Implementing python policy-spf

[gariac]

FreebsdFreeBSD 10.1

I'm trying to implement spf. The manpage for policy-spf contains the instruction to change the postfix configuration files, but doesn't really explain how to implement the policyd-spf daemon. I located the default configuration file for policyd-spf at /usr/local/etc/postfix-policyd-spf-python/policyd-spf.conf. I have tried to run the daemon directly using policyd-spf /usr/local/etc/postfix-policyd-spf-python/policyd-spf.conf but it wants some input. Clearly I have to do something else start this at boot. That is, what do I enter in the rc.conf file.

There is some data on the interwebs for the Perl spf implementation, but apparently the Perl version is frozen and the Python version, is the replacement. However there is little written on setting up the python policy-spf.

 

[ohauer]

Take a look into policyd-spf(1), there is explained how to re configure postfix

 

[gariac]

policyd-spf(1) just in case someone else can't figure it out.

I found my mistake and policyd-spf is running. It works so well that all email is rejected. ;-) Yeah, I know, check the config file. I wasn't sure if this daemon needed to be in rc.conf, but I guess the spaw entry in postfix fires up policyd-spf when needed.

 

[gariac]

Just a FYI here in the event somebody hits this via an internet search. I believe there is a mistake in the policyd-spf(1) man page. Specifically it states at one point

To do so, set
"policy_time_limit = 3600" in /usr/local/etc/postfix/main.cf

Then later is found:

2. Configure the Postfix policy service in /usr/local/etc/post-
fix/main.cf:

smtpd_recipient_restrictions =
...
reject_unauth_destination
check_policy_service unix:private/policyd-spf
...
policyd-spf_time_limit = 3600

Now the second entry is correct and I believe the first is not. From the postfix website:
http://www.postfix.org/postconf.5.html#transport_time_limit

transport_time_limit (default: $command_time_limit)
A transport-specific override for the command_time_limit parameter value, where transport is the master.cf name of the message delivery transport.

Note: transport_time_limit parameters will not show up in "postconf" command output before Postfix version 2.9. This limitation applies to many parameters whose name is a combination of a master.cf service name and a built-in suffix (in this case: "_time_limit").

The text is a bit cryptic, but I gather there can be more than one transport_time_limit, hence you have to specify it as is done in the second case.

Being a newbie to FreeBSD, if I am correct, perhaps somebody can update the manual.