128
128
.\" ========================================================================
130
130
.IX Title "policy-spf.conf 5"
131
.TH policy-spf.conf 5 "2007-10-27"
131
.TH policy-spf.conf 5 "2008-02-18"
133
133
python-policyd-spf \- pure-Python Postfix policy daemon for SPF checking
135
135
.IX Header "VERSION"
139
139
.IX Header "USAGE"
141
policyd-spf [/usr/local/policyd-spf/policyd-spf.conf]
141
policyd-spf [/etc/policyd-spf/policyd-spf.conf]
143
143
.SH "OTHER DOCUMENTATION"
144
144
.IX Header "OTHER DOCUMENTATION"
164
164
Configuration options are described here and in the configuration file
165
165
provided with the package. The provided setup.py installs this configuration
166
file in /usr/local/policyd-spf/.
166
file in /etc/policyd-spf/.
168
168
Additionally, whitelisting certain IP addresses from SPF checks is supported.
169
169
The this man page and the sample configuration file show the format to use.
175
175
.IX Header "LOGGING"
177
177
"debugLevel" controls ths amount of information logged by the policy server.
178
The default, 0, logs no debugging messages, just basic SPF results and errors
179
The default, 1, logs no debugging messages, just basic SPF results and errors
179
180
generated through the policy server. This value can be increased up to 5
180
181
(values higher than 5 will not cause an error, but will not log any additional
183
debug level 1 adds a log message if no client address (IP address from which
184
debug level 2 adds a log message if no client address (IP address from which
184
185
the connection was made), Mail From addresss, or HELO/EHLO name is received by
185
186
the policy server, and logs SPF results for each Mail From and HELO check.
187
debug level 2 generates a log message each time the policy server starts and
188
debug level 3 generates a log message each time the policy server starts and
188
189
each time it exits, as well as logging an copy of the exact header returned to
189
190
Postfix to be prepended into the message. Each time the policy server starts,
190
debug level 2 also logs the configuration information used by the policy
191
debug level 3 also logs the configuration information used by the policy
193
debug level 3 logs each config file read (with file name and path).
195
194
debug level 4 logs the complete data set received by Postfix via the policy
196
195
interface and when the end of the entry is read.
198
debug level 5 logs each configuration attribute read from a configuration file.
197
debug level 5 is used to debug config file processing and can only be set in
198
code and not via the config file.
200
If debug level is 0, then the policy server logs errors only.
204
206
.SH "TEST OPERATION"
205
207
.IX Header "TEST OPERATION"
345
347
TempError_Defer = False
349
.SH "Prospective SPF Check"
350
.IX Header "Prospective SPF Check"
352
Prospective SPF checking - Check to see if mail sent from the defined IP
353
address would pass. This is useful for outbound MTAs to avoid sending mail that
354
would Fail SPF checks when recieved. Disable HELO checking when using this
355
option. It's only potentially useful for Mail From checking. SPF Received
356
headers are not added when this option is used.
358
Prospective = 192.168.0.4
347
364
.SH "LOCAL SPF BYPASS LIST"
348
365
.IX Header "LOCAL SPF BYPASS LIST"
352
369
addresses. This can also be used, to allow mail from local clients submitting
353
370
mail to an MTA also acting as a Mail Submission Agent (MSA) to be skipped. An
354
371
x-header is prepended indicating SPF checks were skipped due to a local
355
address. This is a trace header only.
372
address. This is a trace header only. Note the lack of spaces in the list.
359
skip_addresses = 127.0.0.0/8, ::ffff:127.0.0.0//104, ::1//128
376
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0//104,::1//128
361
378
.SH "SPF IP WHITELIST"
362
379
.IX Header "SPF IP WHITELIST"
364
381
A comma separated CIDR Notation list of IP addresses not to skip SPF checks
365
382
for. Use this list to whitelist trusted relays (such as a secondary MX and
366
383
trusted forwarders). An x-header is prepended indicating the IP was
367
whitelisted against SPF checks. This is a trace header only.
384
whitelisted against SPF checks. This is a trace header only. Note the lack
385
of spaces in the list.
371
Whitelist = 192.168.0.0/31, 192.168.1.0/30
389
Whitelist = 192.168.0.0/31,192.168.1.0/30
384
402
records. This option is less scalable than the SPF IP Whitelist. An x-header
385
403
is prepended indicating the IP was whitelisted against SPF checks. This is a
386
404
trace header only. This option does nothing if the domain does not have an SPF
387
record. In this case use the SPF IP Whitelist described above.
405
record. In this case use the SPF IP Whitelist described above. Note the lack
406
of spaces in the list.
391
Domain_Whitelist = pobox.com, trustedforwarder.org
410
Domain_Whitelist = pobox.com,trustedforwarder.org