Courier::Filter::Module::SPFout - An outbound SPF filter module for the Courier::Filter framework

0.16

    use Courier::Filter::Module::SPFout;

    my $module = Courier::Filter::Module::SPFout->new(
        match_on            => \@match_on_result_codes,
        default_response    => $default_response_text,

        logger      => $logger,
        inverse     => 0,
        trusting    => 0,
        testing     => 0,
        debugging   => 0
    );

    my $filter = Courier::Filter->new(
        ...
        modules     => [ $module ],
        ...
    );

This class is a filter module class for use with Courier::Filter. It matches a message if the receiving (local) machine's IP address (currently IPv4 only) is not authorized to send mail from the envelope sender's (MAIL FROM) domain according to that domain's DNS SPF (Sender Policy Framework) record. This is outbound SPF checking.

The point of inbound SPF checking is for message submission agents (MSAs, smarthosts) to protect others against forged envelope sender addresses in messages submitted by the MSA's users.

The following constructor is provided:

new(%options): RETURNS Courier::Filter::Module::SPFout

Creates a new SPFout filter module. %options is a list of key/value pairs representing any of the following options:

trusting (DISABLED)

Since outbound SPF checking, as opposed to inbound SPF checking, is applied to trusted (authenticated) messages only, this module cannot be set to be trusting. Also see the description of the CWtrusted property in Courier::Message. Locked to false.

match_on

A reference to an array containing the set of SPF result codes which should cause the filter module to match a message. Possible result codes are CWpass, CWneutral, CWsoftfail, CWfail, CWnone, CWunknown, and CWerror. See the SPF specification for details on the meaning of those. Even if CWerror is listed, an CWerror result will by definition never cause a permanent rejection, but only a temporary one. Defaults to ['fail', 'softfail', 'unknown', 'error'], which complies with the long-term vision of SPF. For the time being, you should probably override this to ['fail', 'unknown', 'error'].

default_response

A string that is to be returned as the match result in case of a match, that is when a message fails the SPF check, if the (alleged) envelope sender domain does not provide an explicit response. SPF macro substitution is performed on the default response, just like on responses provided by domain owners. If undef, the hard-coded default response of Mail::SPF::Query will be used; see new in Mail::SPF::Query for the definition of that. Defaults to undef.

force_response

Instead of merely specifying a default response for cases where the sender domain does not provide an explicit response, you can also specify a response to be used in all cases, even if the sender domain does provide one. This may be useful if you do not want to confuse your own users with 3rd-party provided explanations when in fact they are only dealing with your server not wanting to relay their messages. Defaults to undef. All options of the Courier::Filter::Module constructor (except the trusting option) are also supported. Please see new in Courier::Filter::Module for their descriptions.

See Instance methods in Courier::Filter::Module for a description of the provided instance methods.

Courier::Filter::Module::SPF, Courier::Filter::Module, Courier::Filter::Overview, Mail::SPF::Query.

For AVAILABILITY, SUPPORT, and LICENSE information, see Courier::Filter::Overview.

SPF website (Sender Policy Framework)

<http://spf.pobox.com>

SPF specification

<http://spf.pobox.com/spf-draft-200406.txt>

Julian Mehnle <julian@mehnle.net>