Ok. I finally got it working. Really though, what a horrific pain!
First I tried 'libspf' RC1 and found it too buggy to use.
Second, I spent endless hours figuring out how to download and
install Perl modules, and constantly hitting undocumented
dependencies.
Third, I had to make a whole bunch of changes to 'spf-milter' to
get it working. I had to hack in the 'fallback' option, and I
had to modify the whitelisting logic to support whitelisted
envelope senders instead of whitelisted envelope recipients.
Oh, and I had to read the code to learn that a "SPF:" tag
is required for the entries in 'access.db' Not documented.
Fourth I had to make this bug-fix to 'Query.pm' so that it will
ignore non-SPF TXT records and execute 'fallback' correctly:
1729a1730,1741
# check for non-SPF TXT records
my $spf_flag = 0;
foreach (@txt) {
if (/^v=spf1\s/) {
$spf_flag = 1;
last;
}
}
if (! $spf_flag) {
@txt = ();
}
After all this screwing around I finally got to the place I
expected to start: Crafting a few 'fallback' records to
guarantee that my critical correspondents at large corporations
will not have any trouble sending me e-mail. It should be
possible to put these in a config file instead of writing them
in Perl. For the few correspondents that have e-mail accounts
at huge providers like MindSpring and Yahoo, I created
"SFP:user(_at_)domain(_dot_)tld OK" entries in the 'access.db' file that
match their exact e-mail addresses.
Now it's working quite nicely. For hours now I've been watching
spammers getting bounced in the 'sendmail' log, and
corresponding with someone in London all the while. I figure
I'm safe from spammers for a few months till they start
publishing SPF. Then I'll have to go to RHSBLing them or
possibly creating a RSHWL and blocking the rest of the world.
People who don't know me and actually are interested in
transacting business can pick up the telephone. I find my
SpamCop account gets no spam whatsoever (very toxic for spamers,
easy to listwash), so I'll use that for dumb stuff like
purchasing things from BUY.COM.
SPF must be made much easier to deploy! The ability to hack
Perl code and obsessive persistence should not be requirements
for getting SPF working!