I set up my own Postfix server about a year ago, because I wanted to send newsletters to my users and have an "official" mail box for support requests and such. I used a guide[1] to secure it against spammers. I don't use spam assassin. In the year that followed I received exactly zero spam messages. There have been plenty of attempts to send spam using my server, but the postfix filters intercepted all of them.
To make sure that my messages are not treated as spam by the major email providers, I checked that my VPS IP is not in any of the spam blacklists and configured SPF and DKIM records. Gmail spam-flagged the messages for a while, but after a couple of months it learned they're not spam. Surprisingly, other email providers (yahoo, ms, aol) never batted an eye.
Fwiw I've had better luck without SPF records than with them (or at least without hard-fail SPF records). As far as I know, the lack of SPF never resulted in lack of delivery (and I have no delivery problems to the big providers). But my previous setup with a hardfail SPF would cause my mail to be rejected from various people's forwarding setups, especially when forwarding to corporate or university email addresses. The problematic scenario is when they have their own domain hosted somewhere with mail forwarding (e.g. via Dreamhost), that sends it onwards to their real email account hosted by an institution. The final-destination email server then sees the forwarding server as the source of the message, and bounces it for failing SPF.
Openspf.org has a page about that [1] which recommends email providers allow their users to configure authorized forwarding sources as exempt from SPF checks on their incoming mail, and default to not rejecting based on SPF when users haven't configured the preference. But in my experience few institutions follow this recommendation.
Once I ditched the SPF records, I've had no deliverability problems running my own mailserver.
I got flagged as spam pretty reliably by GMail, but I eventually discovered it was because my mail server was delivering mail to GMail over IPv6, and I had never set up proper records for my IPv6 addresses.
GMail was the only one I had that problem with because few mailservers are using IPv6.
Hmm does the 'mx' flag in SPF include the IPv6 addresses too?
The RFC seems to suggest it does but the website clearly says "All the A records for all the MX records":
http://www.openspf.org/SPF_Record_Syntax#mx
Gmail seems to accept mail from an IPv6 mx when the SPF record is "All the A records for all the MX records" (the headers says spf passed), but I'm not sure how others interpret it.
Is it better to explicitly list the IPv6 addresses in the SPF record?
I read him/her as referring to the mail server lacking an IPv6 reverse DNS address. This is a fairly common oversight, since IPv6 connectivity is getting more common, but many providers' control panels allow only easy self-setting of the IPv4 RDNS. Many mailservers are set up to reject mail from senders who lack an RDNS (and/or have one that doesn't forward-resolve back to the original IP), so in that situation, if you connect over IPv6 you may get rejected. The solution is to either disable IPv6 (less preferred option), or set a reverse DNS name for your IPv6 address (more preferred).
To make sure that my messages are not treated as spam by the major email providers, I checked that my VPS IP is not in any of the spam blacklists and configured SPF and DKIM records. Gmail spam-flagged the messages for a while, but after a couple of months it learned they're not spam. Surprisingly, other email providers (yahoo, ms, aol) never batted an eye.
I'm quite happy with my own server.
[1] https://honeypot.net/filtering-spam-with-postfix/