# Postfix with SPF enabled?



## mariourk (Oct 1, 2013)

I noticed Postfix apparently has built-in SPF support. So, I rebuilt Postfix, with this option enabled and added these lines to main.cf:


```
spf_explanation = "%{h} [%{i}] is not allowed to send mail for %{s}"
spf_global_whitelist = yes
spf_received_header = yes
smtpd_sender_restrictions = reject_spf_invalid_sender
```

I also added SPF records to my domain records, that checked out fine.

The thing is, Postfix doesn't do anything with this. I don't see any Received-SPF in the headers of received emails. And when I deliberately send an email with a faked domain, it happily accepts the email.

Does anyone know how to correctly configure this? There are of[[]course methods that use external Perl or Python modules, to pull this off. But since Postfix seems to have built-in support, I prefer to use that.

Thanks!


----------



## ShelLuser (Oct 1, 2013)

mariourk said:
			
		

> I noticed Postfix apparently has built-in SPF support. So, I rebuilt Postfix, with this option enabled


It doesn't really matter all that much when using the ports collection, but keep in mind that this support is not built-in. Postfix utilizes mail/libspf2 to provide SPF support.



			
				mariourk said:
			
		

> ```
> spf_explanation = "%{h} [%{i}] is not allowed to send mail for %{s}"
> spf_global_whitelist = yes
> spf_received_header = yes
> ...


I'd comment out spf_global_whitelist and add spf_mark_only for now. That would make a much better testcase.

spf_global_whitelist does just that]spf_mark_only[/file] will make sure that your server won't reject any e-mails but will add the header to all the e-mails which passed. That should provide a little more information.

Hope this can help.


----------

