Skip to content
/ smf-spf Public

It's a lightweight, fast and reliable Sendmail milter that implements the Sender Policy Framework

License

GPL-3.0, Unknown licenses found

Licenses found

GPL-3.0
LICENSE
Unknown
COPYING
14 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jcbf/smf-spf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

279 Commits
.devcontainer
.devcontainer
 
 
.github/workflows
.github/workflows
 
 
docker/rootfs/etc
docker/rootfs/etc
 
 
fedora-centos-systemd
fedora-centos-systemd
 
 
init
init
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.gitpod.Dockerfile
.gitpod.Dockerfile
 
 
.gitpod.yml
.gitpod.yml
 
 
.travis.yml
.travis.yml
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
COPYING
COPYING
 
 
ChangeLog
ChangeLog
 
 
DOCKER.md
DOCKER.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
install.sh
install.sh
 
 
readme
readme
 
 
smf-spf.c
smf-spf.c
 
 
smf-spf.conf
smf-spf.conf
 
 

Repository files navigation

smf-spf

GitHub release Build Status Coverage Status Docker Pulls License

A lightweight, fast and reliable Sendmail/Postfix milter that implements the Sender Policy Framework (RFC 7208).

Features

This project revives and significantly enhances the original abandoned code with:

  • Caches evaluation results for performance
  • Make MAIL and RCPT limits RFC 5321 compliant ( both localpart and domain )
  • Reply codes aligned with RFC 7208
  • Daemonize option via command line
  • Fix SPF_RESULT_TEMPERROR handling
  • fix segfault when server address is unknown
  • Create a test suite and coverage tests
  • Configurable refuse when SPF is none
  • Reject NDR when there is no SPF policy defined
  • Added outbound mail related features
  • Skip evaluation for authenticated users
  • Allow source IP replacement for outbound evaluation
  • Modern Docker support with multi-stage builds
  • Comprehensive test suite with code coverage
  • Active maintenance and security updates

Quick Start

Docker (Recommended)

docker pull underspell/smf-spf:latest
docker run -d -p 8890:8890 --name smf-spf underspell/smf-spf:latest

See DOCKER.md for detailed Docker deployment guide.

From Source

# Install dependencies (Debian/Ubuntu)
sudo apt-get install libmilter-dev libspf2-dev

# Build
make

# Install
sudo make install

# Start the service
sudo /usr/local/sbin/smf-spf

Configuration

Edit /etc/mail/smfs/smf-spf.conf:

# Whitelist internal networks
WhitelistIP 192.168.0.0/16

# SPF Policy
RefuseFail on          # Reject on SPF fail
TagSubject on          # Tag subject on softfail/fail
AddHeader on           # Add Authentication-Results header

# Caching
TTL 1h                 # Cache SPF results for 1 hour

# Socket (for MTA connection)
Socket unix:/var/run/smfs/smf-spf.sock

Integration

Postfix (/etc/postfix/main.cf):

smtpd_milters = unix:/var/run/smfs/smf-spf.sock
non_smtpd_milters = unix:/var/run/smfs/smf-spf.sock

Sendmail (/etc/mail/sendmail.mc):

INPUT_MAIL_FILTER(`smf-spf', `S=unix:/var/run/smfs/smf-spf.sock, F=T, T=S:4m;R:4m;E:10m')dnl

Documentation

Requirements

  • libmilter (from Sendmail)
  • libSPF2 (v1.2.5 or later)
  • pthread support
  • miltertest (optional, for testing)

Support

Contributing

Contributions are welcome! Please read CONTRIBUTING.md for guidelines.

License

This project is licensed under the GNU General Public License v2.0 - see LICENSE for details.

v2.5.1 (2020-11-12)

Full Changelog

Fixed bugs:

  • Config values with spaces are ignore #82
  • Fix travis #84 (jcbf)
  • Added missing commits for skipAuth feature #80 (jcbf)

Full Changelog

v2.5.0 (2020-10-04)

Implemented enhancements:

  • Allow logging to file without syslog #69
  • Implement SpikAuth and SkipNDR#75 (jcbf) Skip Authenticated users when configured to do so. Similar to empty users.
  • Changed tests location #78 (jcbf)

Fixed bugs:

  • ClientIPNat will not work if FixedIP is set. #76

v2.4.5 (2020-07-16)

Implemented enhancements:

  • Feature/client ipnat #74 (jcbf) ClientIPNAT allows IP address translation of the connecting IP. This is particularly useful when you have internal email flows and still, have an SPF evaluation.
  • use application name in syslog #67

v2.4.4 (2020-06-21)

Implemented enhancements:

  • Docker image improvments
  • Misc fixes #72 (jcbf)
  • Log to file #71 (jcbf)
  • specfile and patches for building on Fedora and CentOS Linux #70 (mikaku)
  • Get daemon name from cmd line as requested in #67 #68 (jcbf)

v2.4.3 (2020-03-25)

Full Changelog

Implemented enhancements:

  • Make SPF evaluation with a fixed IP #65
  • Disable localpart size check #52

Fixed bugs:

  • Typos #55
  • smf-spf -f does not override config file value Daemonize #62

Merged pull requests:

v2.4.2 (2018-07-18)

Full Changelog between 2.4.1 and 2.4.2

Implemented enhancements:

  • Fix codewarnings #54 (jcbf)
  • Only domain size is checked #50

Merged pull requests:

  • Allow relaxed localpart size verification #53 (jcbf)

Unreleased Changes

v2.4.1 (2018-04-19)

Full Changelog between 2.4.0 and 2.4.1

Implemented enhancements:

  • Reject bounces when there is no SPF policy defined #46
  • Reject messages with an empty sender #49 (jcbf)
  • Add SPF result on log #48 (jcbf)

Merged pull requests:

  • Check for the localpart size. #51 (jcbf)

v2.4.0 (2018-02-08)

Full Changelog

Implemented enhancements:

  • Configurable refuse when SPF is none #42 (jcbf)
  • Configurable hostname #40 (jcbf)

Fixed bugs:

  • WhitelistTo should accept message #37
  • WhitelistTo should return SMFIS_ACCEPT #38 (jcbf)

Closed issues:

  • Possible issue reporting Fail string in sendmail reject message #33

Merged pull requests:

v2.3.1 (2017-11-07)

Full Changelog

Implemented enhancements:

  • Allow Received-SPF header back. #32 (jcbf)

Fixed bugs:

  • Reply codes aligned with RFC #34 (jcbf)

Merged pull requests:

v2.3 (2016-11-30)

Full Changelog

Implemented enhancements:

  • Create a test suite #17
  • Add debug output to test script #24 (jcbf)

Merged pull requests:

v2.2 (2016-11-03)

Full Changelog

Fixed bugs:

  • fix segfault when server address is unknown #21 (Milek7)

Merged pull requests:

  • don't include <> characters in Authentication-Results header #20 (Milek7)

v2.1.1 (2016-09-21)

Full Changelog

Implemented enhancements:

  • handle SPF_RESULT_TEMPERROR result #14

Fixed bugs:

  • Uncompilable release #19

Closed issues:

  • Make a release #10

v2.1.0 (2016-09-19)

Full Changelog

v2.2.0 (2016-09-19)

Implemented enhancements:

  • Refuse messages with softfail #8
  • MAIL and RCPT limits are not RFC compliant #4
  • mail-filter/smf-spf-2.0.2 patches #1
  • daemonize option via command line #7 (jcbf)
  • * Bumped version #6 (jcbf)
  • Debian init #3 (whyscream)
  • Add support for daemonisation in config file #2 (whyscream)

Fixed bugs:

  • Fix RFC5321 path limit #5 (jcbf)

Merged pull requests:

  • Support for temperror handling. #18 (jcbf)
  • Fix for #8 #16 (jcbf)
  • Bump version to 2.1.0 #15 (jcbf)
  • Fix version usage #13 (tyranron)
  • One more typo fix for conf.soft_fail property #12 (tyranron)
  • Fix for #8 - Allow softfail when refusing email #9 (jcbf)

* This Change Log was automatically generated by github_changelog_generator

About

It's a lightweight, fast and reliable Sendmail milter that implements the Sender Policy Framework

Topics

c email postfix spf sendmail milter

Resources

Readme

License

GPL-3.0, Unknown licenses found

Licenses found

GPL-3.0
LICENSE
Unknown
COPYING

Code of conduct

Code of conduct
Activity

Stars

14 stars

Watchers

4 watching

Forks

5 forks
Report repository

Releases 13

v2.5.1 Latest
Nov 12, 2020
+ 12 releases

Packages

No packages published

Contributors 6

Languages