EnglishFrenchSpanish

OnWorks favicon

postfix-policyd-spf-perl - Online in the Cloud

Run postfix-policyd-spf-perl in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command postfix-policyd-spf-perl that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


postfix-policyd-spf-perl - pure-Perl Postfix policy server for SPF checking

VERSION


2.008

USAGE


Usage:
policyd-spf-perl [-v]

OTHER DOCUMENTATION


This documentation assumes you have read Postfix's README_FILES/ SMTPD_POLICY_README.

SYNOPSIS


postfix-policyd-spf-perl is a Postfix SMTP policy server for SPF checking. It is
implemented in pure Perl and uses the Mail::SPF CPAN module. Note that Mail::SPF is a
complete re-implementation of SPF based on the final experimental SPF RFC, RFC 4408. It
shares no code with the older Mail::SPF::Query that was the original SPF development
implementation. Mail::SPF was the inspiration for the new void lookup limit added in the
standards track SPF RFC, RFC 7208. While Mail::SPF has not yet been specifically updated
for RFC 7208, there are no significant changes needed.

This version of the policy server always checks HELO before Mail From (older versions just
checked HELO if Mail From was null). It will reject mail that fails either Mail From or
HELO SPF checks. It will defer mail if there is a temporary SPF error and the message
would othersise be permitted (DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER
result, Mail From will not be checked.

If the message is not rejected or deferred, the policy server will PREPEND the appropriate
SPF Received header. If Mail From is anything other than completely empty (i.e. <>) then
the Mail From result will be used for SPF Received (e.g. Mail From None even if HELO is
Pass).

The policy server skips SPF checks for connections from the localhost (127.) and instead
prepends and logs 'SPF skipped - localhost is always allowed.' If you have relays that
you want to skip SPF checks for, you can add them to relay_addresses on line 78 using
standard CIDR notation in a space separated list. For these addresses, 'X-Comment: SPF
skipped for whitelisted relay' is prepended and logged.

Error conditions within the policy server (that don't result in a crash) or from Mail::SPF
will return DUNNO.

DESCRIPTION


Logging is sent to syslogd.

Each time a Postfix SMTP server process is started it connects to the policy service
socket and Postfix runs one instance of this Perls script. By default, a Postfix SMTP
server process terminates after 100 seconds of idle time, or after serving 100 clients.
Thus, the cost of starting this Perl script is smoothed over time.

The default policy_time_limit is 1000 seconds. This may be too short for some SMTP
transactions to complete. As recommended in SMTPD_POLICY_README, this should be extended
to 3600 seconds. To do so, set "policy_time_limit = 3600" in /etc/postfix/main.cf.

TESTING THE POLICY DAEMON


Testing the policy daemon

To test the policy daemon by hand, execute:

% /usr/sbin/postfix-policyd-spf-perl

Each query is a bunch of attributes. Order does not matter, and the server uses only a
few of all the attributes shown below:

request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=some.domain.tld
queue_id=
instance=71b0.45e2f5f1.d4da1.0
sender=[email protected]
recipient=[email protected]
client_address=1.2.3.4
client_name=another.domain.tld
[empty line]

The policy daemon will answer in the same style, with an attribute list followed by a
empty line:

action=550 Please see http://www.openspf.org/Why?id=[email protected]&ip=1.2.3.4&
receiver=[email protected]
[empty line]

To test HELO checking sender should be empty:

sender=
... More attributes...
[empty line]

If you want more detail in the system logs change $VERBOSE to 1.

POSTFIX INTEGRATION


1. Add the following to /etc/postfix/master.cf:

spfcheck unix - n n - 0 spawn
user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl

2. Configure the Postfix SPF policy service in /etc/postfix/main.cf:

smtpd_recipient_restrictions =
...
reject_unauth_destination
check_policy_service unix:private/spfcheck
...
spfcheck_time_limit = 3600

NOTE: Specify check_policy_service AFTER reject_unauth_destination or
else your system can become an open relay.

3. Set up machines which you expect to legitimately forward mail to this
server (see description in synopsis). This should typically include
the IP addresses which backup Mail eXchangers, and known non-SRS
forwarders will use to submit mail to this server (i.e. the source IPs
of the other servers).

4. Restart Postfix.

5. Verify correct backup MX operation (if applicable).

Use postfix-policyd-spf-perl online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    Phaser
    Phaser
    Phaser is a fast, free, and fun open
    source HTML5 game framework that offers
    WebGL and Canvas rendering across
    desktop and mobile web browsers. Games
    can be co...
    Download Phaser
  • 2
    VASSAL Engine
    VASSAL Engine
    VASSAL is a game engine for creating
    electronic versions of traditional board
    and card games. It provides support for
    game piece rendering and interaction,
    and...
    Download VASSAL Engine
  • 3
    OpenPDF - Fork of iText
    OpenPDF - Fork of iText
    OpenPDF is a Java library for creating
    and editing PDF files with a LGPL and
    MPL open source license. OpenPDF is the
    LGPL/MPL open source successor of iText,
    a...
    Download OpenPDF - Fork of iText
  • 4
    SAGA GIS
    SAGA GIS
    SAGA - System for Automated
    Geoscientific Analyses - is a Geographic
    Information System (GIS) software with
    immense capabilities for geodata
    processing and ana...
    Download SAGA GIS
  • 5
    Toolbox for Java/JTOpen
    Toolbox for Java/JTOpen
    The IBM Toolbox for Java / JTOpen is a
    library of Java classes supporting the
    client/server and internet programming
    models to a system running OS/400,
    i5/OS, o...
    Download Toolbox for Java/JTOpen
  • 6
    D3.js
    D3.js
    D3.js (or D3 for Data-Driven Documents)
    is a JavaScript library that allows you
    to produce dynamic, interactive data
    visualizations in web browsers. With D3
    you...
    Download D3.js
  • More »

Linux commands

Ad