This is an SPF
implementation for qmail.
SPF is something like a DNS based "reverse MX" system to
designate permitted senders for mails depending on the domain name.
The goal is to disallow sender address forgery.
The patch is entirely written using the qmail string and DNS functions, and thus
completely integrated into qmail without external dependencies.
It can check incoming mails inside the SMTP daemon, add Received-SPF lines
and optionally block undesired transfers. The check is performed at
the envelope level.
patch against qmail-1.03: qmail-spf-rc5.patch
This patch is stable. It is still a release candidate because the final SPF draft isn't out yet (I consider it final when it gets an official RFC).
For more information about SPF, please see the project web site at http://spf.pobox.com/
qmail is a small and secure MTA by D. J. Bernstein.
Drop me a note <jana@saout.de> when you use it so I can keep track of the various versions/platforms this runs on. Thanks!
Installation:
I suppose you are already familiar with qmail patching since a naked
qmail is pretty useless these days (no authentication, filtering, ...).
Unpack the qmail-1.03.tar.gz archive using something like:
tar xvfz /path/to/qmail-1.03.tar.gz
Change into the directory and apply the patch using:
patch -p1 < /path/to/qmail-spf-<version>.patch
If you already had patches applied there will most likely be rejects,
especially in the Makefile. I'm sorry I had to make so many changes.
You'll have to apply them rejected changes by hand (or ask me).
After that you can go on with the usual procedure:
Adjust conf-*, make, make test, make setup, whatever you want.
Important: Please make sure that you also
apply the qmail-bigdns patch or you will get random lookup failues.
The patch also includes a standalone SPF query tool called spfquery:
spfquery <sender-ip> <sender-helo/ehlo> <envelope-from> [<local rules>] [<guess rules>]
Configuration:
After patching qmail the man pages control.9 and
qmail-smtpd.8 will give you a hint on how to configure
qmail to use SPF.
You can create four configuration files in your control directory (usually /var/qmail/control):
include:spf.trusted-forwarder.org
.a/24 mx/24 ptr
.550 the expanded SPF explanation (#5.7.1)
These are the older versions of my patch:
qmail-spf-beta1.patch
qmail-spf-beta2.patch
qmail-spf-beta3.patch
qmail-spf-beta4.patch
qmail-spf-pre1.patch
qmail-spf-pre2.patch
qmail-spf-rc1.patch
qmail-spf-rc2.patch
qmail-spf-rc3.patch
qmail-spf-rc4.patch
here you can find some other patches people sent me (that combine the patch with other available patches or apply on top of other patches).
Thanks to the PySPF author for the web site template and to Meng for SPF. :)