-
Notifications
You must be signed in to change notification settings - Fork 5
/
smf-spf.conf
212 lines (181 loc) · 4.61 KB
/
smf-spf.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# /etc/mail/smfs/smf-spf.conf
#
# smf-spf configuration file v2.0.2 (it's read at start)
#
# Whitelist by a sender IP address
#
# The syntax is an IP address followed by a slash
# and a CIDR netmask (if the netmask is omitted, /32 is assumed)
#
WhitelistIP 127.0.0.0/8
WhitelistIP 10.0.0.0/8
WhitelistIP 172.16.0.0/12
WhitelistIP 192.168.0.0/16
# Whitelist by a sender PTR record (reverse DNS record)
#
# Performs a case insensitive substring match
#
#WhitelistPTR .friendlydomain.tld
#WhitelistPTR friendlyhost.friendlydomain.tld
# Whitelist by an envelope sender e-Mail address
#
# Performs a case insensitive substring match
#
#WhitelistFrom friend@
#WhitelistFrom @friendlydomain.tld
#WhitelistFrom [email protected]
# Whitelist by an envelope recipient e-Mail address
#
# Performs a case insensitive substring match
#
#WhitelistTo postmaster@
#WhitelistTo @yourspamloverdomain.tld
#WhitelistTo [email protected]
# FixedClientIP allows SPF evaluation with a fixed IP
# This can be applied in submission port and would allow to block
# messages that will fail SPF evaluation on the next hop.
#
# Default: none
#
#FixedClientIP 192.0.0.1
# SkipNDR, when set to Off, will skip evaluation of empty senders
#
# Default: off
#
#SkipNDR off
# SkipAuth, when set to ON, will skip evaluation when the user authnticates
#
# Default: on
#
#SkipAuth ON
# ClientIPNAT allows IP address translation of the connecting IP
# This is particular useful when you have internal email flows
# and still have a SPF evaluation
#
# Default: none
#
#ClientIPNAT 10.0.0.1:192.0.0.1
#ClientIPNAT 127.0.0.1:192.0.0.3
# RejectReason specifies the message that will be return to milter client
# You can use %s placeholders where :
# 1st %s - sender address or postmaster@<helo name> if empty sender
# 2nd %s - sender IP Address
# 3rd %s - server name ( {j} macro
#
# Default: Rejected, look at http://www.openspf.org/why.html?sender=%s&ip=%s&receiver=%s
#
#RejectReason Rejected, look at http://www.openspf.org/why.html?sender=%s&ip=%s&receiver=%s
#
# Don't check localpart size. RFC 821/2821/5321 states
# localpart must be less that 64 octects. With relaxed on
# only total mailfrom ( localpart @ domain.tld ) size is checked
#
# Default: off
#
#RelaxedLocalPart off # (on|off)
# Refuse e-Mail messages at SPF None results
# On empty senders this restriction will not be applied
#
# Default: off
#
#RefuseSPFNone off # (on|off)
# Refuse e-Mail messages when there is an empty sender
# and there isn't an SPF policy from the server name
# Server name is the HELO identity
#
# Default: off
#
#RefuseSPFNoneHelo off # (on|off)
# Refuse e-Mail messages at SPF Fail results (RFC-4408)
#
# Default: on
#
#RefuseFail on # (on|off)
# When refusing e-Mail messages use a 450 SMTP code
#
# Default: off
#
#SoftFail off # (on|off)
#
# Accept email when SPF evaluation return a TEMPERROR
#
# Default: on
#
# AcceptTempError on
# Subject tagging of e-Mail messages at SPF SoftFail
# and Fail (if RefuseFail set to off) results
#
# Default: on
#
#TagSubject on # (on|off)
# Subject tagging string
#
# Default: [SPF:fail]
#
#Tag [SPF:fail]
# Add the deprecated Received-SPF: header
#
# Default: off
#
# AddReceivedHeader off
# Build a standard Authentication-Results: header
#
# Default: on
#
#AddHeader on # (on|off)
# Quarantine of e-Mail messages at SPF SoftFail
# and Fail (if RefuseFail set to off) results
#
# Default: off
#
#Quarantine off # (on|off)
# Quarantine mailbox
#
# Default: postmaster
#
#QuarantineBox postmaster
#QuarantineBox [email protected]
# In-memory cache engine TTL settings
#
# The time is given in seconds, except if a unit is given:
# m for minutes, h for hours, and d for days
# Specify zero to disable caching
#
# Default: 1h
#
#TTL 1h
# Run as a selected user (smf-spf must be started by root)
#
# Default: smfs
#
#User smfs
# Socket used to communicate with Sendmail daemon
#
# Default: unix:/var/run/smfs/smf-spf.sock
#
#Socket unix:/var/run/smfs/smf-spf.sock
# Facility for logging via Syslog daemon
# none will disable syslog.
#
# Default: mail
#
#Syslog mail # (none|daemon|mail|local0...local7)
# Logging to a file. Can use /dev/stdout and /dev/stderr
#
# Default: <empty>
#
# LogTo /dev/stdout
# Run as a daemon process in the background
#
# When disabled, the process will stay in the foreground.
# This is preferred by some init systems, f.i. systemd
#
# Default: on
#
#Daemonize on # (on|off)
# AuthservID string
# default (hostname provided by milter)
#
# Defines the "authserv-id" token to be used when generating
# Authentication-Results headers after sender verification.
# AuthservID example.com