protocol.be

Step 1
Install the SPF Checker for postfix

apt-get install postfix-policyd-spf-python
Step 2
edit your /etc/postfix/master.cf

policyd-spf  unix  -       n       n       -       0       spawn
    user=policyd-spf argv=/usr/bin/policyd-spf
 

Step 3
edit your /etc/postfix/main.cf

policyd-spf_time_limit = 3600
smtpd_recipient_restrictions =
    ...
    reject_unauth_destination,
    check_policy_service unix:private/policyd-spf,
    ...
Make sure, you are putting the check_policy_service unix after the reject_unauth_destination line, to not become an open relay to the world.

 

Step 4
Finally, do not forget to reload / restart your postfix

/etc/init.d/postfix restart
 

Step 5
If you find the following in received Email Headers, your SPF is working properly

Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.216.181; helo=mail-qt0-f181.google.com; envelope-from=yourmailaddress@gmail.com; receiver=info@miyw.de
 

Step 6 (optional)
instead of blocking wrong SPF Senders(default behaviour), you can just let python-spf tag them for spamassasin

edit /etc/postfix-policyd-spf-python/policyd-spf.conf and set

HELO_reject False

Mail_From_reject False
this will accept Emails with wrong SPF but SA will mark them as spam afterwards.