79 lines
3 KiB
Text
79 lines
3 KiB
Text
postfix-policyd-spf-perl 1.99
|
|
A Postfix SMTPd policy server for SPF checking
|
|
(C) 2007 Scott Kitterman <scott@kitterman.com>
|
|
2003-2004 Meng Weng Wong <mengwong@pobox.com>
|
|
Contributions by various members of the SPF project
|
|
<http://www.openspf.org/Software#postfix-policyd-spf-perl>
|
|
==============================================================================
|
|
|
|
postfix-policyd-spf-perl is a Postfix SMTPd policy daemon for SPF checking.
|
|
It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that
|
|
Mail::SPF is a complete re-implementation of SPF based on the final SPF RFC,
|
|
RFC 4408. It shares no code with the older Mail::SPF::Query that was the
|
|
original SPF development implementation. If you are upgrading from on older
|
|
version of this policy server you will need to install Mail::SPF.
|
|
|
|
This version of the policy server will reject mail that fails either Mail From
|
|
or HELO SPF checks. It always checks HELO (older versions just checked HELO if
|
|
Mail From was null). It will defer mail if there is a temporary SPF error and
|
|
the message would othersise be permitted (DEFER_IF_PERMIT). Otherwise, it will
|
|
PREPEND the appropriate SPF Received header. In the case of multi-recipient
|
|
mail, multiple headers will get appended. Error conditions within the policy
|
|
server (that don't result in a crash) or from Mail::SPF will return DUNNO.
|
|
|
|
See INSTALL or README.Debian for installation instructions.
|
|
|
|
Usage:
|
|
policyd-spf-perl [-v]
|
|
|
|
This documentation assumes you have read Postfix's README_FILES/
|
|
SMTPD_POLICY_README.
|
|
|
|
Logging is sent to syslogd.
|
|
|
|
Each time a Postfix SMTP server process is started it connects to the policy
|
|
service socket, and Postfix runs one instance of this Perl script. By
|
|
default, a Postfix SMTP server process terminates after 100 seconds of idle
|
|
time, or after serving 100 clients. Thus, the cost of starting this Perl
|
|
script is smoothed out over time.
|
|
|
|
The default policy_time_limit is 1000 seconds. This may be too short for some
|
|
SMTP transactions to complete. As recommended in SMTPD_POLICY_README, this
|
|
should be extended to 3600 seconds. To do so, set "policy_time_limit = 3600"
|
|
in /etc/postfix/main.cf.
|
|
|
|
Testing the policy daemon
|
|
-------------------------
|
|
|
|
To test the policy daemon by hand, execute:
|
|
|
|
% perl /usr/lib/postfix/policyd-spf-perl
|
|
|
|
Each query is a bunch of attributes. Order does not matter, and the daemon
|
|
uses only a few of all the attributes shown below:
|
|
|
|
request=smtpd_access_policy
|
|
protocol_state=RCPT
|
|
protocol_name=SMTP
|
|
helo_name=some.domain.tld
|
|
queue_id=8045F2AB23
|
|
sender=foo@bar.tld
|
|
recipient=bar@foo.tld
|
|
client_address=1.2.3.4
|
|
client_name=another.domain.tld
|
|
[empty line]
|
|
|
|
The policy daemon will answer in the same style, with an attribute list
|
|
followed by a empty line:
|
|
|
|
action=dunno
|
|
[empty line]
|
|
|
|
If you want more detail in the system logs change $VERBOSE to 1.
|
|
|
|
License
|
|
-------
|
|
|
|
postfix-policyd-spf-perl is free software. You may use, modify, and distribute
|
|
it under the GNU GPL (version 2 or later); see the LICENSE file.
|
|
|