Policyd-spf-fs offers SPF record check for Postfix through a policy daemon. It ensures that outgoing mail servers avoid sending malicious or spam messages, by verifying sender identities. This software is compliant with RCF 4408 standards.
I was impressed by this software's performance as it proved reliable enough to handle high load mail systems and supports ip6 spf entries, which are difficult to come by in other daemons. The software only requires libspf2 >= 1.2.5 and Postfix 2.4.x to run, making the compilation a straightforward process. Just type "make" and with "make install," the policy daemon will be installed in /usr/local/sbin.
For installation, simply add the following to master.cf:
# Policy daemon for SPF
spf-policy unix - n n - - spawn user=nobody argv=/usr/local/sbin/policyd-spf-fs --debug=1
And then add the following to your main.cf:
smtpd_sender_restrictions =
your policy here
...
reject_unknown_sender_domain
reject_unverified_sender
check_policy_service unix:private/spf-policy
Be careful to have SPF after reject_unverified_sender to avoid an open relay. Under high load, it's important that the maxproc parameter matches the number of smtpd that can make requests to policyd. If this is not executed correctly, you may receive a service unavailable error in your log.
This software was recently updated with a better Makefile for packaging, a man page, and other minor fixes. However, no significant changes were made to its functionality. Overall, I found this policy daemon to be a reliable and efficient option for verifying SPF records.
Version r23: N/A