diff --git a/pillar.example b/pillar.example
index 4886062..acc24e2 100644
--- a/pillar.example
+++ b/pillar.example
@@ -7,6 +7,10 @@ postfix:
     enabled: True
     location: inet:172.16.0.5:6379
 
+  policyd-spf:
+    enabled: True
+    time_limit: 7200s
+
   config:
     smtpd_banner: $myhostname ESMTP $mail_name
     biff: 'no'
diff --git a/postfix/files/main.cf b/postfix/files/main.cf
index da420d2..0776953 100644
--- a/postfix/files/main.cf
+++ b/postfix/files/main.cf
@@ -57,7 +57,14 @@
 {{ set_parameter('recipient_delimiter', '+') }}
 {{ set_parameter('inet_interfaces', 'all') }}
 {{ set_parameter('message_size_limit', '41943040') }}
-{{ set_parameter('smtpd_relay_restrictions', ['permit_mynetworks', 'permit_sasl_authenticated', 'defer_unauth_destination']) }}
+
+{% set relay_restrictions = ['permit_mynetworks', 'permit_sasl_authenticated', 'defer_unauth_destination'] %}
+{% set policyd_spf = salt['pillar.get']('postfix:policyd-spf', {}) %}
+{% if policyd_spf.get('enabled', False) %}
+{% set relay_restrictions = relay_restrictions + ['check_policy_server unix:private/policyd-spf'] %}
+policy-spf_time_limit = {{ policyd_spf.get('time_limit', '3600s') }}
+{% endif %}
+{{ set_parameter('smtpd_relay_restrictions', relay_restrictions) }}
 
 {% set recipient_restrictions = ['permit_mynetworks', 'permit_sasl_authenticated', 'reject_unauth_destination'] %}
 {% set postgrey_config = salt['pillar.get']('postfix:postgrey', {}) %}
diff --git a/postfix/files/master.cf b/postfix/files/master.cf
index 7cd3545..0238620 100644
--- a/postfix/files/master.cf
+++ b/postfix/files/master.cf
@@ -131,3 +131,7 @@ scache    unix  -       -       n       -       1       scache
 #mailman   unix  -       n       n       -       -       pipe
 #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}
+{% if salt['pillar.get']('postfix:policyd-spf:enabled', False) %}
+policy-spf  unix  -       n       n       -       -       spawn
+  user=nobody argv=/usr/bin/policyd-spf
+{%- endif %}
diff --git a/postfix/map.jinja b/postfix/map.jinja
index d5cb418..c884024 100644
--- a/postfix/map.jinja
+++ b/postfix/map.jinja
@@ -1,24 +1,28 @@
 {% set postfix = salt['grains.filter_by']({
     'Debian': {
         'package': 'postfix',
+        'policyd_spf_pkg': 'postfix-policyd-spf-python',
         'postgrey_pkg': 'postgrey',
         'service': 'postfix',
         'aliases': '/etc/aliases',
     },
     'Gentoo': {
         'package': 'mail-mta/postfix',
+        'policyd_spf_pkg': 'mail-filter/pypolicyd-spf',
         'postgrey_pkg': 'mail-filter/postgrey',
         'service': 'postfix',
         'aliases': '/etc/mail/aliases',
     },
     'RedHat': {
         'package': 'postfix',
+        'policyd_spf_pkg': 'pypolicyd-spf',
         'postgrey_pkg': 'postgrey',
         'service': 'postfix',
         'aliases': '/etc/aliases',
     },
     'Arch' : {
         'package': 'postfix',
+        'policyd_spf_pkg': 'python-postfix-policyd-spf',
         'postgrey_pkg': 'postgrey',
         'service': 'postfix',
         'aliases': '/etc/aliases',
diff --git a/postfix/policyd-spf.sls b/postfix/policyd-spf.sls
new file mode 100644
index 0000000..273ca5b
--- /dev/null
+++ b/postfix/policyd-spf.sls
@@ -0,0 +1,5 @@
+{% from "postfix/map.jinja" import postfix with context %}
+
+policyd_spf:
+  pkg.installed:
+    - name: {{ postfix.policyd_spf_pkg }}