1Mail::SpamAssassin::PluUgsienr::CSoPnFt(r3i)buted Perl DMoaciulm:e:nStpaatmiAosnsassin::Plugin::SPF(3)
2
3
4
6 Mail::SpamAssassin::Plugin::SPF - perform SPF verification tests
7
9 loadplugin Mail::SpamAssassin::Plugin::SPF
10
12 This plugin checks a message against Sender Policy Framework (SPF)
13 records published by the domain owners in DNS to fight email address
14 forgery and make it easier to identify spams.
15
16 It's recommended to use MTA filter (pypolicyd-spf / spf-engine etc), so
17 this plugin can reuse the Received-SPF and/or Authentication-Results
18 header results as is. Otherwise throughput could suffer, DNS lookups
19 done by this plugin are not asynchronous. Those headers will also help
20 when SpamAssassin is not able to correctly detect EnvelopeFrom.
21
23 welcomelist_from_spf user@example.com
24 Previously whitelist_from_spf which will work interchangeably until
25 4.1.
26
27 Works similarly to welcomelist_from, except that in addition to
28 matching a sender address, a check against the domain's SPF record
29 must pass. The first parameter is an address to welcomelist, and
30 the second is a string to match the relay's rDNS.
31
32 Just like welcomelist_from, multiple addresses per line, separated
33 by spaces, are OK. Multiple "welcomelist_from_spf" lines are also
34 OK.
35
36 The headers checked for welcomelist_from_spf addresses are the same
37 headers used for SPF checks (Envelope-From, Return-Path,
38 X-Envelope-From, etc).
39
40 Since this welcomelist requires an SPF check to be made, network
41 tests must be enabled. It is also required that your trust path be
42 correctly configured. See the section on "trusted_networks" for
43 more info on trust paths.
44
45 e.g.
46
47 welcomelist_from_spf joe@example.com fred@example.com
48 welcomelist_from_spf *@example.com
49
50 def_welcomelist_from_spf user@example.com
51 Previously def_whitelist_from_spf which will work interchangeably
52 until 4.1.
53
54 Same as "welcomelist_from_spf", but used for the default
55 welcomelist entries in the SpamAssassin distribution. The
56 welcomelist score is lower, because these are often targets for
57 spammer spoofing.
58
59 unwelcomelist_from_spf user@example.com
60 Previously unwhitelist_from_spf which will work interchangeably
61 until 4.1.
62
63 Used to remove a "welcomelist_from_spf" or
64 "def_welcomelist_from_spf" entry. The specified email address has
65 to match exactly the address previously used.
66
67 Useful for removing undesired default entries from a distributed
68 configuration by a local or site-specific configuration or by
69 "user_prefs".
70
72 spf_timeout n (default: 5)
73 How many seconds to wait for an SPF query to complete, before
74 scanning continues without the SPF result. A numeric value is
75 optionally suffixed by a time unit (s, m, h, d, w, indicating
76 seconds (default), minutes, hours, days, weeks).
77
78 ignore_received_spf_header (0|1) (default: 0)
79 By default, to avoid unnecessary DNS lookups, the plugin will try
80 to use the SPF results found in any "Received-SPF" headers it finds
81 in the message that could only have been added by an internal
82 relay.
83
84 Set this option to 1 to ignore any "Received-SPF" headers present
85 and to have the plugin perform the SPF check itself.
86
87 Note that unless the plugin finds an "identity=helo", or some
88 unsupported identity, it will assume that the result is a mfrom SPF
89 check result. The only identities supported are "mfrom",
90 "mailfrom" and "helo".
91
92 use_newest_received_spf_header (0|1) (default: 0)
93 By default, when using "Received-SPF" headers, the plugin will
94 attempt to use the oldest (bottom most) "Received-SPF" headers,
95 that were added by internal relays, that it can parse results from
96 since they are the most likely to be accurate. This is done so
97 that if you have an incoming mail setup where one of your primary
98 MXes doesn't know about a secondary MX (or your MXes don't know
99 about some sort of forwarding relay that SA considers
100 trusted+internal) but SA is aware of the actual domain boundary
101 (internal_networks setting) SA will use the results that are most
102 accurate.
103
104 Use this option to start with the newest (top most) "Received-SPF"
105 headers, working downwards until results are successfully parsed.
106
107 has_check_for_spf_errors
108 Adds capability check for "if can()" for check_for_spf_permerror,
109 check_for_spf_temperror, check_for_spf_helo_permerror and
110 check_for_spf_helo_permerror
111
112 has_check_spf_skipped_noenvfrom
113 Adds capability check for "if can()" for
114 check_spf_skipped_noenvfrom
115
116 check_spf_skipped_noenvfrom
117 Checks if SPF checks have been skipped because EnvelopeFrom
118 cannot be determined.
119
120
121
122perl v5.36.0 2023-01-21Mail::SpamAssassin::Plugin::SPF(3)