Sender Permitted From (SPF) checks via MIMEDefang

A new protocol is under development to stop forged e-mail distributed by spammers and malware: Sender Permitted From (SPF). Under SPF, Domain Name System (DNS) queries are made by a Simple Mail Transport Protocol (SMTP) server to determine whether the sending host is allowed to distribute e-mail for the domain of the sender in question. This will prevent spammers and malware from forging messages from non-listed addresses on the Internet for domains that publish and mail servers that check SPF records.

Domain administrators should configure SPF records for domains under their control. To check SPF records for a particular domain, use a DNS lookup tool such as host(1).

$ host -t txt sial.org
sial.org text "v=spf1 a mx mx:gs.washington.edu -all"

This page documents how to configure MIMEDefang to use the Mail::SPF::Query perl module to check whether a sending server is a valid outgoing e-mail host for the domain in question.

SPF is under development, as are these notes.

The following code logs the results of SPF lookups for e-mail. It assumes Mail::SPF::Query has been installed on the system in question, that filter_sender support has been enabled in the startup configuration file for MIMEDefang, and that logging from MIMEDefang via syslog is enabled.

use Mail::SPF::Query;

sub filter_sender {
my ($sender, $ip, $hostname, $helo) = @_;

check_spf(ip => $ip, sender => $sender, helo => $helo);

return 'CONTINUE', 'ok';
}

# lookup, log SPF results
sub check_spf {
eval {
my $spfq = Mail::SPF::Query->new(@_);

my ($result, $smtp_comment, $header_comment) = $spfq->result();
if ($result eq 'pass' or $result eq 'fail') {
md_syslog 'info', "$QueueID: SPF implemented=yes, result=$result, ?
smtp_comment=$smtp_comment, header_comment=$header_comment";
} else {
my ($result, $smtp_comment, $header_comment) = $spfq->best_guess();
$smtp_comment ||= '';
$header_comment ||= '';
md_syslog 'info', "$QueueID: SPF implemented=no, result=$result, ?
smtp_comment=$smtp_comment, header_comment=$header_comment";
}
};

if ($@) {
chomp $@;
md_syslog 'warning', "$QueueID: SPF error: $@";
}
}