Japanatron Logo

SPF is awesome for stopping delivery of spoofed spam and junk back-scatter, but many of the articles on how to set up SPF in Zimbra are old and out-of-date.  It took a bit of research and trial-and-error, but I finally got it working.

1. Install the SPF module.
apt-get install libmail-spf-perl

2. Add scores to the SpamAssassin config.  This was the hard part because the proper location keeps changing on me.  As of Zimbra 8.5 and later, the reported location to customize SpamAssassin is here:
/opt/zimbra/data/spamassassin/localrules

I refer to this article for the latest location for customizing SpamAssassin: https://wiki.zimbra.com/wiki/Anti-spam_Strategies#Customizing_SpamAssassin

Edit the file in here called local.cf and pop in the scores.  You'll notice this file contains a comment at that top that says something like, "This is the place to customize SpamAssassin..."  I've also seen a file called user_prefs.cf being used instead.  To be honest I don't think the file name matters much because SpamAssassin reads all the cf files in this folder.

The scores should look like this.  Customize them to suit your needs.
# SPF Check
score SPF_SOFTFAIL 2.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000

3. Restart Zimbra.
su - zimbra
zmcontrol restart

4. Search /var/log/zimbra.log for SPF.  You should see a line in the log that indicates the SPF module is starting.
cat zimbra.log | grep SPF

5. Hopefully you won't receive any more spoofed email.  If you do, then check the mail headers and see if the SPF check is listed.  Perhaps you have to adjust your scores.

UPDATE - 2014/10/23
I updated this article for Zimbra 8.5 running on Ubuntu 14.04.

UPDATE - 2015/2/20
Tested and working with Zimbra 8.6.

Related Articles

Zimbra - Add Trusted Relay to ...

My domain name registrar offers email aliases and forwarding; however, this feature causes my mail server's SPF checks to fail because the registrar's mail rela...

KVM - Enable Direct PCI Pass-T...

This example was done on Ubuntu server.* Enable VM direct I/O in the BIOS.* Open /etc/default/grub using an editor like nano or something.* Find GRUB_CMDLINE_LI...

My Adventures in Spam Blocking

I hate spam.  I detest it.  And I'm not talking about the scrumptious processed meat product.  I think you all know the spam I'm referring to—the kind peddling ...

Linux - Specify From Address W...

I struggled a bit with figuring out how to specify the from email address when sending mail on the Linux command line.  In short, you need to use the -r option....