Specific answer:djbdns uses a single quote in its root data file to indicate a TXT record (according to
http://thedjbway.b0llix.net/djbdns/tinydns-data.html )
To create your own TXT record, you will need to create a custom template fragment because tinydns reloads the templated config every time it restarts and there is no db setting to create TXT records that I know of.
I'm guessing, but I think this would do it for you:
mkdir -p /etc/e-smith/templates-custom/var/service/tinydns/root/data/
cd /etc/e-smith/templates-custom/var/service/tinydns/root/data/
echo "'sme-mail-domain.foo:v=spfv1 blah blah blah -all:7200:" >81SPF
sv t tinydns
sv t dnscache
* I picked "81..." to put the new txt record at the end of the tinydns data file, after the "80..." entry created by Sogo on my server
* adjust the content of 81SPF to fit your configuration
* sme-mail-domain.foo must be defined as a domain on the SME server or tinydns won't respond to queries for the domain
Remove this customization using:
'rm' /etc/e-smith/templates-custom/var/service/tinydns/root/data/81SPF
sv t tinydns
sv t dnscache
More notes not addressing your specific question...There are so many factors that could be involved in your issue.
Are you using fetchmail? If so, are your SPF, DKIM, DMARC records recognized by the server that the email is delivered to?
If not, are your SPF, DKIM and DMARC records recognized by your SME server itself? That is, at the SME server shell, do you get what you expect if you check "nslookup -type=txt sme-mail-domain.foo"?
If that's all right, does your SME server require authentication for email relay("config getprop qpsmtpd RelayRequiresAuth")? Have any of your accounts been compromised?
Are your local networks set appropriately/securely, or have you modified the local networks to solve some other problem (thereby possibly allowing unauthenticated relay)? Review qpsmtpd's sense of what is local using "ls -l /var/service/qpsmtpd/config/peers"
Have you looked at /var/log/qpsmtpd/current to see what is actually happening when one of these messages is received? (You might find that the problem is a compromised workstation or network device, for example...) Some pointers can be found at
https://wiki.contribs.org/Mail_log_file_analysis Are you running any web applications (drupal, wordpress, etc) on your SME server? If so, are they patched and up-to-date, or could one of them have been compromised by an attacker? A compromised web app might appear in qpsmtpd/current as an email source of "127.0.0.1", or your server's LAN IP.