more stringent checking

mailsrv/assets/postfix/policyd-spf.conf

@@ -16,7 +16,7 @@ TestOnly = 1
 #  HELO_reject = Null - Only reject HELO Fail for Null sender (SPF Classic)
 #  HELO_reject = False - Never reject/defer on HELO, append header only. 
 #  HELO_reject = No_Check - Never check HELO.
-HELO_reject = Fail
+HELO_reject = Softfail
 
 #  HELO pass restriction policy.
 #  HELO_pass_restriction = helo_passed_spf - Apply the given restriction when
@@ -30,7 +30,7 @@ HELO_reject = Fail
 #  Mail_From_reject = Fail - Reject on Mail From Fail (default)
 #  Mail_From_reject = False - Never reject/defer on Mail From, append header only
 #  Mail_From_reject = No_Check - Never check Mail From/Return Path.
-Mail_From_reject = Fail
+Mail_From_reject = Softfail
 
 #  Reject only from domains that send no mail. Options are:
 #  No_Mail = False - Normal SPF record processing (default)
@@ -52,7 +52,7 @@ Mail_From_reject = Fail
 #  Policy for rejecting due to SPF PermError.  Options are:
 #  PermError_reject = True
 #  PermError_reject = False
-PermError_reject = False
+PermError_reject = True
 
 #  Policy for deferring messages due to SPF TempError.  Options are:
 #  TempError_Defer = True