I wanted to create one thread with all the SPF stuff b/c I was getting confused.
SPF :: www.openspf.org
SPF is a way of checking the MX record IP is vaild to be the sender on an email for a particular domain. There is 2 parts to SPF…
Step 1
One is publishing your SPF records on your DNS. This allows other server running SPF module to check that if they get an email from someone@yourdomain.com that it is really someone sending from you mail server and not a spammer just using your address. You can learn how to setup the DNS TXT records on the SPF website and they also have a nice wizard that can help you http://www.openspf.org/wizard.html. If you haven’t already you should definately setup you DNS SPF records so keep people from sending email based on your domain.
Related Threads:
How to setup TXT records with Iworx
http://interworx.com/forums/showthread.php?t=460&highlight=spf
Step 2
The second part of SPF is running the module on your mail server so you can check that the mail your receive from someone@outsidedomain.com are really that person at outsidedomain.com.
So far I understand there are 2 ways to implement SPF which is similar to how you can block emails via SA(SpamAssassin) at SMTP level and LOCAL DELIVERY level.
Method 1 - SpamAssassin Integration:
You can have SA scan the emails using SPF plugin to increase the “spam points”. This would be a good method to have and maybe the more flexable of the two. This one seems pretty easy to implement and I dont see it affecting Iworx at all.
From the other thread Paul mentions that this can be installed by:
You can try installing the missing perl module through cpan like this:
perl -MCPAN -e “install Mail::SPF”
I haven’t tested this, but seems easy enough. I did start to try it, but that command wanted to create a directory in my /root folder to setup the CPAN stuff and I didn’t want to install something to just compile one thing, but maybe its the best way, not sure.
The other way to do it is manually. I found these instructions on how to install Mail::SPF::Query:
wget http://spf.pobox.com/Mail-SPF-Query-1.997.tar.gz
tar xvzf Mail-SPF-Query-1.997.tar.gz
cd Mail-SPF-Query-1.997
perl Makefile.PL
make
make test
make install
That also seems pretty easy to do without using the cpan stuff.
Related Threads:
SPF & SpamAssassin Info
http://interworx.com/forums/showthread.php?t=1095
SPF & SpamAssassin Error
http://interworx.com/forums/showthread.php?t=1037
Method 2 - Qmail (SMTP level) Integration
I am not sure if patching Qmail with SPF could cause any problems with Iworx, so I wouldn’t try this until someone from Iworx replies to this thread
The other method is using Qmail itself to block at SMTP level. You can patch Qmail to make it understand SPF and block emails before ever downloading them to your server or wasting CPU time scanning them with SA.
From OpenSPF downloads page http://www.openspf.org/downloads.html it gives you the options for Qmail patching.
http://www.libspf.org/
http://www.libspf2.org/
http://www.saout.de/misc/spf/
The last link is an implementation of the libspf (I think its on libspf2, not sure though) for Qmail in a patch form. The process on that page to apply the patch seems pretty painless, but again I think I would wait for someone from Iworx to comment before proceding.
I don’t see any reason why you couldn’t setup both methods, but at this point I dont see why you would need to setup the SA method if you have Qmail doing the checks at SMTP level.
Please share your thoughts on this!