SPF is a mechanism whereby a domain may assert which IP addresses may transmit
messages with its domain in the envelope from, documented by RFC 7208.
-For more information on SPF see &url(http://www.openspf.org).
-. --- 2018-09-07: still not https
+For more information on SPF see &url(http://www.open-spf.org), a static copy of
+the &url(http://openspf.org).
+. --- 2019-10-28: still not https, open-spf.org is told to be a
+. --- web-archive copy of the now dead openspf.org site
+. --- See https://www.mail-archive.com/mailop@mailop.org/msg08019.html for a
+. --- discussion.
Messages sent by a system not authorised will fail checking of such assertions.
This includes retransmissions done by traditional forwarders.
message = $sender_host_address is not allowed to send mail from \
${if def:sender_address_domain \
{$sender_address_domain}{$sender_helo_name}}. \
- Please see http://www.openspf.org/Why?scope=\
+ Please see http://www.open-spf.org/Why?scope=\
${if def:sender_address_domain {mfrom}{helo}};\
identity=${if def:sender_address_domain \
{$sender_address}{$sender_helo_name}};\
"Best-guess". Strictly speaking, "Best-guess" is not standard
SPF, but it is supported by the same framework that enables SPF
capability.
-Refer to &url(http://www.openspf.org/FAQ/Best_guess_record)
+Refer to &url(http://www.open-spf.org/FAQ/Best_guess_record)
for a description of what it means.
-. --- 2018-09-07: still not https:
+. --- 2019-10-28: still not https:
To access this feature, simply use the spf_guess condition in place
of the spf one. For example:
DEBUG(D_receive) debug_printf("spf: SPF_server_new() failed.\n");
return FALSE;
}
+ /* Quick hack to override the outdated explanation URL.
+ See https://www.mail-archive.com/mailop@mailop.org/msg08019.html */
+ SPF_server_set_explanation(spf_server, "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}", &spf_response);
+ if (SPF_response_errcode(spf_response) != SPF_E_SUCCESS)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", SPF_strerror(SPF_response_errcode(spf_response)));
+
return TRUE;
}
1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=pass smtp.mailfrom=example.com
1999-03-02 09:44:33 spf_result neutral (guess <yes>)
1999-03-02 09:44:33 spf_header_comment myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com
-1999-03-02 09:44:33 spf_smtp_comment Please see http://www.openspf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
+1999-03-02 09:44:33 spf_smtp_comment Please see http://www.open-spf.org/Why?id=b%40test.example.com&ip=ip4.ip4.ip4.ip4&receiver=myhost.test.ex : Reason: mechanism
1999-03-02 09:44:33 spf_received Received-SPF: neutral (myhost.test.ex: ip4.ip4.ip4.ip4 is neither permitted nor denied by domain of test.example.com) client-ip=ip4.ip4.ip4.ip4; envelope-from=b@test.example.com; helo=testclient;
1999-03-02 09:44:33 Authentication-Results: myhost.test.ex;\n spf=neutral (best guess record for domain) smtp.mailfrom=test.example.com
1999-03-02 09:44:33 H=(testclient) [ip4.ip4.ip4.ip4] F=<b@test.example.com> rejected RCPT <fred@test.ex>