Rev 19 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 19 | magnus | 1 | .\" Title: SPFQUERY |
| 2 | .\" Author: Magnus Holmgren <magnus@kibibyte.se> |
||
| 3 | .\" Date: 2007-09-06 |
||
| 4 | .\" Manual: libspf2 manuals for Debian |
||
| 5 | .\" Source: libspf2 1.2.5 |
||
| 6 | .\" |
||
| 7 | .TH "SPFQUERY" "1" "2007-09-06" "libspf2 1.2.5" "libspf2 manuals for Debian" |
||
| 8 | .\" disable hyphenation |
||
| 9 | .nh |
||
| 10 | .SH NAME |
||
| 11 | spfquery, spfquery.libspf2 \- checks if an IP address is an SPF-authorized SMTP sender for a domain. |
||
| 12 | .SH SYNOPSIS |
||
| 13 | .ad l |
||
| 14 | .HP 9 |
||
| 15 | .B spfquery |
||
| 16 | .RB { \-i | \-\-ip } |
||
| 17 | .I ip\-address |
||
| 18 | .RB { -s | \-\-sender } |
||
| 19 | .RI [ local-part \fB@\fP] domain |
||
| 20 | .RB [{ \-h | \-\-helo } |
||
| 21 | .IR domain-name ] |
||
| 22 | .RB [ \-\-rcpt\-to |
||
| 23 | .IR email-address(es) ] |
||
| 24 | .RI [ CONTROL-OPTIONS ] |
||
| 25 | .HP 9 |
||
| 26 | .B spfquery |
||
| 27 | .RB { \-f | \-\-file } |
||
| 28 | .IR datafile " [" CONTROL-OPTIONS ] |
||
| 29 | .HP 9 |
||
| 30 | .B spfquery |
||
| 31 | .RB { \-\-help | \-v | \-\-version } |
||
| 32 | .ad b |
||
| 33 | .SH DESCRIPTION |
||
| 34 | This manual page documents briefly the |
||
| 35 | \fBspfquery\fR |
||
| 36 | command. It was written for the |
||
| 37 | Debian\*[R] distribution because the original program does not have a manual page. |
||
| 38 | .PP |
||
| 39 | \fBspfquery\fR performs Sender Policy Framework (SPF) authorization |
||
| 40 | checks based on the command-line arguments or data given in a file or |
||
| 41 | on standard input. For information on SPF see http://www.openspf.org. |
||
| 42 | . |
||
| 43 | .SH OPTIONS |
||
| 44 | Options are divided into two groups: Data options, which must be |
||
| 45 | given, though just enough of them to specify a query; and control |
||
| 46 | options, which are optional and control the local policy, behaviour |
||
| 47 | and output format of spfquery. |
||
| 48 | .PP |
||
| 49 | This programs follows the GNU \fBgetopt_long_only\fR(3) command line |
||
| 50 | syntax: Long options can be given with one or two dashes and can be |
||
| 51 | abbreviated to a prefix long enough to be non-ambiguous. If an option |
||
| 52 | starting with a single dash doesn't match a long option, it is taken |
||
| 53 | as a short option with a following parameter, if applicable. An equals |
||
| 54 | sign between the option name and the parameter is optional for both |
||
| 55 | short and long options. |
||
| 56 | .SS Data options |
||
| 57 | The |
||
| 58 | \fB\-\-file\fR option conflicts with all the other data options. The |
||
| 59 | \fB\-\-helo\fR and \fB\-\-rcpt\-to\fR are optional. |
||
| 60 | .TP |
||
| 61 | \fB\-f\fR, \fB\-\-file\fR \fIfilename\fR |
||
| 62 | Read SPF data from \fIfilename\fR. Specify \(lq-\(rq to read from standard input. |
||
| 63 | .sp |
||
| 64 | The file should consist of one line per query, each query line consisting of the IP address, sender adress, and optional HELO string, separated by spaces. |
||
| 65 | .sp |
||
| 66 | \fBNote\fP |
||
| 67 | Local parts containing spaces are currently not supported. |
||
| 68 | .TP |
||
| 69 | \fB\-i\fP, \fB\-\-ip\fP \fIip-address\fP |
||
| 70 | Specify the IP address of the remote host that is delivering the mail. |
||
| 71 | .TP |
||
| 72 | \fB\-s\fP, \fB\-\-sender\fP [\fIlocal-part\fP\fB@\fP]\fIdomain\fP |
||
| 73 | Specify the email address that was used as the envelope sender. If no |
||
| 74 | username (local part) is given, \(lqpostmaster\(rq will be assumed. |
||
| 75 | .TP |
||
| 76 | \fB\-h\fP, \fB\-\-helo\fP \fIdomain-name\fP |
||
| 77 | Specify that \fIdomain-name\fP was provided in the SMTP HELO (or EHLO) command. |
||
| 78 | .TP |
||
| 79 | \fB\-r\fP, \fB\-\-rcpt-to\fP \fIrcpt-address\fP[,\fIrcpt-address\fP,...] |
||
| 80 | Specify the recipients as comma-separated list. Any secondary mail exchangers of all |
||
| 81 | recipient domains are automatically authorized. |
||
| 82 | . |
||
| 83 | .SS Control options |
||
| 84 | .TP |
||
| 85 | \fB\-d\fP, \fB\-\-debug\fP[\fB=\fP\fIlevel\fP] |
||
| 86 | Turn on debugging output. |
||
| 87 | .TP |
||
| 88 | \fB\-l\fP, \fB\-\-local\fP \fIspf\-terms\fP |
||
| 89 | Test against \fIspf\-terms\fR before the final (implicit or explicit) |
||
| 90 | \(lqall\(rq in an SPF record. This can be used to implement a local policy for whitelisting. |
||
| 91 | .TP |
||
| 92 | \fB\-t, \fB\-\-trusted\fR [\fB1\fR] |
||
| 93 | Check the sender domain with trusted\-forwarder.org. |
||
| 94 | \fBThis is a non\-standard feature.\fR |
||
| 95 | .TP |
||
| 96 | \fB\-t\fP \fB0\fP, \fB\-\-trusted\fR \fB0\fP |
||
| 97 | Do not check the sender domain with trusted\-forwarder.org. This is the default. |
||
| 98 | .TP |
||
| 99 | \fB\-g\fP, \fB\-\-guess\fP \fIspf-mechanisms\fP |
||
| 100 | Test the sender domain against \fIspf\-mechanisms\fP if the domain has no SPF record. |
||
| 101 | .TP |
||
| 102 | \fB\-e\fP, \fB\-\-default\-explanation\fP \fIstring\fP |
||
| 103 | Default explanation string to use if the SPF record does not specify an expla\%nation string itself. |
||
| 104 | .TP |
||
| 105 | \fB\-m\fP, \fB\-\-max\-lookup\fP \fInumber\fP |
||
| 106 | Maximum number of DNS lookups to allow. |
||
| 107 | .TP |
||
| 108 | \fB\-c\fP, \fB\-\-sanitize\fP [\fB0\fP|\fB1\fP] |
||
| 109 | Do [not] sanitize the output by condensing conse\%cutive white\%space |
||
| 110 | into a single space and replacing non-printable characters with |
||
| 111 | question marks. Enabled by default. |
||
| 112 | .TP |
||
| 113 | \fB\-n\fP, \fB\-\-name\fP \fIhostname\fP |
||
| 114 | Use |
||
| 115 | \fIhostname\fP |
||
| 116 | as the name of the local system instead of |
||
| 117 | \(lqspfquery\(rq |
||
| 118 | (the name is used in the output). |
||
| 119 | .TP |
||
| 120 | \fB\-k\fP, \fB\-\-keep\-comments\fP |
||
| 121 | Print comments found when reading from a file. |
||
| 122 | .TP |
||
| 123 | \fB\-a\fP, \fB\-\-override\fP \fI...\fP |
||
| 124 | .TP |
||
| 125 | \fB\-z\fP, \fB\-\-fallback\fP \fI...\fP |
||
| 126 | Provide override and fallback SPF records for certain domains. |
||
| 127 | \fBNot implemented yet.\fP |
||
| 128 | \fBspfquery\fP |
||
| 129 | would act as if the speci\%fied records were present before and after any existing record, respectively, of those domains. |
||
| 130 | .TP |
||
| 131 | \fB\-\-help\fP |
||
| 132 | Show summary of options. |
||
| 133 | .TP |
||
| 134 | \fB\-v\fP, \fB\-\-version\fP |
||
| 135 | Show version of program. |
||
| 136 | .SH DIAGNOSTICS |
||
| 137 | The output ordinarily consists of four lines: |
||
| 138 | .IP 1. 4 |
||
| 139 | the \fIresult code\fP; |
||
| 140 | .IP 2. 4 |
||
| 141 | the \fIexplanation\fP, suitable for use in an SMTP response message, empty |
||
| 142 | except when a rejection (permanent or temporary) makes sense; |
||
| 143 | .IP 3. 4 |
||
| 144 | the header comment on its own; |
||
| 145 | .IP 4. 4 |
||
| 146 | the Received\-SPF header field as defined in RFC 4408 section 7, |
||
| 147 | incorporating the header comment. |
||
| 148 | .PP |
||
| 149 | If errors (including no SPF record found!) occur during processing, |
||
| 150 | one or more error blocks will be prepended. |
||
| 151 | These start with \(lqStartError\(lq and end with \(lqEndError\(lq. |
||
| 152 | .PP |
||
| 153 | The result codes and their corresponding exit codes are as follows: |
||
| 154 | .TP |
||
| 155 | .B 1 \(en neutral |
||
| 156 | The sender domain explicitly makes no assertion about the \fIip-address\fP. |
||
| 157 | This result must be interpreted exactly as if no SPF record at all existed. |
||
| 158 | .TP |
||
| 159 | .B 2 \(en pass |
||
| 160 | The \fIip-address\fP is authorized to send mail for the sender domain. |
||
| 161 | .TP |
||
| 162 | .B 3 \(en fail |
||
| 163 | The \fIip-address\fP is \fBunauthorized\fP to send mail for the sender domain. |
||
| 164 | .TP |
||
| 165 | .B 4 \(en softfail |
||
| 166 | The \fIip-address\fP is not authorized to send mail for the sender domain, but |
||
| 167 | the sender domain cannot or does not wish to make a strong assertion that no such mail can |
||
| 168 | ever come from it. |
||
| 169 | .TP |
||
| 170 | .B 5 \(en none |
||
| 171 | No SPF record was found. |
||
| 172 | .TP |
||
| 173 | .BR "6 \(en error" " (temporary)" |
||
| 174 | A transient error occurred (e.g. failure to reach a DNS server), preventing a |
||
| 175 | result from being reached. |
||
| 176 | .TP |
||
| 177 | .BR "7 \(en unknown" " (permanent error)" |
||
| 178 | One or more SPF records could not be interpreted. |
||
| 179 | .SH EXAMPLES |
||
| 180 | .nf |
||
| 181 | spfquery \-ip=11.22.33.44 \-sender=user@aol.com \-helo=spammer.tld |
||
| 182 | spfquery \-f test_data |
||
| 183 | echo "127.0.0.1 myname@mydomain.com helohost.com" | spfquery \-f \- |
||
| 184 | .fi |
||
| 185 | .SH SEE ALSO |
||
| 186 | \fBspftest\fR(1), \fBspfd\fR(8) |
||
| 187 | .SH AUTHOR |
||
| 188 | \fBspfquery\fP was written by Wayne Schlitt. |
||
| 189 | .PP |
||
| 190 | This manual page was written by Magnus Holmgren for the Debian\*[R] |
||
| 191 | system (but may be used by others). Heavily inspired by the spfquery manpage of |
||
| 192 | libmail\-spf\-query\-perl (\fBspfquery.mail\-spf\-query\-perl\fR(1)) by Julian Mehnle. |
||
| 193 | Also based on the command\-line help of spfquery. |
||
| 194 | .SH COPYRIGHT |
||
| 195 | Copyright \(co 2007 Magnus Holmgren. Permission is granted to copy, |
||
| 196 | distribute and/or modify this document under the terms of the BSD |
||
| 197 | License. |
||
| 198 | .PP |
||
| 199 | On Debian systems, the complete text of the BSD License can be found in /usr/share/common\-licenses/BSD. |