0,0 → 1,199 |
.\" Title: SPFQUERY |
.\" Author: Magnus Holmgren <magnus@kibibyte.se> |
.\" Date: 2007-09-06 |
.\" Manual: libspf2 manuals for Debian |
.\" Source: libspf2 1.2.5 |
.\" |
.TH "SPFQUERY" "1" "2007-09-06" "libspf2 1.2.5" "libspf2 manuals for Debian" |
.\" disable hyphenation |
.nh |
.SH NAME |
spfquery, spfquery.libspf2 \- checks if an IP address is an SPF-authorized SMTP sender for a domain. |
.SH SYNOPSIS |
.ad l |
.HP 9 |
.B spfquery |
.RB { \-i | \-\-ip } |
.I ip\-address |
.RB { -s | \-\-sender } |
.RI [ local-part \fB@\fP] domain |
.RB [{ \-h | \-\-helo } |
.IR domain-name ] |
.RB [ \-\-rcpt\-to |
.IR email-address(es) ] |
.RI [ CONTROL-OPTIONS ] |
.HP 9 |
.B spfquery |
.RB { \-f | \-\-file } |
.IR datafile " [" CONTROL-OPTIONS ] |
.HP 9 |
.B spfquery |
.RB { \-\-help | \-v | \-\-version } |
.ad b |
.SH DESCRIPTION |
This manual page documents briefly the |
\fBspfquery\fR |
command. It was written for the |
Debian\*[R] distribution because the original program does not have a manual page. |
.PP |
\fBspfquery\fR performs Sender Policy Framework (SPF) authorization |
checks based on the command-line arguments or data given in a file or |
on standard input. For information on SPF see http://www.openspf.org. |
. |
.SH OPTIONS |
Options are divided into two groups: Data options, which must be |
given, though just enough of them to specify a query; and control |
options, which are optional and control the local policy, behaviour |
and output format of spfquery. |
.PP |
This programs follows the GNU \fBgetopt_long_only\fR(3) command line |
syntax: Long options can be given with one or two dashes and can be |
abbreviated to a prefix long enough to be non-ambiguous. If an option |
starting with a single dash doesn't match a long option, it is taken |
as a short option with a following parameter, if applicable. An equals |
sign between the option name and the parameter is optional for both |
short and long options. |
.SS Data options |
The |
\fB\-\-file\fR option conflicts with all the other data options. The |
\fB\-\-helo\fR and \fB\-\-rcpt\-to\fR are optional. |
.TP |
\fB\-f\fR, \fB\-\-file\fR \fIfilename\fR |
Read SPF data from \fIfilename\fR. Specify \(lq-\(rq to read from standard input. |
.sp |
The file should consist of one line per query, each query line consisting of the IP address, sender adress, and optional HELO string, separated by spaces. |
.sp |
\fBNote\fP |
Local parts containing spaces are currently not supported. |
.TP |
\fB\-i\fP, \fB\-\-ip\fP \fIip-address\fP |
Specify the IP address of the remote host that is delivering the mail. |
.TP |
\fB\-s\fP, \fB\-\-sender\fP [\fIlocal-part\fP\fB@\fP]\fIdomain\fP |
Specify the email address that was used as the envelope sender. If no |
username (local part) is given, \(lqpostmaster\(rq will be assumed. |
.TP |
\fB\-h\fP, \fB\-\-helo\fP \fIdomain-name\fP |
Specify that \fIdomain-name\fP was provided in the SMTP HELO (or EHLO) command. |
.TP |
\fB\-r\fP, \fB\-\-rcpt-to\fP \fIrcpt-address\fP[,\fIrcpt-address\fP,...] |
Specify the recipients as comma-separated list. Any secondary mail exchangers of all |
recipient domains are automatically authorized. |
. |
.SS Control options |
.TP |
\fB\-d\fP, \fB\-\-debug\fP[\fB=\fP\fIlevel\fP] |
Turn on debugging output. |
.TP |
\fB\-l\fP, \fB\-\-local\fP \fIspf\-terms\fP |
Test against \fIspf\-terms\fR before the final (implicit or explicit) |
\(lqall\(rq in an SPF record. This can be used to implement a local policy for whitelisting. |
.TP |
\fB\-t, \fB\-\-trusted\fR [\fB1\fR] |
Check the sender domain with trusted\-forwarder.org. |
\fBThis is a non\-standard feature.\fR |
.TP |
\fB\-t\fP \fB0\fP, \fB\-\-trusted\fR \fB0\fP |
Do not check the sender domain with trusted\-forwarder.org. This is the default. |
.TP |
\fB\-g\fP, \fB\-\-guess\fP \fIspf-mechanisms\fP |
Test the sender domain against \fIspf\-mechanisms\fP if the domain has no SPF record. |
.TP |
\fB\-e\fP, \fB\-\-default\-explanation\fP \fIstring\fP |
Default explanation string to use if the SPF record does not specify an expla\%nation string itself. |
.TP |
\fB\-m\fP, \fB\-\-max\-lookup\fP \fInumber\fP |
Maximum number of DNS lookups to allow. |
.TP |
\fB\-c\fP, \fB\-\-sanitize\fP [\fB0\fP|\fB1\fP] |
Do [not] sanitize the output by condensing conse\%cutive white\%space |
into a single space and replacing non-printable characters with |
question marks. Enabled by default. |
.TP |
\fB\-n\fP, \fB\-\-name\fP \fIhostname\fP |
Use |
\fIhostname\fP |
as the name of the local system instead of |
\(lqspfquery\(rq |
(the name is used in the output). |
.TP |
\fB\-k\fP, \fB\-\-keep\-comments\fP |
Print comments found when reading from a file. |
.TP |
\fB\-a\fP, \fB\-\-override\fP \fI...\fP |
.TP |
\fB\-z\fP, \fB\-\-fallback\fP \fI...\fP |
Provide override and fallback SPF records for certain domains. |
\fBNot implemented yet.\fP |
\fBspfquery\fP |
would act as if the speci\%fied records were present before and after any existing record, respectively, of those domains. |
.TP |
\fB\-\-help\fP |
Show summary of options. |
.TP |
\fB\-v\fP, \fB\-\-version\fP |
Show version of program. |
.SH DIAGNOSTICS |
The output ordinarily consists of four lines: |
.IP 1. 4 |
the \fIresult code\fP; |
.IP 2. 4 |
the \fIexplanation\fP, suitable for use in an SMTP response message, empty |
except when a rejection (permanent or temporary) makes sense; |
.IP 3. 4 |
the header comment on its own; |
.IP 4. 4 |
the Received\-SPF header field as defined in RFC 4408 section 7, |
incorporating the header comment. |
.PP |
If errors (including no SPF record found!) occur during processing, |
one or more error blocks will be prepended. |
These start with \(lqStartError\(lq and end with \(lqEndError\(lq. |
.PP |
The result codes and their corresponding exit codes are as follows: |
.TP |
.B 1 \(en neutral |
The sender domain explicitly makes no assertion about the \fIip-address\fP. |
This result must be interpreted exactly as if no SPF record at all existed. |
.TP |
.B 2 \(en pass |
The \fIip-address\fP is authorized to send mail for the sender domain. |
.TP |
.B 3 \(en fail |
The \fIip-address\fP is \fBunauthorized\fP to send mail for the sender domain. |
.TP |
.B 4 \(en softfail |
The \fIip-address\fP is not authorized to send mail for the sender domain, but |
the sender domain cannot or does not wish to make a strong assertion that no such mail can |
ever come from it. |
.TP |
.B 5 \(en none |
No SPF record was found. |
.TP |
.BR "6 \(en error" " (temporary)" |
A transient error occurred (e.g. failure to reach a DNS server), preventing a |
result from being reached. |
.TP |
.BR "7 \(en unknown" " (permanent error)" |
One or more SPF records could not be interpreted. |
.SH EXAMPLES |
.nf |
spfquery \-ip=11.22.33.44 \-sender=user@aol.com \-helo=spammer.tld |
spfquery \-f test_data |
echo "127.0.0.1 myname@mydomain.com helohost.com" | spfquery \-f \- |
.fi |
.SH SEE ALSO |
\fBspftest\fR(1), \fBspfd\fR(8) |
.SH AUTHOR |
\fBspfquery\fP was written by Wayne Schlitt. |
.PP |
This manual page was written by Magnus Holmgren for the Debian\*[R] |
system (but may be used by others). Heavily inspired by the spfquery manpage of |
libmail\-spf\-query\-perl (\fBspfquery.mail\-spf\-query\-perl\fR(1)) by Julian Mehnle. |
Also based on the command\-line help of spfquery. |
.SH COPYRIGHT |
Copyright \(co 2007 Magnus Holmgren. Permission is granted to copy, |
distribute and/or modify this document under the terms of the BSD |
License. |
.PP |
On Debian systems, the complete text of the BSD License can be found in /usr/share/common\-licenses/BSD. |