Rev 19 | Rev 57 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
19 | magnus | 1 | .\" Title: SPFQUERY |
2 | .\" Author: Magnus Holmgren <magnus@kibibyte.se> |
||
3 | .\" Date: 2007-09-06 |
||
4 | .\" Manual: libspf2 manuals for Debian |
||
5 | .\" Source: libspf2 1.2.5 |
||
6 | .\" |
||
7 | .TH "SPFQUERY" "1" "2007-09-06" "libspf2 1.2.5" "libspf2 manuals for Debian" |
||
8 | .\" disable hyphenation |
||
9 | .nh |
||
10 | .SH NAME |
||
11 | spfquery, spfquery.libspf2 \- checks if an IP address is an SPF-authorized SMTP sender for a domain. |
||
12 | .SH SYNOPSIS |
||
13 | .ad l |
||
14 | .HP 9 |
||
15 | .B spfquery |
||
16 | .RB { \-i | \-\-ip } |
||
17 | .I ip\-address |
||
18 | .RB { -s | \-\-sender } |
||
19 | .RI [ local-part \fB@\fP] domain |
||
20 | .RB [{ \-h | \-\-helo } |
||
21 | .IR domain-name ] |
||
22 | .RB [ \-\-rcpt\-to |
||
23 | .IR email-address(es) ] |
||
24 | .RI [ CONTROL-OPTIONS ] |
||
25 | .HP 9 |
||
26 | .B spfquery |
||
27 | .RB { \-f | \-\-file } |
||
28 | .IR datafile " [" CONTROL-OPTIONS ] |
||
29 | .HP 9 |
||
30 | .B spfquery |
||
31 | .RB { \-\-help | \-v | \-\-version } |
||
32 | .ad b |
||
33 | .SH DESCRIPTION |
||
34 | This manual page documents briefly the |
||
35 | \fBspfquery\fR |
||
36 | command. It was written for the |
||
37 | Debian\*[R] distribution because the original program does not have a manual page. |
||
38 | .PP |
||
39 | \fBspfquery\fR performs Sender Policy Framework (SPF) authorization |
||
40 | checks based on the command-line arguments or data given in a file or |
||
41 | on standard input. For information on SPF see http://www.openspf.org. |
||
42 | . |
||
43 | .SH OPTIONS |
||
44 | Options are divided into two groups: Data options, which must be |
||
45 | given, though just enough of them to specify a query; and control |
||
46 | options, which are optional and control the local policy, behaviour |
||
47 | and output format of spfquery. |
||
48 | .PP |
||
49 | This programs follows the GNU \fBgetopt_long_only\fR(3) command line |
||
50 | syntax: Long options can be given with one or two dashes and can be |
||
51 | abbreviated to a prefix long enough to be non-ambiguous. If an option |
||
52 | starting with a single dash doesn't match a long option, it is taken |
||
53 | as a short option with a following parameter, if applicable. An equals |
||
54 | sign between the option name and the parameter is optional for both |
||
55 | short and long options. |
||
56 | .SS Data options |
||
57 | The |
||
58 | \fB\-\-file\fR option conflicts with all the other data options. The |
||
59 | \fB\-\-helo\fR and \fB\-\-rcpt\-to\fR are optional. |
||
60 | .TP |
||
61 | \fB\-f\fR, \fB\-\-file\fR \fIfilename\fR |
||
62 | Read SPF data from \fIfilename\fR. Specify \(lq-\(rq to read from standard input. |
||
63 | .sp |
||
64 | The file should consist of one line per query, each query line consisting of the IP address, sender adress, and optional HELO string, separated by spaces. |
||
65 | .sp |
||
66 | \fBNote\fP |
||
67 | Local parts containing spaces are currently not supported. |
||
68 | .TP |
||
69 | \fB\-i\fP, \fB\-\-ip\fP \fIip-address\fP |
||
70 | Specify the IP address of the remote host that is delivering the mail. |
||
71 | .TP |
||
72 | \fB\-s\fP, \fB\-\-sender\fP [\fIlocal-part\fP\fB@\fP]\fIdomain\fP |
||
73 | Specify the email address that was used as the envelope sender. If no |
||
74 | username (local part) is given, \(lqpostmaster\(rq will be assumed. |
||
75 | .TP |
||
76 | \fB\-h\fP, \fB\-\-helo\fP \fIdomain-name\fP |
||
77 | Specify that \fIdomain-name\fP was provided in the SMTP HELO (or EHLO) command. |
||
78 | .TP |
||
79 | \fB\-r\fP, \fB\-\-rcpt-to\fP \fIrcpt-address\fP[,\fIrcpt-address\fP,...] |
||
80 | Specify the recipients as comma-separated list. Any secondary mail exchangers of all |
||
81 | recipient domains are automatically authorized. |
||
82 | . |
||
83 | .SS Control options |
||
84 | .TP |
||
85 | \fB\-d\fP, \fB\-\-debug\fP[\fB=\fP\fIlevel\fP] |
||
86 | Turn on debugging output. |
||
87 | .TP |
||
88 | \fB\-l\fP, \fB\-\-local\fP \fIspf\-terms\fP |
||
89 | Test against \fIspf\-terms\fR before the final (implicit or explicit) |
||
90 | \(lqall\(rq in an SPF record. This can be used to implement a local policy for whitelisting. |
||
91 | .TP |
||
92 | \fB\-t, \fB\-\-trusted\fR [\fB1\fR] |
||
93 | Check the sender domain with trusted\-forwarder.org. |
||
94 | \fBThis is a non\-standard feature.\fR |
||
95 | .TP |
||
96 | \fB\-t\fP \fB0\fP, \fB\-\-trusted\fR \fB0\fP |
||
97 | Do not check the sender domain with trusted\-forwarder.org. This is the default. |
||
98 | .TP |
||
99 | \fB\-g\fP, \fB\-\-guess\fP \fIspf-mechanisms\fP |
||
100 | Test the sender domain against \fIspf\-mechanisms\fP if the domain has no SPF record. |
||
101 | .TP |
||
102 | \fB\-e\fP, \fB\-\-default\-explanation\fP \fIstring\fP |
||
103 | Default explanation string to use if the SPF record does not specify an expla\%nation string itself. |
||
104 | .TP |
||
105 | \fB\-m\fP, \fB\-\-max\-lookup\fP \fInumber\fP |
||
106 | Maximum number of DNS lookups to allow. |
||
107 | .TP |
||
108 | \fB\-c\fP, \fB\-\-sanitize\fP [\fB0\fP|\fB1\fP] |
||
109 | Do [not] sanitize the output by condensing conse\%cutive white\%space |
||
110 | into a single space and replacing non-printable characters with |
||
111 | question marks. Enabled by default. |
||
112 | .TP |
||
113 | \fB\-n\fP, \fB\-\-name\fP \fIhostname\fP |
||
114 | Use |
||
115 | \fIhostname\fP |
||
116 | as the name of the local system instead of |
||
117 | \(lqspfquery\(rq |
||
118 | (the name is used in the output). |
||
119 | .TP |
||
120 | \fB\-k\fP, \fB\-\-keep\-comments\fP |
||
121 | Print comments found when reading from a file. |
||
122 | .TP |
||
123 | \fB\-a\fP, \fB\-\-override\fP \fI...\fP |
||
124 | .TP |
||
125 | \fB\-z\fP, \fB\-\-fallback\fP \fI...\fP |
||
126 | Provide override and fallback SPF records for certain domains. |
||
127 | \fBNot implemented yet.\fP |
||
128 | \fBspfquery\fP |
||
129 | would act as if the speci\%fied records were present before and after any existing record, respectively, of those domains. |
||
130 | .TP |
||
131 | \fB\-\-help\fP |
||
132 | Show summary of options. |
||
133 | .TP |
||
134 | \fB\-v\fP, \fB\-\-version\fP |
||
135 | Show version of program. |
||
136 | .SH DIAGNOSTICS |
||
137 | The output ordinarily consists of four lines: |
||
138 | .IP 1. 4 |
||
139 | the \fIresult code\fP; |
||
140 | .IP 2. 4 |
||
141 | the \fIexplanation\fP, suitable for use in an SMTP response message, empty |
||
142 | except when a rejection (permanent or temporary) makes sense; |
||
143 | .IP 3. 4 |
||
144 | the header comment on its own; |
||
145 | .IP 4. 4 |
||
146 | the Received\-SPF header field as defined in RFC 4408 section 7, |
||
147 | incorporating the header comment. |
||
148 | .PP |
||
149 | If errors (including no SPF record found!) occur during processing, |
||
150 | one or more error blocks will be prepended. |
||
151 | These start with \(lqStartError\(lq and end with \(lqEndError\(lq. |
||
152 | .PP |
||
153 | The result codes and their corresponding exit codes are as follows: |
||
154 | .TP |
||
155 | .B 1 \(en neutral |
||
156 | The sender domain explicitly makes no assertion about the \fIip-address\fP. |
||
157 | This result must be interpreted exactly as if no SPF record at all existed. |
||
158 | .TP |
||
159 | .B 2 \(en pass |
||
160 | The \fIip-address\fP is authorized to send mail for the sender domain. |
||
161 | .TP |
||
162 | .B 3 \(en fail |
||
163 | The \fIip-address\fP is \fBunauthorized\fP to send mail for the sender domain. |
||
164 | .TP |
||
165 | .B 4 \(en softfail |
||
166 | The \fIip-address\fP is not authorized to send mail for the sender domain, but |
||
167 | the sender domain cannot or does not wish to make a strong assertion that no such mail can |
||
168 | ever come from it. |
||
169 | .TP |
||
170 | .B 5 \(en none |
||
171 | No SPF record was found. |
||
172 | .TP |
||
173 | .BR "6 \(en error" " (temporary)" |
||
174 | A transient error occurred (e.g. failure to reach a DNS server), preventing a |
||
175 | result from being reached. |
||
176 | .TP |
||
177 | .BR "7 \(en unknown" " (permanent error)" |
||
178 | One or more SPF records could not be interpreted. |
||
179 | .SH EXAMPLES |
||
180 | .nf |
||
181 | spfquery \-ip=11.22.33.44 \-sender=user@aol.com \-helo=spammer.tld |
||
182 | spfquery \-f test_data |
||
183 | echo "127.0.0.1 myname@mydomain.com helohost.com" | spfquery \-f \- |
||
184 | .fi |
||
185 | .SH SEE ALSO |
||
186 | \fBspftest\fR(1), \fBspfd\fR(8) |
||
187 | .SH AUTHOR |
||
188 | \fBspfquery\fP was written by Wayne Schlitt. |
||
189 | .PP |
||
190 | This manual page was written by Magnus Holmgren for the Debian\*[R] |
||
191 | system (but may be used by others). Heavily inspired by the spfquery manpage of |
||
192 | libmail\-spf\-query\-perl (\fBspfquery.mail\-spf\-query\-perl\fR(1)) by Julian Mehnle. |
||
193 | Also based on the command\-line help of spfquery. |
||
194 | .SH COPYRIGHT |
||
195 | Copyright \(co 2007 Magnus Holmgren. Permission is granted to copy, |
||
196 | distribute and/or modify this document under the terms of the BSD |
||
197 | License. |
||
198 | .PP |
||
199 | On Debian systems, the complete text of the BSD License can be found in /usr/share/common\-licenses/BSD. |