spfd - simple forking daemon to provide SPF query services
spfd --port port [--set-user uid|username] [--set-group gid|groupname]
spfd --socket filename [--socket-user uid|username] [--socket-group gid|groupname] [--socket-perms octal-perms] [--set-user uid|username] [--set-group gid|groupname]
spfd is a simple forking Sender Policy Framework (SPF) query proxy server. spfd receives and answers SPF query requests on a TCP/IP or UNIX domain socket.
The --port form listens on a TCP/IP socket on the specified port. The default port is 5970.
The --socket form listens on a UNIX domain socket that is created with the specified filename. The socket can be assigned specific user and group ownership with the --socket-user and --socket-group options, and specific filesystem permissions with the --socket-perms option.
Generally, spfd can be instructed with the --set-user and --set-group options to drop root privileges and change to another user and group before it starts listening for requests.
The --help form prints usage information for spfd.
A request consists of a series of lines delimited by \x0A (LF) characters (or whatever your system considers a newline). Each line must be of the form key=value, where the following keys are required:
The sender IP address.
The envelope sender address (from the SMTP
MAIL FROM command).
The envelope sender hostname (from the SMTP
spfd responds to query requests with similar series of lines of the form key=value. The most important response keys are:
The result of the SPF query:
The specified IP address is an authorized mailer for the sender domain/address.
The specified IP address is not an authorized mailer for the sender domain/address.
The specified IP address is not an authorized mailer for the sender domain/address, however the domain is still in the process of transitioning to SPF.
The sender domain makes no assertion about the status of the IP address.
The sender domain has a syntax error in its SPF record.
A temporary DNS error occurred while resolving the sender policy. Try again later.
There is no SPF record for the sender domain.
The text that should be included in the receiver's SMTP response.
The text that should be included as a comment in the message's
The SPF record of the envelope sender domain.
For the description of other response keys see Mail::SPF::Query.
For more information on SPF see http://www.openspf.org.
A running spfd could be tested using the
netcat utility like this:
$ echo -e "ip=18.104.22.168\firstname.lastname@example.org\nhelo=spammer.example.net\n" | nc localhost 5970 result=neutral smtp_comment=Please see http://spf.pobox.com/why.html?sender=user%40pobox.com&ip=22.214.171.124&receiver=localhost header_comment=localhost: 126.96.36.199 is neither permitted nor denied by domain of email@example.com guess=neutral smtp_guess= header_guess= guess_tf=neutral smtp_tf= header_tf= spf_record=v=spf1 ?all
This version of spfd was written by Meng Weng Wong <firstname.lastname@example.org>. Improved argument parsing was added by Julian Mehnle <email@example.com>.
This man-page was written by Julian Mehnle <firstname.lastname@example.org>.