受信側　SPF の変更点

• 追加された行はこの色です。
• 削除された行はこの色です。
• 受信側　SPF へ行く。
• 受信側　SPF の差分を削除

#author("2022-08-02T14:08:05+09:00","default:kuji","kuji")
#author("2024-01-18T12:45:32+09:00","default:kuji","kuji")
CONTENTS
#contents
----
Lastmodified　&lastmod;
----
*受信側　SPF [#g6986d65]
https://admnote.paix.jp/2022/07/postfix%E3%81%ABspf%E5%B0%8E%E5%85%A5/

** porinstall mail/py-spf-engine [#qaf04f2b]
** portinstall mail/py-spf-engine [#qaf04f2b]

**master.cf [#m75718e1]
/usr/local/etc/postfix/master.cf
 policyd-spf unix - n n - 0 spawn
            user=nobody argv=/usr/local/bin/policyd-spf
**main.cf [#uf0290b5]
/usr/local/etc/postfix/main.cf
 smtpd_recipient_restrictions =
             reject_unauth_destination
             check_policy_service unix:private/policyd-spf
 
 policyd-spf_time_limit = 3600
「smtpd_recipient_restrictions」に policyd-spf ポリシー フィルタの呼び出しが含まれるように、main.cf で Postfix ポリシー サービスを設定します。
「smtpd_recipient_restrictions」行がすでにある場合は、「reject_unauth_destination」と書かれた行の*後*のどこかに「check_policy_service」コマンドを追加できます（そうしないと、システムがオープンリレーになる可能性があります）。
**policyd-spf.conf [#k1600c40]
/usr/local/etc/python-policyd-spf/policyd-spf.conf
 debugLevel = 1
 TestOnly = 1
 
 HELO_reject = False
 Mail_From_reject = False
 
 PermError_reject = False
 TempError_Defer = False
 
 skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

**rc.conf [#e297d740]
/etc/rc.conf
 pyspf_milter_enable="YES"
----

 Installing py39-spf-engine-2.9.3...
 ===> Creating groups.
 Using existing group 'pyspf-milter'.
 ===> Creating users
 Using existing user 'pyspf-milter'.
 #
 # Using policyd-spf with Postfix
 #
 
 Policyd-spf must be integrated with Postfix to be effective:
 
  1. Add to your postfix master.cf:
 
         policyd-spf  unix  -       n       n       -       0       spawn
             user=nobody argv=/usr/local/bin/policyd-spf
 
  2. Configure the Postfix policy service in your main.cf so that the
     "smtpd_recipient_restrictions" includes a call to the policyd-spf policy
     filter.  If you already have a "smtpd_recipient_restrictions" line, you can
     add the "check_policy_service" command anywhere *after* the line which
     reads "reject_unauth_destination" (otherwise you're system can become an
     open relay).
 
         smtpd_recipient_restrictions =
             ...
             reject_unauth_destination
             check_policy_service unix:private/policyd-spf
             ...
 
         policyd-spf_time_limit = 3600
 
   3. Please consult the postfix documentation for more information on these and
      other settings you may wish to have in the "smtpd_recipient_restrictions"
      configuration.
 
   4. Reload postfix.
 
 #
 # Automatically starting pyspf-milter at boot time.
 #
 
 Add 'pyspf_milter_enable="YES"' to /etc/rc.conf.
 
 #
 # Using pyspf-milter with Sendmail
 #
 
 Following is an example configuration line to include in your sendmail.mc.
 
 INPUT_MAIL_FILTER(`pyspf-milter', `S=local:/var/run/pyspf-milter/pyspf-milter.sock')dnl
 
 #
 # Using pyspf-milter with Postfix
 #
 
 Integration of pyspf-milter into Postfix is like any milter (See Postfix's
 README_FILES/MILTER_README). But care is required to segregate outbound mail
 from inbound mail to be checked. Here is example using milter macros to keep
 the mail streams segregated.
 
 /usr/local/etc/postfix/main.cf:
 
 smtpd_milters = unix:/var/run/pyspf-milter/pyspf-milter.sock
 
 /usr/local/etc/postfix/master.cf:
 
 smtp       inet  n       -       -       -       -       smtpd
     ...
         -o milter_macro_daemon_name=VERIFYING
     ...
 
 /usr/local/etc/python-policyd-spf/policyd-spf.conf:
 
 MacroList               daemon_name|VERIFYING
 
 
 ===>  Cleaning for py39-spf-engine-2.9.3
 --->  Cleaning out obsolete shared libraries

----
Total access &counter(total);：本日 &counter(today);：昨日 &counter(yesterday);
#counter([total|today|yesterday]);