spfmilter - SPF mail filter module

Fetch the software. Release notes.
This software is still in beta test. Use at your own risk. Current status:

spfmilter 0.97
  • No known issues with the milter itself.
libspf v1.0.0-p3
  • Does not implement MX mode.
  • Takes much too long on most connections, to the point where it's not usable on a busy system because of the hundreds of sendmail processes waiting around for an answer.
  • Some problem with double-freeing memory.
v1.0-RC6-pre6
  • The --trustedforwarders flag seems to cause all results to come back as "unknown".
  • Does not implement MX mode.
  • Otherwise stable.
libspf2 1.2.5
  • Port in progress (23dec2005).
1.0.4
  • Mutex-related crashes on the order of once every week or two.
  • Slow memory leak - 10 MB / week or so.

A note on version numbers. There is another site which distributes spfmilter packages with 1.0.x versions numbers. You might be tempted to think that since the version numbers are numerically higher, those packages are the most up to date. Wrong. The 1.0.x series are unauthorized copies of old versions from here. Their version numbers were changed for political reasons, not engineering reasons. Those versions should be ignored.

Because of this issue, there will never be a legitimate 1.x version of spfmilter. If the libraries ever get stable enough to merit a non-beta release of spfmilter, my intention is to call it 2.0.


Sendmail includes a facility for plugging in custom mail filters, called milters. It's documented here. Spfmilter implements the Sender Policy Framework (SPF) as a milter, using either the libspf or libspf2 libraries.

The idea of SPF is to prevent email forgery. Each participating site sets up a little definition of which hosts are allowed to send mail claiming to be from that site. When another site receives mail, it checks the permitted-senders definition for the originating site. If the check fails, the mail is rejected.

Setting up the permitted-senders definition is very easy, you go to the SPF Wizard and fill out a little form, then put the resulting string into your DNS records. This milter implements the second half of SPF, checking the mail you receive against other sites' SPF records.


Mailing Lists

Are you using spfmilter? There's a mailing list: spfmilter@mail.acme.com (spfmilter-request@mail.acme.com to subscribe). And an announcements-only mailing list: spfmilter-announce@mail.acme.com (spfmilter-announce-request@mail.acme.com to subscribe). Anything send to the announcements list also goes to the regular list, so you don't need to be on both.


Release Notes

Version 0.99, 14aug2014:

Version 0.98, 16jul2014:

Version 0.97, 20jun2005:

Version 0.96, 26apr2005:

Version 0.95, 26sep2004:

Version 0.94, 10sep2004:

Version 0.93, 07aug2004:

Version 0.92, 05aug2004:

Version 0.91, 05aug2004:

Version 0.90, 30jul2004:

Version 0.86, 15jul2004:

Version 0.85, 15jul2004:

Version 0.80, 11jul2004:

Version 0.50, 19jun2004:

Version 0.10, 31may2004:


Installation

This is very abbreviated, intended mainly as a reminder for those who have worked with milters before. If it's your first milter, you should look on the web for more thorough documentation. Also, these instructions are pretty specific to FreeBSD, and will have to be adapted for other OSs.

  1. Make sure your sendmail is compiled with the MILTER option. (Starting with version 8.13 this is enabled by default.) You can use this command to check:
    
    sendmail -d0.1 -bt < /dev/null | grep MILTER
            
    If you don't see MILTER in the compilation options, you will have to re-build sendmail.
  2. Fetch, build, and install either libspf or libspf2. If you use libspf be sure to configure with the "--enable-pthreads" option.
  3. Build and install the spfmilter executable, by doing a './configure ; make ; make install'.
  4. Edit your sendmail.mc and add a mail filter macro, for example:
    
    INPUT_MAIL_FILTER(`spfmilter',`S=unix:/var/run/spfmilter.sock, T=S:8m;R:8m')
            
    Rebuild and install sendmail.cf.
  5. Run spfmilter, with the same socket argument you used in sendmail.mc:
    
    # spfmilter unix:/var/run/spfmilter.sock
            
  6. Stop and re-start sendmail.
  7. Look in /var/log/maillog for messages from spfmilter.
  8. When you've verified that it's working, add lines to your /etc/rc.conf so it starts up at boot time:
    
    spfmilter_enable="YES"
    spfmilter_flags="-t"
    spfmilter_socket="unix:/var/run/spfmilter.sock"
            

Other SPF Milters


See also: sfcmilter, blackmilter, graymilter, sample_milter.
Sender ID.
ACME Labs / Software / spfmilter
email