(Hmm, this suggests the python version might be better).
aptitude -P install postfix-policyd-spf-perl
Add this to master.cf (but perhaps change the path to the script):
policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
Add this to main.cf, directly below/after reject_unauth_destination (if you do it before, you are an open relay):
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy reject_unauth_pipelining, reject_non_fqdn_recipient
The source article has stuff about testing.