python-spf(1)

NAME

pyspf - pure-Python SPF library

VERSION

2.0.4

DESCRIPTION

SPF does email sender validation. For more information about SPF,
please see http://www.openspf.org/

One incompatible change was introduced in version 1.7. Prior to version 1.7, connections from a local IP address (127...) would always
return a Pass result. The special case was eliminated. Programs calling pySPF should not do SPF checks on locally submitted mail.

This SPF client is intended to be installed on the border MTA, checking if incoming SMTP clients are permitted to forward mail. The SPF check should be done during the MAIL FROM:<...> command.

USAGE

There are two ways to use this package. The first is from the command line::
% python spf.py {ip-addr} {mail-from} {helo}
For instance, during an SMTP exchange from client 69.55.226.139::
S: 220 mail.example.com ESMTP Postfix
C: EHLO mx1.wayforward.net
S: 250-mail.example.com
S: ...
S: 250 8BITMIME
C: MAIL FROM:<terry@wayforward.net>
Then the following command line would check if this is a valid sender:
% ./spf.py 69.55.226.139 terry@wayforward.net mx1.wayfor
ward.net
('pass', 250, 'sender SPF authorized')
Command line calls return RFC 4408 result codes, i.e. 'pass', 'fail',
'neutral', ´softfail, 'permerror', or 'temperror'.
The second way is via the module's APIs.
The legacy (pySPF 1.6) API:
>>> import spf
>>> spf.check(i='69.55.226.139',
... s='terry@wayforward.net',
... h='mx1.wayforward.net')
('pass', 250, 'sender SPF authorized')
The first element in the tuple is one of 'pass', 'fail', 'netural',
'softfail', ´unknown', or 'error'. The second is the SMTP response
status code: 550 for ´fail', 450 for 'error' and 250 for all else. The third is an explanation.
Note: SPF results alone are never sufficient to decide that a message
should be accepted. Accept, reject, or defer decisions are a function of local reciever policy.
The RFC 4408 compliant API:
>>> import spf
>>> spf.check2(i='69.55.226.139',
... s='terry@wayforward.net',
... h='mx1.wayforward.net')
('pass', 'sender SPF verified')
The first element in the tuple is one of 'pass', 'fail', 'neutral',
'softfail, ´permerror', or 'temperror'. The second is an explanation.

RFC 4408 TEST SUITE

The package also installs the python-spf test driver and the current
(as of the release date) YAML (Yet Another Markup Language) RFC 4408
test definitions. As errors or improvements in the test definitions
are approved, they are available from:

<http://www.openspf.org/Test_Suite>

To run the test suite, change the directory the test suite is installed in:

$ cd /usr/share/python-support/python-spf/test

and then run testspf.py:

$ python testspf.py

The test suite supports multiple allowed results with a warning for a
non-preferred result. For the current version, the expected results
are:
WARN: invalid-domain-long in rfc4408-tests.yml, ['8.1/2', '5/10']:
fail
preferred to temperror
WARN: txttimeout in rfc4408-tests.yml, 4.4/1: fail preferred to tem
perror
WARN: spfoverride in rfc4408-tests.yml, 4.5/5: pass preferred to fail WARN: multitxt1 in rfc4408-tests.yml, 4.5/5: pass preferred to perme
rror
WARN: multispf2 in rfc4408-tests.yml, 4.5/6: permerror preferred to
pass

OTHER PROGRAMS

This package also provides two additional helper scripts; type99.py and spfquery.py. The type99.py script will convert DNS TXT strings to a
binary equivalent suitable for use in a BIND zone file. The spfquery.py script is a Python reimplementination of Wayne Schlitt's spfquery command line tool. These scripts are described in pyspftype99(1) and spfquery.pyspf(1) man pages.

SEE ALSO

RFC 4408, <http://www.openspf.org>

AUTHORS

This version of pyspf was written by Terence Way <terry-spf@wayforward.net> and updated by Stuart Gathman <stuart@bmsi.com> and Scott
Kitterman <scott@kitterman.com>.

This man-page was created by Scott Kitterman <scott@kitterman.com>.

2007-12-07 python-spf(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Index | Man stránky | tLDP | Dokumenty | Utilitky | O projekte
Design by styleshout