I've started getting a lot of bounce-back spam recently for one of the domains linked to my VPS. I've tcpdumped a few days and don't see anything going out, and the domain in question doesn't appear to be stolen.

dnsreport.com tells me: Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain [...]

With very limited knowledge of how to correctly set up my mail servers, I've been going through the RimuHosting Control Panel. Is there a way to set up an SPF record using the Control Panel, is this a file I add to my MTA (exim) configuration, or am I barking up the wrong tree entirely?

Any advice is welcome.
Thanks.

You can use this wizard to create your SPF record...

http://spf.pobox.com/wizard.html

It may look something like this:

mydomain.com. IN TXT v=spf1 a include:qwest.net ~all

This record allows the ip of mydomain.com to send mail, and also allows any server that is authorized to send mail for qwest.net to also send mydomain.com mail, (say you use an ISP's SMTP server occasionally) and all other machines would report a softfail. It'd still be delivered but spam filters would assign points to it.

If you use Rimuhostings DNS, you'd just create a new TXT record for your domain, and leave the host blank, and add "v=spf1 a include:qwest.net ~all" (no quotes) in the value field.

Theres more info on SPF.pobox.com on setting up your mailserver to respect these entries. Adding the entry to DNS just allows your domain to be compliant.

Cool, got that up and running now.
I'll post again if the problem persists.