How to: Block Messages That Fail SPF Checks¶
An SPF record, or “Sender Policy Framework” record, is used to define a set of rules that valid email sent from a domain will follow.
By editing a file named /var/qmail/control/spfbehavior
, server administrators can
customize whether to accept or reject messages sent to the server by domains without a valid SPF record.
The possible settings are:
0: Never do SPF lookups, don’t create Received-SPF headers
1: Only create Received-SPF headers, never block
2: Use temporary errors when you have DNS lookup problems
3: Reject mails when SPF resolves to fail (deny)
4: Reject mails when SPF resolves to softfail
5: Reject mails when SPF resolves to neutral
6: Reject mails when SPF does not resolve to pass
On most servers, the file will be set to 0 or 1 by default.
Detailed information can be found here.
Contents
To Manage Whether to Accept or Reject Messages With SPF Failures¶
Log in to the server at the CLI as root, either via SSH or from the terminal
At the CLI, us a text editor to open the file
/var/qmail/control/spfbehavior
. The following example uses the Vim text editor:vim /var/qmail/control/spfbehavior
The contents of this file will just be a number, generally either 0 or 1, by default. Change this to the number from the list, above, that correlates with the desired setting
Save and exit the text editor