USAGE

OTHER DOCUMENTATION

postfix-policyd-spf-perl is a Postfix SMTP policy server for SPF checking. It is implemented in pure Perl and uses the Mail::SPF CPAN module. Note that Mail::SPF is a complete re-implementation of SPF based on the final experimental SPF RFC, RFC 4408. It shares no code with the older Mail::SPF::Query that was the original SPF development implementation. Mail::SPF was the inspiration for the new void lookup limit added in the standards track SPF RFC, RFC 7208. While Mail::SPF has not yet been specifically updated for RFC 7208, there are no significant changes needed.

This version of the policy server always checks HELO before Mail From (older versions just checked HELO if Mail From was null). It will reject mail that fails either Mail From or HELO SPF checks. It will defer mail if there is a temporary SPF error and the message would othersise be permitted (DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From will not be checked.

If the message is not rejected or deferred, the policy server will PREPEND the appropriate SPF Received header. If Mail From is anything other than completely empty (i.e. <>) then the Mail From result will be used for SPF Received (e.g. Mail From None even if HELO is Pass).

The policy server skips SPF checks for connections from the localhost (127.) and instead prepends and logs 'SPF skipped - localhost is always allowed.' If you have relays that you want to skip SPF checks for, you can add them to relay_addresses on line 78 using standard CIDR notation in a space separated list. For these addresses, 'X-Comment: SPF skipped for whitelisted relay' is prepended and logged.

Error conditions within the policy server (that don't result in a crash) or from Mail::SPF will return DUNNO.

Logging is sent to syslogd.

Each time a Postfix SMTP server process is started it connects to the policy service socket and Postfix runs one instance of this Perls script. By default, a Postfix SMTP server process terminates after 100 seconds of idle time, or after serving 100 clients. Thus, the cost of starting this Perl script is smoothed over time.

The default policy_time_limit is 1000 seconds. This may be too short for some SMTP transactions to complete. As recommended in SMTPD_POLICY_README, this should be extended to 3600 seconds. To do so, set "policy_time_limit = 3600" in /etc/postfix/main.cf.

TESTING THE POLICY DAEMON

To test the policy daemon by hand, execute:

    % /usr/sbin/postfix-policyd-spf-perl

Each query is a bunch of attributes. Order does not matter, and the server uses only a few of all the attributes shown below:

    request=smtpd_access_policy
    protocol_state=RCPT
    protocol_name=SMTP
    helo_name=some.domain.tld
    queue_id=
    instance=71b0.45e2f5f1.d4da1.0
    [email protected]
    [email protected]
    client_address=1.2.3.4
    client_name=another.domain.tld
    [empty line]

The policy daemon will answer in the same style, with an attribute list followed by a empty line:

 1. Add the following to /etc/postfix/master.cf:

        spfcheck  unix  -       n       n       -       0       spawn
            user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl

 2. Configure the Postfix SPF policy service in /etc/postfix/main.cf:

        smtpd_recipient_restrictions =
            ...
            reject_unauth_destination
            check_policy_service unix:private/spfcheck
            ...
        spfcheck_time_limit = 3600

    NOTE:  Specify check_policy_service AFTER reject_unauth_destination or
    else your system can become an open relay.

 3. Set up machines which you expect to legitimately forward mail to this
    server (see description in synopsis).  This should typically include
    the IP addresses which backup Mail eXchangers, and known non-SRS
    forwarders will use to submit mail to this server (i.e. the source IPs
    of the other servers).

 4. Restart Postfix.

 5. Verify correct backup MX operation (if applicable).

This man-page was written by Scott Kitterman <[email protected]>.