In computing, Sender Policy Framework (SPF) allows software to identify messages that are or are not authorized to use the domain name in the SMTP HELO and MAIL FROM (Return-Path) commands, based on information published in a sender policy of the domain owner. Forged return paths are common in e-mail spam and result inbackscatter. SPF is defined in RFC 4408. from wikipedia
Install require packages
root@ns99 ~ # yum install perl-Mail-SPF
Get SPF module from http://www.openspf.org/Software Newest at this time is 2.007 and Install SPF module
root@ns99 ~ # wget http://www.openspf.org/blobs/postfix-policyd-spf-perl-2.007.tar.gz root@ns99 ~ # tar zxvf postfix-policyd-spf-perl-2.007.tar.gz root@ns99 ~ # mv postfix-policyd-spf-perl-2.007/postfix-policyd-spf-perl /usr/local/lib.
add following line to /etc/postfix/master.cf
policy unix – n n – 0 spawn
user=nobody argv=/usr/bin/perl /usr/local/lib/policyd-spf-perl
add following line to /etc/postfix/main.cf
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service,
check_policy_service unix:private/policy
policy_time_limit = 3600
Add SPF record to your DNS. SPF record can be wizardly made from http://old.openspf.org/wizard.html?mydomain=example.com&submit=Go%21
spf01 IN TXT “v=spf1 +ip4:xxx.xxx.xxx.xxx/24 ~all”
spf02 IN TXT “v=spf1 +ip4:yyy.yyy.yyy.yyy/24 ~all”
@ IN TXT “v=spf1 include:spf01.example.com include:spf02.example.com ~all”