NAME 

spfd - simple forking daemon to provide SPF query services

VERSION 

2006-02-07

SYNOPSIS 

spfd --port port [--set-user uid|username] [--set-group gid|groupname]

spfd --socket filename [--socket-user uid|username] [--socket-group gid|groupname] [--socket-perms octal-perms] [--set-user uid|username] [--set-group gid|groupname]

spfd --help

DESCRIPTION 

spfd is a simple forking Sender Policy Framework (SPF) query proxy server. spfd receives and answers SPF query requests on a TCP/IP or UNIX domain socket.

The --port form listens on a TCP/IP socket on the specified port. The default port is 5970.

The --socket form listens on a UNIX domain socket that is created with the specified filename. The socket can be assigned specific user and group ownership with the --socket-user and --socket-group options, and specific filesystem permissions with the --socket-perms option.

Generally, spfd can be instructed with the --set-user and --set-group options to drop root privileges and change to another user and group before it starts listening for requests.

The --help form prints usage information for spfd.

REQUEST 

A request consists of a series of lines delimited by \x0A (LF) characters (or whatever your system considers a newline). Each line must be of the form key=value, where the following keys are required:
ip
The sender IP address.
sender
The envelope sender address (from the SMTP "MAIL FROM" command).
helo
The envelope sender hostname (from the SMTP "HELO" command).

RESPONSE 

spfd responds to query requests with similar series of lines of the form key=value. The most important response keys are:
result
The result of the SPF query:
pass
The specified IP address is an authorized mailer for the sender domain/address.
fail
The specified IP address is not an authorized mailer for the sender domain/address.
softfail
The specified IP address is not an authorized mailer for the sender domain/address, however the domain is still in the process of transitioning to SPF.
neutral
The sender domain makes no assertion about the status of the IP address.
unknown
The sender domain has a syntax error in its SPF record.
error
A temporary DNS error occurred while resolving the sender policy. Try again later.
none
There is no SPF record for the sender domain.
smtp_comment
The text that should be included in the receiver's SMTP response.
header_comment
The text that should be included as a comment in the message's "Received-SPF:" header.
spf_record
The SPF record of the envelope sender domain.

For the description of other response keys see Mail::SPF::Query.

For more information on SPF see <http://www.openspf.org>.

EXAMPLE 

A running spfd could be tested using the "netcat" utility like this: 
    $ echo -e "ip=11.22.33.44\nsender=user@pobox.com\nhelo=spammer.example.net\n" | nc localhost 5970
    result=neutral
    smtp_comment=Please see http://spf.pobox.com/why.html?sender=user%40pobox.com&ip=11.22.33.44&receiver=localhost
    header_comment=localhost: 11.22.33.44 is neither permitted nor denied by domain of user@pobox.com
    guess=neutral
    smtp_guess=
    header_guess=
    guess_tf=neutral
    smtp_tf=
    header_tf=
    spf_record=v=spf1 ?all

SEE ALSO 

Mail::SPF::Query, <http://www.openspf.org>

AUTHORS 

This version of spfd was written by Meng Weng Wong <mengwong+spf@pobox.com>. Improved argument parsing was added by Julian Mehnle <julian@mehnle.net>.

This man-page was written by Julian Mehnle <julian@mehnle.net>.