Documentation cleanup.
This commit is contained in:
Scott Kitterman
parent
1486640042
commit
f778a5ebbf
4 changed files with 32 additions and 16 deletions
3
CHANGES
3
CHANGES
|
|
@ -4,13 +4,14 @@
|
||||||
# ! = Changed something significant, or removed a feature
|
# ! = Changed something significant, or removed a feature
|
||||||
# * = Fixed a bug, or made a minor improvement
|
# * = Fixed a bug, or made a minor improvement
|
||||||
|
|
||||||
--- UNRELEASED (2007-04-30 19:03)
|
--- 2.005 (2007-12-14 23:29 -0500)
|
||||||
* Decreased timeout for DNS queries via UDP to 10s from Net::DNS::Resolver's
|
* Decreased timeout for DNS queries via UDP to 10s from Net::DNS::Resolver's
|
||||||
default of 40s (by doing only 1 retransmission rather than 3 after a query
|
default of 40s (by doing only 1 retransmission rather than 3 after a query
|
||||||
fails). Until Mail::SPF provides an explicit option for this, we just
|
fails). Until Mail::SPF provides an explicit option for this, we just
|
||||||
create our own resolver object and make Mail::SPF use that.
|
create our own resolver object and make Mail::SPF use that.
|
||||||
* Adjust master.cf recommendations in INSTALL for new recommendations from
|
* Adjust master.cf recommendations in INSTALL for new recommendations from
|
||||||
Wietse Venema (postfix-users mailing list).
|
Wietse Venema (postfix-users mailing list).
|
||||||
|
* Other minor documentation cleanup
|
||||||
|
|
||||||
--- 2.004 (2007-04-18 15:36)
|
--- 2.004 (2007-04-18 15:36)
|
||||||
* Fix header text to work with Postfix (access 5 requirements).
|
* Fix header text to work with Postfix (access 5 requirements).
|
||||||
|
|
|
||||||
4
INSTALL
4
INSTALL
|
|
@ -30,5 +30,7 @@ Installing
|
||||||
NOTE: Specify check_policy_service AFTER reject_unauth_destination or
|
NOTE: Specify check_policy_service AFTER reject_unauth_destination or
|
||||||
else your system can become an open relay.
|
else your system can become an open relay.
|
||||||
|
|
||||||
4. Restart Postfix.
|
4. Add "policy_time_limit = 3600" to main.cf
|
||||||
|
|
||||||
|
5. Restart Postfix.
|
||||||
|
|
||||||
|
|
|
||||||
24
README
24
README
|
|
@ -1,6 +1,6 @@
|
||||||
postfix-policyd-spf-perl 2.003
|
postfix-policyd-spf-perl 2.005
|
||||||
A Postfix SMTPd policy server for SPF checking
|
A Postfix SMTPd policy server for SPF checking
|
||||||
(C) 2007 Scott Kitterman <scott@kitterman.com> and Julian Mehnle
|
(C) 2007 Scott Kitterman <scott@kitterman.com> and Julian Mehnle
|
||||||
<julian@mehnle.net>
|
<julian@mehnle.net>
|
||||||
(C) 2003-2004 Meng Weng Wong <mengwong@pobox.com>
|
(C) 2003-2004 Meng Weng Wong <mengwong@pobox.com>
|
||||||
Thanks for contributions by various members of the SPF project
|
Thanks for contributions by various members of the SPF project
|
||||||
|
|
@ -10,31 +10,31 @@ Thanks for contributions by various members of the SPF project
|
||||||
postfix-policyd-spf-perl is a Postfix SMTPd policy daemon for SPF checking.
|
postfix-policyd-spf-perl is a Postfix SMTPd policy daemon for SPF checking.
|
||||||
It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that
|
It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that
|
||||||
Mail::SPF is a complete re-implementation of SPF based on the final SPF RFC,
|
Mail::SPF is a complete re-implementation of SPF based on the final SPF RFC,
|
||||||
RFC 4408. It shares no code with the older Mail::SPF::Query that was the
|
RFC 4408. It shares no code with the older Mail::SPF::Query that was the
|
||||||
original SPF development implementation. If you are upgrading from on older
|
original SPF development implementation. If you are upgrading from on older
|
||||||
version of this policy server you will need to install Mail::SPF.
|
version of this policy server you will need to install Mail::SPF.
|
||||||
|
|
||||||
This version of the policy server always checks HELO before Mail From (older
|
This version of the policy server always checks HELO before Mail From (older
|
||||||
versions just checked HELO if Mail From was null). It will reject mail that
|
versions just checked HELO if Mail From was null). It will reject mail that
|
||||||
fails either Mail From or HELO SPF checks. It will defer mail if there is a
|
fails either Mail From or HELO SPF checks. It will defer mail if there is a
|
||||||
temporary SPF error and the message would othersise be permitted
|
temporary SPF error and the message would othersise be permitted
|
||||||
(DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From
|
(DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From
|
||||||
will not be checked.
|
will not be checked.
|
||||||
|
|
||||||
If the message is not rejected or deferred, the policy server will PREPEND the
|
If the message is not rejected or deferred, the policy server will PREPEND the
|
||||||
appropriate SPF Received header. If Mail From is anything other than completely
|
appropriate SPF Received header. If Mail From is anything other than completely
|
||||||
empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g.
|
empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g.
|
||||||
Mail From None even if HELO is Pass).
|
Mail From None even if HELO is Pass).
|
||||||
|
|
||||||
The policy server skips SPF checks for connections from the localhost (127.) and
|
The policy server skips SPF checks for connections from the localhost (127.) and
|
||||||
instead prepends and logs 'SPF skipped - localhost is always allowed.' If you
|
instead prepends and logs 'SPF skipped - localhost is always allowed.' If you
|
||||||
have relays that you want to skip SPF checks for, you can add them to
|
have relays that you want to skip SPF checks for, you can add them to
|
||||||
relay_addresses on line 78 using standard CIDR notation in a space separated
|
relay_addresses on line 78 using standard CIDR notation in a space separated
|
||||||
list. For these addresses, 'X-Comment: SPF skipped for whitelisted relay' is
|
list. For these addresses, 'X-Comment: SPF skipped for whitelisted relay' is
|
||||||
prepended and logged.
|
prepended and logged.
|
||||||
|
|
||||||
Error conditions within the policy server (that don't result in a crash) or from
|
Error conditions within the policy server (that don't result in a crash) or from
|
||||||
Mail::SPF will return DUNNO.
|
Mail::SPF will return DUNNO.
|
||||||
|
|
||||||
See INSTALL for installation instructions.
|
See INSTALL for installation instructions.
|
||||||
|
|
||||||
|
|
|
||||||
17
test_cases
17
test_cases
|
|
@ -19,7 +19,7 @@ instance=2
|
||||||
#no HELO and mfrom pass
|
#no HELO and mfrom pass
|
||||||
request=smtpd_access_policy
|
request=smtpd_access_policy
|
||||||
client_address=72.81.252.18
|
client_address=72.81.252.18
|
||||||
helo_name=mailout03.controlledmail.com
|
helo_name=72.81.252.18
|
||||||
sender=scott@kitterman.com
|
sender=scott@kitterman.com
|
||||||
recipient=bogus@kitterman.org
|
recipient=bogus@kitterman.org
|
||||||
queue_id=q1234
|
queue_id=q1234
|
||||||
|
|
@ -127,8 +127,21 @@ instance=15
|
||||||
# Permerror reject
|
# Permerror reject
|
||||||
request=smtpd_access_policy
|
request=smtpd_access_policy
|
||||||
client_address=72.81.252.18
|
client_address=72.81.252.18
|
||||||
helo_name=mailout00.yahoo.com
|
helo_name=elvey.com
|
||||||
sender=scott@elvey.com
|
sender=scott@elvey.com
|
||||||
recipient=bogus2@kitterman.org
|
recipient=bogus2@kitterman.org
|
||||||
queue_id=q1234
|
queue_id=q1234
|
||||||
instance=16
|
instance=16
|
||||||
|
|
||||||
|
# None and None
|
||||||
|
request=smtpd_access_policy
|
||||||
|
client_address=71.17.127.27
|
||||||
|
helo_name=71-17-127-27.estv.hsdb.sasknet.sk.ca
|
||||||
|
sender=dalbecbhoj@accessamericatransport.com
|
||||||
|
recipient=hostmaster@jamux.com
|
||||||
|
|
||||||
|
request=smtpd_access_policy
|
||||||
|
client_address=200.120.31.84
|
||||||
|
helo_name=autohaus-knabe.de
|
||||||
|
sender=daniel.hahnomjy@autohaus-knabe.de
|
||||||
|
recipient=jam@jamux.com
|
||||||
Loading…
Add table
Add a link
Reference in a new issue