Japanatron Logo

SPF is awesome for stopping delivery of spoofed spam and junk back-scatter, but many of the articles on how to set up SPF in Zimbra are old and out-of-date.  It took a bit of research and trial-and-error, but I finally got it working.

1. Install the SPF module.
apt-get install libmail-spf-perl

2. Add scores to the SpamAssassin config.  This was the hard part because the proper location keeps changing on me.  As of Zimbra 8.5 and later, the reported location to customize SpamAssassin is here:

I refer to this article for the latest location for customizing SpamAssassin: https://wiki.zimbra.com/wiki/Anti-spam_Strategies#Customizing_SpamAssassin

Edit the file in here called local.cf and pop in the scores.  You'll notice this file contains a comment at that top that says something like, "This is the place to customize SpamAssassin..."  I've also seen a file called user_prefs.cf being used instead.  To be honest I don't think the file name matters much because SpamAssassin reads all the cf files in this folder.

The scores should look like this.  Customize them to suit your needs.
# SPF Check
score SPF_SOFTFAIL 2.000
score SPF_FAIL 10.000
score SPF_HELO_FAIL 10.000

3. Restart Zimbra.
su - zimbra
zmcontrol restart

4. Search /var/log/zimbra.log for SPF.  You should see a line in the log that indicates the SPF module is starting.
cat zimbra.log | grep SPF

5. Hopefully you won't receive any more spoofed email.  If you do, then check the mail headers and see if the SPF check is listed.  Perhaps you have to adjust your scores.

UPDATE - 2014/10/23
I updated this article for Zimbra 8.5 running on Ubuntu 14.04.

UPDATE - 2015/2/20
Tested and working with Zimbra 8.6.

Related Articles

Joomla Running on Nginx and Ub...

What follows is an outline I compiled while researching how to tighten security on a Nginx web server. NOTE 1: Ubuntu 14.04 LTS was used for this. NOTE 2: This ...

Zimbra - How to Change MTA EHL...

It's a good idea to match your Zimbra MTA hostname given during an EHLO with the hostname associated with your public IP address.su - zimbrazmprov mcf zimbraMta...

My Adventures in Spam Blocking

I hate spam.  I detest it.  And I'm not talking about the scrumptious processed meat product.  I think you all know the spam I'm referring to—the kind peddling ...

Zimbra - Add Trusted Relay to ...

My domain name registrar offers email aliases and forwarding; however, this feature causes my mail server's SPF checks to fail because the registrar's mail rela...