You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+82-55Lines changed: 82 additions & 55 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,14 +13,18 @@ To make it reject mail then you will need to enable the relevant options below.
13
13
of SPF but you will need to whitelist any hosts forwarding mail from another
14
14
domain whilst preserving the original return-path.
15
15
16
-
Configuration
16
+
## Configuration
17
+
17
18
-------------
18
19
19
20
This plugin uses spf.ini for configuration and the following options are
20
21
available:
21
22
22
-
[relay]
23
-
context=sender (default: sender)
23
+
24
+
```ini
25
+
[relay]
26
+
context=sender (default: sender)
27
+
```
24
28
25
29
On connections with relaying privileges (MSA or mail relay), it is often
26
30
desirable to evaluate SPF from the context of Haraka's public IP(s), in the
@@ -35,24 +39,28 @@ denying mail from senders whose SPF fails the checks.
35
39
36
40
Additional settings allow you to control the small things (defaults are shown):
37
41
38
-
; The lookup timeout, in seconds. Better set it to something much lower than this.
39
-
lookup_timeout = 29
42
+
```ini
43
+
; The lookup timeout, in seconds. Better set it to something much lower than this.
44
+
lookup_timeout = 29
40
45
41
-
; bypass hosts that match these conditions
42
-
[skip]
43
-
; hosts that relay through us
44
-
relaying = false
45
-
; hosts that are SMTP AUTH'ed
46
-
auth = false
46
+
; bypass hosts that match these conditions
47
+
[skip]
48
+
; hosts that relay through us
49
+
relaying = false
50
+
; hosts that are SMTP AUTH'ed
51
+
auth = false
52
+
```
47
53
48
54
There's a special setting that would allow the plugin to emit a funny explanation text on SPF DENY, essentially meant to be visible to end-users that will receive the bounce. The text is `http://www.openspf.org/Why?s=${scope}&id=${sender_id}&ip=${connection.remote.ip}` and is enabled by:
49
55
50
-
[deny]
51
-
openspf_text = true
52
-
53
-
; in case you DENY on failing SPF on hosts that are relaying (but why?)
54
-
[deny_relay]
55
-
openspf_text = true
56
+
```ini
57
+
[deny]
58
+
openspf_text = true
59
+
60
+
; in case you DENY on failing SPF on hosts that are relaying (but why?)
61
+
[deny_relay]
62
+
openspf_text = true
63
+
```
56
64
57
65
### Things to Know
58
66
@@ -78,40 +86,59 @@ There's a special setting that would allow the plugin to emit a funny explanatio
78
86
79
87
* Heed well the implications of SPF, as described in [RFC 4408](http://tools.ietf.org/html/rfc4408#section-9.3)
80
88
81
-
[defer]
82
-
helo_temperror
83
-
mfrom_temperror
84
-
85
-
[deny]
86
-
helo_none
87
-
helo_softfail
88
-
helo_fail
89
-
helo_permerror
90
-
91
-
mfrom_none
92
-
mfrom_softfail
93
-
mfrom_fail
94
-
mfrom_permerror
95
-
96
-
openspf_text
97
-
98
-
; SPF settings used when connection.relaying=true
99
-
[defer_relay]
100
-
helo_temperror
101
-
mfrom_temperror
102
-
103
-
[deny_relay]
104
-
helo_none
105
-
helo_softfail
106
-
helo_fail
107
-
helo_permerror
108
-
109
-
mfrom_none
110
-
mfrom_softfail
111
-
mfrom_fail
112
-
mfrom_permerror
113
-
114
-
openspf_text
89
+
### spf.ini default settings
90
+
91
+
```ini
92
+
lookup_timeout = 29
93
+
94
+
95
+
[relay]
96
+
context=sender
97
+
98
+
99
+
[skip]
100
+
relaying=false
101
+
auth=false
102
+
103
+
104
+
[defer]
105
+
helo_temperror=false
106
+
mfrom_temperror=false
107
+
108
+
109
+
[deny]
110
+
helo_none=false
111
+
helo_softfail=false
112
+
helo_fail=false
113
+
helo_permerror=false
114
+
115
+
mfrom_none=false
116
+
mfrom_softfail=false
117
+
mfrom_fail=false
118
+
mfrom_permerror=false
119
+
120
+
openspf_text=false
121
+
122
+
123
+
; SPF settings used when connection.relaying=true
124
+
[defer_relay]
125
+
helo_temperror=false
126
+
mfrom_temperror=false
127
+
128
+
129
+
[deny_relay]
130
+
helo_none=false
131
+
helo_softfail=false
132
+
helo_fail=false
133
+
helo_permerror=false
134
+
135
+
mfrom_none=false
136
+
mfrom_softfail=false
137
+
mfrom_fail=false
138
+
mfrom_permerror=false
139
+
140
+
openspf_text=false
141
+
```
115
142
116
143
117
144
Testing
@@ -121,17 +148,17 @@ This plugin also provides a command-line test tool that can be used to debug SPF
0 commit comments