* Change reject reply to 550 for RFC 2821 complianse.
* Clarified wording for some verbose logging. * Added more information about HELO checking to README
This commit is contained in:
Scott Kitterman
parent
8f82cbeb7c
commit
f876c707b9
4 changed files with 60 additions and 27 deletions
35
debian/postfix-policyd-spf-perl.8
vendored
35
debian/postfix-policyd-spf-perl.8
vendored
|
|
@ -152,15 +152,24 @@ postfix-policyd-spf-perl is a Postfix SMTPd policy daemon for SPF checking.
|
|||
It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that
|
||||
Mail::SPF is a complete re-implementation of SPF based on the final SPF RFC,
|
||||
RFC 4408. It shares no code with the older Mail::SPF::Query that was the
|
||||
original SPF development implementation.
|
||||
original SPF development implementation. If you are upgrading from on older
|
||||
version of this policy server you will need to install Mail::SPF.
|
||||
|
||||
This version of the policy server will reject mail that fails either Mail From
|
||||
or HELO SPF checks. It always checks HELO (older versions just checked HELO if
|
||||
Mail From was null). It will defer mail if there is a temporary SPF error and
|
||||
the message would othersise be permitted (DEFER_IF_PERMIT). Otherwise, it will
|
||||
PREPEND the appropriate SPF Received header. In the case of multi-recipient
|
||||
mail, multiple headers will get appended. Error conditions within the policy
|
||||
server (that don't result in a crash) or from Mail::SPF will return DUNNO.
|
||||
This version of the policy server always checks HELO before Mail From (older
|
||||
versions just checked HELO if Mail From was null). It will reject mail that
|
||||
fails either Mail From or HELO SPF checks. It will defer mail if there is a
|
||||
temporary SPF error and the message would othersise be permitted
|
||||
(DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From
|
||||
will not be checked.
|
||||
|
||||
If the message is not rejected or deferred, the policy server will PREPEND the
|
||||
appropriate SPF Received header. In the case of multi-recipient mail, multiple
|
||||
headers will get appended. If Mail From is anything other than completely empty
|
||||
(i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail
|
||||
From None even if HELO is Pass).
|
||||
|
||||
Error conditions within the policy server (that don't result in a crash) or from
|
||||
Mail::SPF will return DUNNO.
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.IX Header "DESCRIPTION"
|
||||
|
|
@ -203,7 +212,14 @@ uses only a few of all the attributes shown below:
|
|||
The policy daemon will answer in the same style, with an attribute list
|
||||
followed by a empty line:
|
||||
|
||||
action=dunno
|
||||
action=550 Please see http://www.openspf.org/Why?id=foo@bar.tld&ip=1.2.3.4&
|
||||
receiver=bar@foo.tld
|
||||
[empty line]
|
||||
|
||||
To test HELO checking sender should be empty:
|
||||
|
||||
sender=
|
||||
... More attributes...
|
||||
[empty line]
|
||||
|
||||
If you want more detail in the system logs change $VERBOSE to 1.
|
||||
|
|
@ -228,7 +244,6 @@ If you want more detail in the system logs change $VERBOSE to 1.
|
|||
NOTE: Specify check_policy_service AFTER reject_unauth_destination or
|
||||
else your system can become an open relay.
|
||||
|
||||
|
||||
3. Restart Postfix.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue