This is an SPF
implementation for qmail.
SPF is something like a DNS based "reverse MX" system to designate permitted senders for mails depending on the domain name. The goal is to disallow sender address forgery.
The patch is entirely written using the qmail string and DNS functions, and thus completely integrated into qmail without external dependencies.
It can check incoming mails inside the SMTP daemon, add Received-SPF lines and optionally block undesired transfers. The check is performed at the envelope level.
patch against qmail-1.03: qmail-spf-rc5.patch
This patch is stable. It is still a release candidate because the final SPF draft isn't out yet (I consider it final when it gets an official RFC).
Drop me a note <firstname.lastname@example.org> when you use it so I can keep track of the various versions/platforms this runs on. Thanks!
I suppose you are already familiar with qmail patching since a naked qmail is pretty useless these days (no authentication, filtering, ...).
Unpack the qmail-1.03.tar.gz archive using something like:
tar xvfz /path/to/qmail-1.03.tar.gz
Change into the directory and apply the patch using:
patch -p1 < /path/to/qmail-spf-<version>.patch
If you already had patches applied there will most likely be rejects, especially in the Makefile. I'm sorry I had to make so many changes. You'll have to apply them rejected changes by hand (or ask me).
After that you can go on with the usual procedure:
Adjust conf-*, make, make test, make setup, whatever you want.
Important: Please make sure that you also apply the qmail-bigdns patch or you will get random lookup failues.
The patch also includes a standalone SPF query tool called spfquery:
spfquery <sender-ip> <sender-helo/ehlo> <envelope-from> [<local rules>] [<guess rules>]
After patching qmail the man pages control.9 and qmail-smtpd.8 will give you a hint on how to configure qmail to use SPF.
You can create four configuration files in your control directory (usually /var/qmail/control):
a/24 mx/24 ptr.
550 the expanded SPF explanation (#5.7.1)
These are the older versions of my patch:
Thanks to the PySPF author for the web site template and to Meng for SPF. :)