Arabic  Chinese (simplified)  Chinese (traditional)  French  German  Italian  Japanese  Korean  Portuguese  Russian  Spanish 

SPF/SRS

From ASSPSMTP

Jump to: navigation, search
Advice
This article is incomplete. It is currently under construction and review for content, clarity and format. Help the community by adding content directly to this page or discuss what should go in this article on the discussion page!

On This Page

How It Works

Details

SPF/SRS FAQs

SPF/SRS Configuration

based upon version 1.3.5(9.18) Enable SPF Validation (ValidateSPF)

Enable Sender Policy Framework Validation as described at openspf. This requires an installed Mail::SPF::Query module in PERL. 0 = disabled, 1 = block, 2 = monitor, 3 = score

Whitelisted SPF Validation (SPFWL) Enable Sender Policy Framework Validation for whitelisted users also.

noProcessing SPF Validation (SPFNP) Enable Sender Policy Framework Validation for nonprocessed messages also.

Use Trusted Forwarder List (SPFtrusted) The trusted-forwarder.org domain provides a global whitelist for users of the SPF system. It provides early adopters of SPF a way of allowing legitimate email that is sent through known, trusted email forwarders from being blocked by SPF checks simply because the forwarders do not use some sort of envelope-from rewriting system.

Add Received-SPF Header (AddSPFHeader) Add Received-SPF header to header of all emails processed by SPF.

SPF Failed Reply (SPFError)

SMTP reply for SPF failed messages. Default: '554 5.7.1 failed SPF: SPFRESULT' The literal SPFRESULT (case sensitive) is replaced by the actual result.

Skip SPF Processing Regex* (noSPFRe)

Mail from any of these addresses are ignored by SPF. Put anything here to identify these addresses

Override Domains* (SPFoverride)

Set override to define SPF records for domains that do publish but which you want to override anyway. If you specify only domains the Local SPF Record below will be used as default. Wildcards are supported. For example: abc.com=>v=spf1 a/24 mx/24 ptr -all|cello.ch=>v=spf1 ip4:213.46.243.0/26 ~all|abc.com|*.def.com

Fallback Domains* (SPFfallback)

Set fallback to define "pretend" SPF records for domains that don't publish them yet. If you specify only domains the Local SPF Record below will be used as default. Wildcards are supported. For example: abc.com=>v=spf1 a/24 mx/24 ptr -all|cello.ch=>v=spf1 ip4:213.46.243.0/26 ~all|abc.com|*.def.com

Local SPF Policy (LocalPolicySPF)

If the sending domain does not publish its own SPF Records this will be used. The default is v=spf1 a/24 mx/24 ptr ~all

Fallback/Override SPF Record (SPFlocalRecord)

Used in Fallback/Override Domains The default is v=spf1 a/24 mx/24 ptr -all

Strict SPF Processing Regex* (strictSPFRe)

Softfail/Neutral will be failed for these sending addresses. Put anything here to identify the addresses

Fail SPF Softfail Validations (SPFsoftfail) Intentionally fail SPF softfail status responses

Fail SPF Neutral Validations (SPFneutral) Intentionally fail SPF neutral status responses

Fail SPF Temperror Validations (SPFtemp) Intentionally fail SPF temperror status responses

Fail SPF Permerror Validations (SPFperm) Intentionally fail SPF permerror \& unknown status responses

Fail SPF Timeout (SPFtout) Intentionally fail SPF timeout

SPF Cache Refresh Interval (SPFCacheInterval)

SPF records in cache will be removed after this interval in days. 0 will disable the cache.

SPF Timeout (SPFtimeout)

SPF will timeout after this many seconds. Default is 10 seconds. Zero or empty will disable the timeout feature.

Enable SPF Debug output to ASSP Logfile (DebugSPF) Enables verbose debugging of SPF queries within the Mail::SPF::Query module.

Enable Sender Rewriting Scheme (EnableSRS) Enable Sender Rewriting Scheme as described at www.openspf.org/SRS. This requires an installed Mail::SRS module in PERL. You should use SRS if your message handling system forwards email for domains with published spf records. Note that you have to setup the outgoing path (Relay Host & Port) to let ASSP see and rewrite your outgoing traffic.

Alias Domain (SRSAliasDomain)

SPF requires the SMTP client IP to match the envelope sender (return-path). When a message is forwarded through an intermediate server, that intermediate server may need to rewrite the return-path to remain SPF compliant. For example: thisdomain.com

Secret Key (SRSSecretKey)

A key for the cryptographic algorithms -- Must be at least 5 characters long.

Maximum Timestamp Age (SRSTimestampMaxAge)

Enter the maximum number of days for which a timestamp is considered valid. Default is 21 days.

Hash Length (SRSHashLength)

The number of bytes of base64 encoded data to use for the cryptographic hash. More is better, but makes for longer addresses which might exceed the 64 character length suggested by RFC2821. This defaults to 4, which gives 4 x 6 = 24 bits of cryptographic information, which means that a spammer will have to make 2^24 attempts to guarantee forging an SRS address.

Enable Bounce Recipient Validation (SRSValidateBounce) Bounce messages that fail reverse SRS validation (but not a valid SMTP probe) will receive a 554 5.7.5 [Bounce address not SRS signed] SMTP error code.

Don't Rewrite Addresses From Thes Domains* (SRSno)

Don't rewrite addresses when messages come from these addresses. Accepts specific addresses (user@domain.com), user parts (user) or entire domains (@domain.com). For example: fribo@thisdomain.com|jhanna|@sillyguys.org

Don't Validate Bounces From these IPs* (noSRS)

Enter IP addresses that you don't want to validate bounces from, separated by pipes (|). For example: 127.0.0.1|192.168.

Retrieved from "http://www.asspsmtp.org/wiki/SPF/SRS"
These icons link to social bookmarking sites where readers can share and discover new web pages. Blinklist  del.icio.us  digg  Furl  Google  ma.gnolia  Reddit  Slashdot  Spurl  YahooMyWeb 
Personal tools