Signing your own hosted emails with SFP:- (Linux, Postfix, Dovecot, Roundcube, DKIM, SFP and MySQL).

Authentication is a way to prove an email isn’t forged. To sign you self hosted emails and avoid them from being flagged as spam, here are the steps to follow.

SPF (Sender Policy Framework) record specifies which hosts or IP addresses are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain.

  1. Create an SPF Record in DNS In your DNS management interface, create a new TXT record like below.
TXT  @   v=spf1 mx ~all

2. Configuring SPF Policy Agent

install required packages:

sudo apt install postfix-policyd-spf-python

Then edit the Postfix master process configuration file.

sudo nano /etc/postfix/

Add the following lines at the end of the file, which tells Postfix to start the SPF policy daemon when it’s starting itself.

policyd-spf  unix  -       n       n       -       0       spawn
    user=policyd-spf argv=/usr/bin/policyd-spf

Save and close the file. Next, edit Postfix main configuration file.

sudo nano /etc/postfix/

Append the following lines at the end of the file. The first line specifies the Postfix policy agent timeout setting. The following lines will impose restriction on incoming emails by rejecting unauthorized email and checking SPF record.

policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
   check_policy_service unix:private/policyd-spf

Save and close the file. Then restart Postfix.

sudo service postfix restart


Facebook Comments

You may also like