You're probably right. But I want to be able to say *something* in my
Linux Journal article on "how to turn on SPF in your MTA" :)
For Postfix:
(1) Install Postfix 2.1 (or Experimental Release Postfix Snapshot
20040209 if 2.1 hasn't been released yet when the article is printed)
(2) Install the SPF Policy Daemon
(3) Use IPTables-Magic so that external machines can't access the SPF
Policy Daemon
(4) Set up Postfix to ask the SPF Daemon
You might also want to add that for a complete solution, they should
(5) Install amavisd-new (the virus scanner framework)
(6) Configure Postfix to run all e-mail through Amavis
(7) Install clamav as virus scanner
(8) Install Spamassasin
(9) Configure Amavisd-new to use clamav and spamassasin
The only thing that keeps people from adopting SPF is the ongoing
discussion about "Extensibility". It is my deep conviction that there
is no place for built-in extensibility in the first SPF version. Just
take what you have, call it final, and then everybody and his uncle
can adopt SPF. As long as this discussion continues, you won't see any
widespread adoption of, of, of what?! As long as there is no
authoritative, final, unchanging _standard_, you won't see adoption.
Carsten