man Courier::Filter::Module::SPF () - An SPF filter module for the Courier::Filter framework
NAME
Courier::Filter::Module::SPF - An SPF filter module for the Courier::Filter framework
VERSION
0.16
SYNOPSIS
use Courier::Filter::Module::SPF;
my $module = Courier::Filter::Module::SPF->new(
match_on => \@match_on_result_codes,
trusted_forwarders => 0,
fallback_guess => 0,
default_response => $default_response_text,
logger => $logger,
inverse => 0,
trusting => 0,
testing => 0,
debugging => 0
);
my $filter = Courier::Filter->new(
...
modules => [ $module ],
...
);
DESCRIPTION
This class is a filter module class for use with Courier::Filter. It matches a message if the sending machine's IP address (currently IPv4 only) is not authorized to send mail from the envelope sender's (MAIL FROM) domain according to that domain's DNS SPF (Sender Policy Framework) record. This is classic inbound SPF checking.
The point of inbound SPF checking is for receivers to protect themselves against forged envelope sender addresses in messages sent by others.
Constructor
The following constructor is provided:
- new(%options): RETURNS Courier::Filter::Module::SPF
- Creates a new SPF filter module. %options is a list of key/value pairs representing any of the following options:
- match_on
- reject_on (DEPRECATED)
- A reference to an array containing the set of SPF result codes which should cause the filter module to match a message. Possible result codes are CWpass, CWneutral, CWsoftfail, CWfail, CWnone, CWunknown, and CWerror. See the SPF specification for details on the meaning of those. Even if CWerror is listed, an CWerror result will by definition never cause a permanent rejection, but only a temporary one. Defaults to ['fail', 'softfail', 'unknown', 'error'], which complies with the long-term vision of SPF. For the time being, you should probably override this to ['fail', 'unknown', 'error'].
- trusted_forwarders
- A boolean value controlling whether well-known but SPF ignorant forwarding services, as centrally specified by the DNS zone spf.trusted-forwarder.org, should be generally trusted to be legitimate senders, even if they send messages with enveloper sender domains they do not control and are not authorized to send from. Enabling this reduces the probability of false positives somewhat, but increases the probability of false negatives significantly. Defaults to false.
- fallback_guess
- A boolean value controlling whether a default best guess SPF record should be assumed for domains without an SPF record. See best_guess in Mail::SPF::Query for the definition of the default best guess record. Defaults to false.
- default_response
- A string that is to be returned as the match result in case of a match, that is when a message fails the SPF check, if the (alleged) envelope sender domain does not provide an explicit response. SPF macro substitution is performed on the default response, just like on responses provided by domain owners. If undef, the hard-coded default response of Mail::SPF::Query will be used; see new in Mail::SPF::Query for the definition of that. Defaults to undef. All options of the Courier::Filter::Module constructor are also supported. Please see new in Courier::Filter::Module for their descriptions.
Instance methods
See Instance methods in Courier::Filter::Module for a description of the provided instance methods.
SEE ALSO
Courier::Filter::Module, Courier::Filter::Overview, Mail::SPF::Query.
For AVAILABILITY, SUPPORT, and LICENSE information, see Courier::Filter::Overview.
REFERENCES
- SPF website (Sender Policy Framework)
- <http://spf.pobox.com>
- SPF specification
- <http://spf.pobox.com/spf-draft-200406.txt>
AUTHOR
Julian Mehnle <julian@mehnle.net>