[opendmarc-users] opendmarc & smf-spf

Scott Kitterman sklist at kitterman.com
Mon Nov 30 06:43:20 PST 2015


On Monday, November 30, 2015 12:55:52 PM Benny Pedersen wrote:
> Django [BOfH] skrev den 2015-11-30 11:52:
> > a few month agoe I build both packages opendmarc and smf-spf. smf-spf's
> > projectpage at sourgeforge seem broken.
> 
> +1
> 
> > How good is opendmarc's own spf-implementation? Is it robust enough for
> > production.use? Or exists a nother milter for spf review?
> 
> dont use it
> 
> libspf2 is depricated with sender-id, so you get false spf pass and
> fails for sender-id domains
> 
> use pypolicyd-spf, configure it to add AR headers, and since
> check-policy-servive in postfix is called before smtpd_milters in
> postfix it works
> 
> for spamasssassin call pypolicyd-spf with the default headers
> (recieved-spf)

First, Sender-ID is dead.  Even Microsoft admits this.

Second, there are two ways to get internal SPF checking in Opendmarc.  One is 
its internal implementation and the other is with libspf2.  As far as I can 
tell, the internal implementation is incomplete and I don't recommend it, but 
fundamentally there's nothing wrong with libspf2.  It hasn't been updated for 
RFC 7208, but the differences are not major.

Pypolicyd-spf has been updated for RFC 7208, so using it to produce header 
fields for opendmarc to consume is a good way to go for postfix users, but it's 
not the only reasonable way to do it.

Scott K


More information about the opendmarc-users mailing list