entry in postfix fires up policyd-spf when needed.


----------



## gariac (Oct 24, 2015)

Just a FYI here in the event somebody hits this via an internet search. I believe there is a mistake in the policyd-spf(1) man page. Specifically it states at one point

_



			To do so, set
       "policy_time_limit = 3600" in /usr/local/etc/postfix/main.cf
		
Click to expand...

_
Then later is found:
_



			2. Configure the Postfix policy service in /usr/local/etc/post-
       fix/main.cf:

               smtpd_recipient_restrictions =
                   ...
                   reject_unauth_destination
                   check_policy_service unix:private/policyd-spf
                   ...
               policyd-spf_time_limit = 3600
		
Click to expand...

_
Now the second entry is correct and I believe the first is not. From the postfix website:
http://www.postfix.org/postconf.5.html#transport_time_limit

_



			transport_time_limit (default: $command_time_limit)
A transport-specific override for the command_time_limit parameter value, where transport is the master.cf name of the message delivery transport.
		
Click to expand...





			Note: transport_time_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a built-in suffix (in this case: "_time_limit").
		
Click to expand...

_
The text is a bit cryptic, but I gather there can be more than one transport_time_limit, hence you have to specify it as is done in the second case.

Being a newbie to FreeBSD, if I am correct, perhaps somebody can update the manual.


----------

