SPF is awesome for stopping delivery of spoofed spam and junk back-scatter, but many of the articles on how to set up SPF in Zimbra are old and out-of-date. It took a bit of research and trial-and-error, but I finally got it working.
1. Install the SPF module.apt-get install libmail-spf-perl
2. Add scores to the SpamAssassin config. This was the hard part because the proper location keeps changing on me. As of Zimbra 8.5 and later, the reported location to customize SpamAssassin is here:/opt/zimbra/data/spamassassin/localrules
I refer to this article for the latest location for customizing SpamAssassin: https://wiki.zimbra.com/wiki/Anti-spam_Strategies#Customizing_SpamAssassin
Edit the file in here called local.cf and pop in the scores. You'll notice this file contains a comment at that top that says something like, "This is the place to customize SpamAssassin..." I've also seen a file called user_prefs.cf being used instead. To be honest I don't think the file name matters much because SpamAssassin reads all the cf files in this folder.
The scores should look like this. Customize them to suit your needs.
# SPF Check
score SPF_SOFTFAIL 2.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000
3. Restart Zimbra.su - zimbra
zmcontrol restart
4. Search /var/log/zimbra.log for SPF. You should see a line in the log that indicates the SPF module is starting.cat zimbra.log | grep SPF
5. Hopefully you won't receive any more spoofed email. If you do, then check the mail headers and see if the SPF check is listed. Perhaps you have to adjust your scores.
UPDATE - 2014/10/23
I updated this article for Zimbra 8.5 running on Ubuntu 14.04.
UPDATE - 2015/2/20
Tested and working with Zimbra 8.6.
Related Articles
KVM - Enable Direct PCI Pass-T...
This example was done on Ubuntu server.* Enable VM direct I/O in the BIOS.* Open /etc/default/grub using an editor like nano or something.* Find GRUB_CMDLINE_LI...
Linux - Specify From Address W...
I struggled a bit with figuring out how to specify the from email address when sending mail on the Linux command line. In short, you need to use the -r option....
Combine Image File and Audio F...
I wanted to figure out a way to quickly and easily combine an image file (jpg) and audio file (mp3) into a video file (mov) using the free media converter tool ...
Nginx - How to Block or Redire...
I've been figuring out how to block or redirect web traffic in Nginx based on the country geoIP. NOTES* You need the package nginx-extras for this because this...