spfd(1) - Linux man page

Name

spfd - simple forking daemon to provide SPF query services

Version

2006-02-07

Synopsis

spfd --port port [--set-user uid│username] [--set-group gid│groupname]

spfd --socket filename [--socket-user uid│username] [--socket-group gid│groupname] [--socket-perms octal-perms] [--set-user uid│username] [--set-group gid│groupname]

spfd --help

Description

spfd is a simple forking Sender Policy Framework ( SPF ) query proxy server. spfd receives and answers SPF query requests on a TCP/IP or UNIX domain socket.

The --port form listens on a TCP/IP socket on the specified port. The default port is 5970.

The --socket form listens on a UNIX domain socket that is created with the specified filename. The socket can be assigned specific user and group ownership with the --socket-user and --socket-group options, and specific filesystem permissions with the --socket-perms option.

Generally, spfd can be instructed with the --set-user and --set-group options to drop root privileges and change to another user and group before it starts listening for requests.

The --help form prints usage information for spfd.

Request

A request consists of a series of lines delimited by \x0A ( LF ) characters (or whatever your system considers a newline). Each line must be of the form key=value, where the following keys are required:

ip

The sender IP address.

sender

The envelope sender address (from the SMTP "MAIL FROM" command).

helo

The envelope sender hostname (from the SMTP "HELO" command).

Response

spfd responds to query requests with similar series of lines of the form key=value. The most important response keys are:

result

The result of the SPF query:

pass

The specified IP address is an authorized mailer for the sender domain/address.

fail

The specified IP address is not an authorized mailer for the sender domain/address.

softfail

The specified IP address is not an authorized mailer for the sender domain/address, however the domain is still in the process of transitioning to SPF .

neutral

The sender domain makes no assertion about the status of the IP address.

unknown

The sender domain has a syntax error in its SPF record.

error

A temporary DNS error occurred while resolving the sender policy. Try again later.

none

There is no SPF record for the sender domain.

smtp_comment

The text that should be included in the receiver's SMTP response.

header_comment

The text that should be included as a comment in the message's "Received-SPF:" header.

spf_record

The SPF record of the envelope sender domain.

For the description of other response keys see Mail::SPF::Query.

For more information on SPF see <http://www.openspf.org>.

Example

A running spfd could be tested using the "netcat" utility like this:

$ echo -e "ip=11.22.33.44\nsender=user@pobox.com\nhelo=spammer.example.net\n" │ nc localhost 5970
result=neutral
smtp_comment=Please see http://spf.pobox.com/why.html?sender=user%40pobox.com&ip=11.22.33.44&receiver=localhost
header_comment=localhost: 11.22.33.44 is neither permitted nor denied by domain of user@pobox.com
guess=neutral
smtp_guess=
header_guess=
guess_tf=neutral
smtp_tf=
header_tf=
spf_record=v=spf1 ?all

See Also

Mail::SPF::Query, <http://www.openspf.org>

Authors

This version of spfd was written by Meng Weng Wong <mengwong+spf@pobox.com>. Improved argument parsing was added by Julian Mehnle <julian@mehnle.net>.

This man-page was written by Julian Mehnle <julian@mehnle.net>.