spfquery - SPF test program
spfquery sender-ip sender-helo envelope-from [local rules] [-v]
spfquery is a test program to allow evaluation of SPF records fetched on demand by means of qmail-smtpd.
spfquery uses the given arguments sender-ip, sender-helo, and envelope-from to perform a DNS SPF TXT lookup and evaluates the results. In addition, ´local-rules´ might be included as local-rules. By means of the (last) option -v a verbose output is provided.
The result of spfquery shows the SPF return codes of the retrieved information after the DNS evaluation. Additionally, the mechanisms and results are displayed as chain of resulting codes. In case the option -v is given, the received DNS SPF TXT records for the analysed domain are shown in raw format to allow further diagnostics.
spfquery and of course qmail-smtpd support all mechanisms defined in RFC 7208, in particular: A/AAAA, IPv4, IPv6, MX, PTR, Exists. Nesting of SPF records - indicated by the commands include: and redirect= - is allowed and the chain is followed. Further, exp(lanation)= is supported.
SPF makes uses of command and explanation qualifiers. Command and explanation characters are: + pass (default), - fail, ~ softfail, ? neutral.
This implementation uses the following additional explanation characters: o none, u unknown, d DNS problem (not used).
Macros (keyword) expansion is supported conforming to RFC 7208.
spfquery provides a brief summary of results for the evaluation: S the sending IP, O the envelope-from address, C the requested domain for lookup, H the HELO/EHLO of the contacted MTA, M the SPF lookup mechanis as explained, I the included domanin for lookup, D the (re)direct to follow, P a potential problem observed. These letters are followed by an equal sign ’=’ and detail the information. R is the lookup result obtained, followed by a colon ’:’.
Additional DNS diagnostic routines are available: dnstxt returns the DNS TXT for host. dnsptr returns the DNS PTR for IP. dnsmxip returns the MTA IPs for domain.
The spfquery program and the SPF integration into s/qmail follows mainly the implementation of Jana Saout (http://www.saout.de/misc/spf/) and is used by permission.
qmail-control(5), qmail-smtpd(8) dnsmxip(8), dnstxt(8).