Rev 23 | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 23 | Rev 75 | ||
---|---|---|---|
1 | .\" Title: SPFQUERY |
1 | .\" Title: SPFQUERY |
2 | .\" Author: Magnus Holmgren <magnus@kibibyte.se> |
2 | .\" Author: Magnus Holmgren <holmgren@debian.org> |
3 | .\" Date: 2007-09-06 |
3 | .\" Date: 2007-09-06 |
4 | .\" Manual: libspf2 manuals for Debian |
4 | .\" Manual: libspf2 manuals for Debian |
5 | .\" Source: libspf2 1.2.5 |
5 | .\" Source: libspf2 1.2.5 |
6 | .\" |
6 | .\" |
7 | .TH "SPFQUERY" "1" "2007-09-06" "libspf2 1.2.5" "libspf2 manuals for Debian" |
7 | .TH "SPFQUERY" "1" "2007-09-06" "libspf2 1.2.5" "libspf2 manuals for Debian" |
8 | .\" disable hyphenation |
8 | .\" disable hyphenation |
9 | .nh |
9 | .nh |
10 | .SH NAME |
10 | .SH NAME |
11 | spfquery, spfquery.libspf2 \- checks if an IP address is an SPF-authorized SMTP sender for a domain. |
11 | spfquery, spfquery.libspf2 \- checks if an IP address is an SPF-authorized SMTP sender for a domain. |
12 | .SH SYNOPSIS |
12 | .SH SYNOPSIS |
13 | .ad l |
13 | .ad l |
14 | .HP 9 |
14 | .HP 9 |
15 | .B spfquery |
15 | .B spfquery |
16 | .RB { \-i | \-\-ip } |
16 | .RB { \-i | \-\-ip } |
17 | .I ip\-address |
17 | .I ip\-address |
18 | .RB { -s | \-\-sender } |
18 | .RB { -s | \-\-sender } |
19 | .RI [ local-part \fB@\fP] domain |
19 | .RI [ local-part \fB@\fP] domain |
20 | .RB [{ \-h | \-\-helo } |
20 | .RB [{ \-h | \-\-helo } |
21 | .IR domain-name ] |
21 | .IR domain-name ] |
22 | .RB [ \-\-rcpt\-to |
22 | .RB [ \-\-rcpt\-to |
23 | .IR email-address(es) ] |
23 | .IR email-address(es) ] |
24 | .RI [ CONTROL-OPTIONS ] |
24 | .RI [ CONTROL-OPTIONS ] |
25 | .HP 9 |
25 | .HP 9 |
26 | .B spfquery |
26 | .B spfquery |
27 | .RB { \-f | \-\-file } |
27 | .RB { \-f | \-\-file } |
28 | .IR datafile " [" CONTROL-OPTIONS ] |
28 | .IR datafile " [" CONTROL-OPTIONS ] |
29 | .HP 9 |
29 | .HP 9 |
30 | .B spfquery |
30 | .B spfquery |
31 | .RB { \-\-help | \-v | \-\-version } |
31 | .RB { \-\-help | \-v | \-\-version } |
32 | .ad b |
32 | .ad b |
33 | .SH DESCRIPTION |
33 | .SH DESCRIPTION |
34 | This manual page documents briefly the |
34 | This manual page documents briefly the |
35 | \fBspfquery\fR |
35 | \fBspfquery\fR |
36 | command. It was written for the |
36 | command. It was written for the |
37 | Debian\*[R] distribution because the original program does not have a manual page. |
37 | Debian\*[R] distribution because the original program does not have a manual page. |
38 | .PP |
38 | .PP |
39 | \fBspfquery\fR performs Sender Policy Framework (SPF) authorization |
39 | \fBspfquery\fR performs Sender Policy Framework (SPF) authorization |
40 | checks based on the command-line arguments or data given in a file or |
40 | checks based on the command-line arguments or data given in a file or |
41 | on standard input. For information on SPF see http://www.openspf.org. |
41 | on standard input. For information on SPF see http://www.openspf.org. |
42 | . |
42 | . |
43 | .SH OPTIONS |
43 | .SH OPTIONS |
44 | Options are divided into two groups: Data options, which must be |
44 | Options are divided into two groups: Data options, which must be |
45 | given, though just enough of them to specify a query; and control |
45 | given, though just enough of them to specify a query; and control |
46 | options, which are optional and control the local policy, behaviour |
46 | options, which are optional and control the local policy, behaviour |
47 | and output format of spfquery. |
47 | and output format of spfquery. |
48 | .PP |
48 | .PP |
49 | This programs follows the GNU \fBgetopt_long_only\fR(3) command line |
49 | This programs follows the GNU \fBgetopt_long_only\fR(3) command line |
50 | syntax: Long options can be given with one or two dashes and can be |
50 | syntax: Long options can be given with one or two dashes and can be |
51 | abbreviated to a prefix long enough to be non-ambiguous. If an option |
51 | abbreviated to a prefix long enough to be non-ambiguous. If an option |
52 | starting with a single dash doesn't match a long option, it is taken |
52 | starting with a single dash doesn't match a long option, it is taken |
53 | as a short option with a following parameter, if applicable. An equals |
53 | as a short option with a following parameter, if applicable. An equals |
54 | sign between the option name and the parameter is optional for both |
54 | sign between the option name and the parameter is optional for both |
55 | short and long options. |
55 | short and long options. |
56 | .SS Data options |
56 | .SS Data options |
57 | The |
57 | The |
58 | \fB\-\-file\fR option conflicts with all the other data options. The |
58 | \fB\-\-file\fR option conflicts with all the other data options. The |
59 | \fB\-\-helo\fR and \fB\-\-rcpt\-to\fR are optional. |
59 | \fB\-\-helo\fR and \fB\-\-rcpt\-to\fR are optional. |
60 | .TP |
60 | .TP |
61 | \fB\-f\fR, \fB\-\-file\fR \fIfilename\fR |
61 | \fB\-f\fR, \fB\-\-file\fR \fIfilename\fR |
62 | Read SPF data from \fIfilename\fR. Specify \(lq-\(rq to read from standard input. |
62 | Read SPF data from \fIfilename\fR. Specify \(lq-\(rq to read from standard input. |
63 | .sp |
63 | .sp |
64 | The file should consist of one line per query, each query line consisting of the IP address, sender adress, and optional HELO string, separated by spaces. |
64 | The file should consist of one line per query, each query line consisting of the IP address, sender adress, and optional HELO string, separated by spaces. |
65 | .sp |
65 | .sp |
66 | \fBNote\fP |
66 | \fBNote\fP |
67 | Local parts containing spaces are currently not supported. |
67 | Local parts containing spaces are currently not supported. |
68 | .TP |
68 | .TP |
69 | \fB\-i\fP, \fB\-\-ip\fP \fIip-address\fP |
69 | \fB\-i\fP, \fB\-\-ip\fP \fIip-address\fP |
70 | Specify the IP address of the remote host that is delivering the mail. |
70 | Specify the IP address of the remote host that is delivering the mail. |
71 | .TP |
71 | .TP |
72 | \fB\-s\fP, \fB\-\-sender\fP [\fIlocal-part\fP\fB@\fP]\fIdomain\fP |
72 | \fB\-s\fP, \fB\-\-sender\fP [\fIlocal-part\fP\fB@\fP]\fIdomain\fP |
73 | Specify the email address that was used as the envelope sender. If no |
73 | Specify the email address that was used as the envelope sender. If no |
74 | username (local part) is given, \(lqpostmaster\(rq will be assumed. |
74 | username (local part) is given, \(lqpostmaster\(rq will be assumed. |
75 | .TP |
75 | .TP |
76 | \fB\-h\fP, \fB\-\-helo\fP \fIdomain-name\fP |
76 | \fB\-h\fP, \fB\-\-helo\fP \fIdomain-name\fP |
77 | Specify that \fIdomain-name\fP was provided in the SMTP HELO (or EHLO) command. |
77 | Specify that \fIdomain-name\fP was provided in the SMTP HELO (or EHLO) command. |
78 | .TP |
78 | .TP |
79 | \fB\-r\fP, \fB\-\-rcpt-to\fP \fIrcpt-address\fP[,\fIrcpt-address\fP,...] |
79 | \fB\-r\fP, \fB\-\-rcpt-to\fP \fIrcpt-address\fP[,\fIrcpt-address\fP,...] |
80 | Specify the recipients as comma-separated list. Any secondary mail exchangers of all |
80 | Specify the recipients as comma-separated list. Any secondary mail exchangers of all |
81 | recipient domains are automatically authorized. |
81 | recipient domains are automatically authorized. |
82 | . |
82 | . |
83 | .SS Control options |
83 | .SS Control options |
84 | .TP |
84 | .TP |
85 | \fB\-d\fP, \fB\-\-debug\fP[\fB=\fP\fIlevel\fP] |
85 | \fB\-d\fP, \fB\-\-debug\fP[\fB=\fP\fIlevel\fP] |
86 | Turn on debugging output. |
86 | Turn on debugging output. |
87 | .TP |
87 | .TP |
88 | \fB\-l\fP, \fB\-\-local\fP \fIspf\-terms\fP |
88 | \fB\-l\fP, \fB\-\-local\fP \fIspf\-terms\fP |
89 | Test against \fIspf\-terms\fR before the final (implicit or explicit) |
89 | Test against \fIspf\-terms\fR before the final (implicit or explicit) |
90 | \(lqall\(rq in an SPF record. This can be used to implement a local policy for whitelisting. |
90 | \(lqall\(rq in an SPF record. This can be used to implement a local policy for whitelisting. |
91 | .TP |
91 | .TP |
92 | \fB\-t, \fB\-\-trusted\fR [\fB1\fR] |
92 | \fB\-t, \fB\-\-trusted\fR [\fB1\fR] |
93 | Check the sender domain with trusted\-forwarder.org. |
93 | Check the sender domain with trusted\-forwarder.org. |
94 | \fBThis is a non\-standard feature.\fR |
94 | \fBThis is a non\-standard feature.\fR |
95 | .TP |
95 | .TP |
96 | \fB\-t\fP \fB0\fP, \fB\-\-trusted\fR \fB0\fP |
96 | \fB\-t\fP \fB0\fP, \fB\-\-trusted\fR \fB0\fP |
97 | Do not check the sender domain with trusted\-forwarder.org. This is the default. |
97 | Do not check the sender domain with trusted\-forwarder.org. This is the default. |
98 | .TP |
98 | .TP |
99 | \fB\-g\fP, \fB\-\-guess\fP \fIspf-mechanisms\fP |
99 | \fB\-g\fP, \fB\-\-guess\fP \fIspf-mechanisms\fP |
100 | Test the sender domain against \fIspf\-mechanisms\fP if the domain has no SPF record. |
100 | Test the sender domain against \fIspf\-mechanisms\fP if the domain has no SPF record. |
101 | .TP |
101 | .TP |
102 | \fB\-e\fP, \fB\-\-default\-explanation\fP \fIstring\fP |
102 | \fB\-e\fP, \fB\-\-default\-explanation\fP \fIstring\fP |
103 | Default explanation string to use if the SPF record does not specify an expla\%nation string itself. |
103 | Default explanation string to use if the SPF record does not specify an expla\%nation string itself. |
104 | .TP |
104 | .TP |
105 | \fB\-m\fP, \fB\-\-max\-lookup\fP \fInumber\fP |
105 | \fB\-m\fP, \fB\-\-max\-lookup\fP \fInumber\fP |
106 | Maximum number of DNS lookups to allow. |
106 | Maximum number of DNS lookups to allow. |
107 | .TP |
107 | .TP |
108 | \fB\-c\fP, \fB\-\-sanitize\fP [\fB0\fP|\fB1\fP] |
108 | \fB\-c\fP, \fB\-\-sanitize\fP [\fB0\fP|\fB1\fP] |
109 | Do [not] sanitize the output by condensing conse\%cutive white\%space |
109 | Do [not] sanitize the output by condensing conse\%cutive white\%space |
110 | into a single space and replacing non-printable characters with |
110 | into a single space and replacing non-printable characters with |
111 | question marks. Enabled by default. |
111 | question marks. Enabled by default. |
112 | .TP |
112 | .TP |
113 | \fB\-n\fP, \fB\-\-name\fP \fIhostname\fP |
113 | \fB\-n\fP, \fB\-\-name\fP \fIhostname\fP |
114 | Use |
114 | Use |
115 | \fIhostname\fP |
115 | \fIhostname\fP |
116 | as the name of the local system instead of |
116 | as the name of the local system instead of |
117 | \(lqspfquery\(rq |
117 | \(lqspfquery\(rq |
118 | (the name is used in the output). |
118 | (the name is used in the output). |
119 | .TP |
119 | .TP |
120 | \fB\-k\fP, \fB\-\-keep\-comments\fP |
120 | \fB\-k\fP, \fB\-\-keep\-comments\fP |
121 | Print comments found when reading from a file. |
121 | Print comments found when reading from a file. |
122 | .TP |
122 | .TP |
123 | \fB\-a\fP, \fB\-\-override\fP \fI...\fP |
123 | \fB\-a\fP, \fB\-\-override\fP \fI...\fP |
124 | .TP |
124 | .TP |
125 | \fB\-z\fP, \fB\-\-fallback\fP \fI...\fP |
125 | \fB\-z\fP, \fB\-\-fallback\fP \fI...\fP |
126 | Provide override and fallback SPF records for certain domains. |
126 | Provide override and fallback SPF records for certain domains. |
127 | \fBNot implemented yet.\fP |
127 | \fBNot implemented yet.\fP |
128 | \fBspfquery\fP |
128 | \fBspfquery\fP |
129 | would act as if the speci\%fied records were present before and after any existing record, respectively, of those domains. |
129 | would act as if the speci\%fied records were present before and after any existing record, respectively, of those domains. |
130 | .TP |
130 | .TP |
131 | \fB\-\-help\fP |
131 | \fB\-\-help\fP |
132 | Show summary of options. |
132 | Show summary of options. |
133 | .TP |
133 | .TP |
134 | \fB\-v\fP, \fB\-\-version\fP |
134 | \fB\-v\fP, \fB\-\-version\fP |
135 | Show version of program. |
135 | Show version of program. |
136 | .SH DIAGNOSTICS |
136 | .SH DIAGNOSTICS |
137 | The output ordinarily consists of four lines: |
137 | The output ordinarily consists of four lines: |
138 | .IP 1. 4 |
138 | .IP 1. 4 |
139 | the \fIresult code\fP; |
139 | the \fIresult code\fP; |
140 | .IP 2. 4 |
140 | .IP 2. 4 |
141 | the \fIexplanation\fP, suitable for use in an SMTP response message, empty |
141 | the \fIexplanation\fP, suitable for use in an SMTP response message, empty |
142 | except when a rejection (permanent or temporary) makes sense; |
142 | except when a rejection (permanent or temporary) makes sense; |
143 | .IP 3. 4 |
143 | .IP 3. 4 |
144 | the header comment on its own; |
144 | the header comment on its own; |
145 | .IP 4. 4 |
145 | .IP 4. 4 |
146 | the Received\-SPF header field as defined in RFC 4408 section 7, |
146 | the Received\-SPF header field as defined in RFC 4408 section 7, |
147 | incorporating the header comment. |
147 | incorporating the header comment. |
148 | .PP |
148 | .PP |
149 | If errors (including no SPF record found!) occur during processing, |
149 | If errors (including no SPF record found!) occur during processing, |
150 | one or more error blocks will be prepended. |
150 | one or more error blocks will be prepended. |
151 | These start with \(lqStartError\(lq and end with \(lqEndError\(lq. |
151 | These start with \(lqStartError\(lq and end with \(lqEndError\(lq. |
152 | .PP |
152 | .PP |
153 | The result codes and their corresponding exit codes are as follows: |
153 | The result codes and their corresponding exit codes are as follows: |
154 | .TP |
154 | .TP |
155 | .B 1 \(en neutral |
155 | .B 1 \(en neutral |
156 | The sender domain explicitly makes no assertion about the \fIip-address\fP. |
156 | The sender domain explicitly makes no assertion about the \fIip-address\fP. |
157 | This result must be interpreted exactly as if no SPF record at all existed. |
157 | This result must be interpreted exactly as if no SPF record at all existed. |
158 | .TP |
158 | .TP |
159 | .B 2 \(en pass |
159 | .B 2 \(en pass |
160 | The \fIip-address\fP is authorized to send mail for the sender domain. |
160 | The \fIip-address\fP is authorized to send mail for the sender domain. |
161 | .TP |
161 | .TP |
162 | .B 3 \(en fail |
162 | .B 3 \(en fail |
163 | The \fIip-address\fP is \fBunauthorized\fP to send mail for the sender domain. |
163 | The \fIip-address\fP is \fBunauthorized\fP to send mail for the sender domain. |
164 | .TP |
164 | .TP |
165 | .B 4 \(en softfail |
165 | .B 4 \(en softfail |
166 | The \fIip-address\fP is not authorized to send mail for the sender domain, but |
166 | The \fIip-address\fP is not authorized to send mail for the sender domain, but |
167 | the sender domain cannot or does not wish to make a strong assertion that no such mail can |
167 | the sender domain cannot or does not wish to make a strong assertion that no such mail can |
168 | ever come from it. |
168 | ever come from it. |
169 | .TP |
169 | .TP |
170 | .B 5 \(en none |
170 | .B 5 \(en none |
171 | No SPF record was found. |
171 | No SPF record was found. |
172 | .TP |
172 | .TP |
173 | .BR "6 \(en error" " (temporary)" |
173 | .BR "6 \(en error" " (temporary)" |
174 | A transient error occurred (e.g. failure to reach a DNS server), preventing a |
174 | A transient error occurred (e.g. failure to reach a DNS server), preventing a |
175 | result from being reached. |
175 | result from being reached. |
176 | .TP |
176 | .TP |
177 | .BR "7 \(en unknown" " (permanent error)" |
177 | .BR "7 \(en unknown" " (permanent error)" |
178 | One or more SPF records could not be interpreted. |
178 | One or more SPF records could not be interpreted. |
179 | .SH EXAMPLES |
179 | .SH EXAMPLES |
180 | .nf |
180 | .nf |
181 | spfquery \-ip=11.22.33.44 \-sender=user@aol.com \-helo=spammer.tld |
181 | spfquery \-ip=11.22.33.44 \-sender=user@aol.com \-helo=spammer.tld |
182 | spfquery \-f test_data |
182 | spfquery \-f test_data |
183 | echo "127.0.0.1 myname@mydomain.com helohost.com" | spfquery \-f \- |
183 | echo "127.0.0.1 myname@mydomain.com helohost.com" | spfquery \-f \- |
184 | .fi |
184 | .fi |
185 | .SH SEE ALSO |
185 | .SH SEE ALSO |
186 | \fBspftest\fR(1), \fBspfd\fR(8) |
186 | \fBspftest\fR(1), \fBspfd\fR(8) |
187 | .SH AUTHOR |
187 | .SH AUTHOR |
188 | \fBspfquery\fP was written by Wayne Schlitt. |
188 | \fBspfquery\fP was written by Wayne Schlitt. |
189 | .PP |
189 | .PP |
190 | This manual page was written by Magnus Holmgren for the Debian\*[R] |
190 | This manual page was written by Magnus Holmgren for the Debian\*[R] |
191 | system (but may be used by others). Heavily inspired by the spfquery manpage of |
191 | system (but may be used by others). Heavily inspired by the spfquery manpage of |
192 | libmail\-spf\-query\-perl (\fBspfquery.mail\-spf\-query\-perl\fR(1)) by Julian Mehnle. |
192 | libmail\-spf\-query\-perl (\fBspfquery.mail\-spf\-query\-perl\fR(1)) by Julian Mehnle. |
193 | Also based on the command\-line help of spfquery. |
193 | Also based on the command\-line help of spfquery. |
194 | .SH COPYRIGHT |
194 | .SH COPYRIGHT |
195 | Copyright \(co 2007 Magnus Holmgren. Permission is granted to copy, |
195 | Copyright \(co 2007 Magnus Holmgren. Permission is granted to copy, |
196 | distribute and/or modify this document under the terms of the BSD |
196 | distribute and/or modify this document under the terms of the two-clause BSD |
197 | License. |
- | |
198 | .PP |
- | |
199 | On Debian systems, the complete text of the BSD License can be found in /usr/share/common\-licenses/BSD. |
197 | License. See /usr/share/doc/spfquery/copyright. |