policyd-spf-fs(8) SPF policy daemon for the Postfix MTA


In master.cf:

spf-policy unix - n n - - spawn
user=nobody argv=/usr/sbin/policyd-spf-fs [options]


This manual page documents briefly the policyd-spf-fs command. It was written for the Debian® distribution because the original program initially didn't have a manual page (it does now, but the maintainer feels that this one is a little better).

policyd-spf-fs performs Sender Policy Framework (SPF) authorization checks based on queries sent to it on standard input following a special protocol. For more information on this protocol see the Postfix documentation in the postfix-doc package. For information on SPF see http://www.openspf.org.


This programs follows the GNU getopt_long_only(3) command line syntax: Long options can be given with one or two dashes and can be abbreviated to a prefix long enough to be non-ambiguous. If an option starting with a single dash doesn't match a long option, it is taken as a short option with a following parameter, if applicable. An equals sign between the option name and the parameter is optional for both short and long options.
-d, --debug [level]
Turn on debugging output. A level of 3 or higher is passed to libspf2 (as level-2). Level 1 and 2 is only used by the daemon itself.
-l, --local spf-terms
Test against spf-terms before the final (implicit or explicit) "all" in an SPF record. This can be used to implement a local policy for whitelisting.
-t, --trusted [1]
Check the sender domain with trusted-forwarder.org. This is a non-standard feature.
-t 0, --trusted 0
Do not check the sender domain with trusted-forwarder.org. This is the default.
-g, --guess spf-mechanisms
Test the sender domain against spf-mechanisms if the domain has no SPF record.
-e, --default-explanation string
Default explanation string to use if the SPF record does not specify an explanation string itself.
-m, --max-lookup number
Maximum number of DNS lookups to allow.
-c, --sanitize [0|1]
Do [not] sanitize the output by condensing consecutive whitespace into a single space and replacing non-printable characters with question marks. Enabled by default.
-n, --name hostname
Use hostname as the name of the local system instead of looking it up (the name is used in the output).
-a, --override ...
-z, --fallback ...
Provide override and fallback SPF records for certain domains. Not implemented yet. policyd-spf-fs would act as if the specified records were present before and after any existing record, respectively, of those domains.
Show summary of options.
-v, --version
Show version of program.


Yes, this program is an early development stage. Among other things, several of the spfquery options are semi-recognized, which may give confusing results.


policyd-spf-fs was written by Matthias Cramer.

This manual page was written by Magnus Holmgren for the Debian® system (but may be used by others), based on the manpage for spfquery(1), which was in turn heavily inspired by the spfquery manpage of libmail-spf-query-perl (spfquery.mail-spf-query-perl(1)) by Julian Mehnle.


Copyright © 2007 Magnus Holmgren. Permission is granted to copy, distribute and/or modify this document under the terms of the BSD License.

On Debian systems, the complete text of the BSD License can be found in /usr/share/common-licenses/BSD.