DragonFly On-Line Manual Pages
ENMA(1) DragonFly General Commands Manual ENMA(1)
NAME
enma - A milter program for domain authentication technologies
SYNOPSIS
enma [-cvh] [-o key=value]
DESCRIPTION
enma is a program of domain authentication technologies. It authenticates
message senders with SPF, Sender ID, DKIM and/or DKIM ADSP and inserts
the Authentication-Results: field with authentication results.
Configurations have order of preference as follows:
1. The command line options
2. The configuration file
3. The default values
OPTIONS
-h Displays available options.
-v Verbose mode.
-c filename
Specifies a configuration file.
-o key=value
Specifies configuration below.
CONFIGURATION FILE
Each line is in the format of "key:value". Spaces between "key:" and
"value" are ignored. Lines begging with '#' and empty lines are ignored.
If there is no configuration of a given "key:", its default value is
used. Absolute paths must be used when specified.
milter.verbose (-v)
If true, log is recorded in detail. (Default value: false)
milter.conffile (-c)
Specifies the path to the configration file. If ommited, no
configuration file is read and the default values are used. The
-c option should be used usually instead. (Default value: no
value)
milter.user
Specifies a user name. If not specified, the user name of
execution is used. This is typically used to step down the user
authority of enma executed in a start-up script. (Default value:
no value)
milter.pidfile
Specify the path to the PID file. If milter.user is specified,
the PID file is written as the user. So, appropriate permission
should be given to the directory. (Default value:
/var/run/enma/enma.pid)
milter.chdir
Specified a working directory after execution. If ommited,
nothing happens. (Default value: no value)
milter.socket
Specifies socket type of milter communication from MTA. Choose
one of the followings:
1. inet:<port number>@<IP adddress or hostname>
2. unix:<a path to UNIX domain socket>
For more information, refer to "cf/README" contained in the
Sendmail package. (Default value: inet:10025@127.0.0.1)
milter.timeout
Specifies timeout of milter communication with MTA in seconds.
(Default value: 7210)
milter.loglevel
Specifies log level of libmilter (not enma). This should be used
for debugging purpose. For more information, please refer to
"libmilter/docs/smfi_setdbg.html" in the Sendmail package.
(Default value: 0)
milter.sendmail813
If the version of Sendmail is 8.13 or earlier, specify "true",
Otherwise, specify "false". (Default value: false)
milter.postfix
If true, MTA is Postfix. If false, MTA is Sendmail. (Default
value: false)
syslog.ident
Specified an identifier labeled to syslog messages. (Default
value: enma)
syslog.facility
Specifies facility of syslog. (Default value: local4)
syslog.logmask
Specifies mask of syslog. Messages which level is over this
value are printed to syslog. Usually "info" should be specified.
(Default value: info)
common.exclusion_addresses
Specifies IP address ranges which are exception of domain
authentication. If the source IP address of the peer matches the
ranges, domain authentication process is omitted. Multiple ranges
can be enumerated with the comma separator. (Default value:
127.0.0.1,::1)
spf.auth
If true, SPF authentication is processed. (Default value: true)
spf.explog
If true, the "exp" modifier is evaluated in the case where SPF
authentication result is "hardfail". For more information about
the "exp" modifier, refer to Section 6.2 of RFC4408. (Default
value: true)
sidf.auth
If true, Sender ID authentication is processed. (Default value:
true)
sidf.explog
If true, the "exp" modifier is evaluated in the case where Sender
ID authentication result is "hardfail". For more information
about the "exp" modifier, refer to Section 6.2 of RFC4408.
(Default value: true)
dkim.auth
If true, DKIM authentication is processed. (Default value: true)
dkim.signheader_limit
Specifies a limit number of the DKIM-Signature: fields. They are
evaluated from the top, and are ignored if the number reaches the
limit. (Default value: 10)
dkim.accept_expired_signature
If true, expired DKIM signatures are treated as valid. This value
should be false in normal case. (Default value: false)
dkimadsp.auth
If turu, DKIM ADSP check is processed. (Default value: true)
authresult.identifier
Specifies the hostname to identity the Authentication-Results:
field. If the Authentication-Results: field which has the same
identifier exists, the entire field is removed. Also, this
identifier is used when the Authentication-Results: field is
inserted to record authentication result. (Default value:
localhost)
LOG
Log is recored to syslog. facility and mask of syslog are specified with
"syslog.facility" and "syslog.logmask", respectively.
EXAMPLE OF LOG
The case where authentication process was normally done:
[m75AKEOh009630] [SPF-auth] ipaddr=192.168.1.1, eval=smtp.mailfrom, helo=example.jp, envfrom=<user@example.jp>, score=pass
[m75AKEOh009630] [SIDF-auth] ipaddr=192.168.1.1, header.From=user@example.jp, score=pass
[m75AKEOh009630] [DKIM-auth] header.i=user@example.jp, score=pass
[m75AKEOh009630] [DKIM-ADSP-auth] header.from=user@example.jp, score=pass
The case where authentication process was skipped because of lack of
authentication information:
[m75AKEOh009630] [SPF-auth] score=permerror
[m75AKEOh009630] [SIDF-auth] score=permerror
[m75AKEOh009630] [DKIM-auth] score=permerror
[m75AKEOh009630] [DKIM-ADSP-auth] score=permerror
The case where no signature exists:
[m75AKEOh009630] [DKIM-auth] score=none
DESCRIPTION OF LOG ITEM
Common
[m75AKEOh009630]
Queue ID to identify SMTP transaction labeled by MTA
[SIDF-auth], [SPF-auth], [DKIM-auth], [DKIM-ADSP-auth]
These indicates Sender ID, SPF, DKIM, DKIM ADSP, respectively.
ipaddr=192.168.1.1
The IP address of the sender
score=pass
Score of authentication result
SPF
eval=smtp.mailfrom
Which authentication information was used, either MAIL FROM or
EHLO/HELO.
helo=example.jp
EHLO/HELO provided by the sender
envfrom=<user@example.jp>
MAIL FROM provided by the sender
Sender ID
header.From=user@example.jp
The field name and the mail address used for authentication.
DKIM
header.i=user@example.jp
The mail address or domain of a signer.
DKIM ADSP
header.From=user@example.jp
The field name and the mail address used for authentication.
SCORE
See RFC5451.
April 3, 2009