GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  ENMA (1)

NAME

enma - A milter program for domain authentication technologies

CONTENTS

Synopsis
Description
Options
Configuration File
Log
Example Of Log
Description Of Log Item
Score

SYNOPSIS

enma [-cvh] [-o key=value]

DESCRIPTION

enma is a program of domain authentication technologies. It authenticates message senders with SPF, Sender ID, DKIM and/or DKIM ADSP and inserts the Authentication-Results: field with authentication results.

Configurations have order of preference as follows:

  1. The command line options
  2. The configuration file
  3. The default values

OPTIONS

-h Displays available options.
-v Verbose mode.
-c filename
  Specifies a configuration file.
-o key=value
  Specifies configuration below.

CONFIGURATION FILE

Each line is in the format of "key:value". Spaces between "key:" and "value" are ignored. Lines begging with ’#’ and empty lines are ignored. If there is no configuration of a given "key:", its default value is used. Absolute paths must be used when specified.
milter.verbose (-v)
  If true, log is recorded in detail. (Default value: false)
milter.conffile (-c)
  Specifies the path to the configration file. If ommited, no configuration file is read and the default values are used. The -c option should be used usually instead. (Default value: no value)
milter.user
  Specifies a user name. If not specified, the user name of execution is used. This is typically used to step down the user authority of enma executed in a start-up script. (Default value: no value)
milter.pidfile
  Specify the path to the PID file. If milter.user is specified, the PID file is written as the user. So, appropriate permission should be given to the directory. (Default value: /var/run/enma/enma.pid)
milter.chdir
  Specified a working directory after execution. If ommited, nothing happens. (Default value: no value)
milter.socket
  Specifies socket type of milter communication from MTA. Choose one of the followings:
  1. inet:<port number>@<IP adddress or hostname>
  2. unix:<a path to UNIX domain socket>
For more information, refer to "cf/README" contained in the Sendmail package. (Default value: inet:10025@127.0.0.1)
milter.timeout
  Specifies timeout of milter communication with MTA in seconds. (Default value: 7210)
milter.loglevel
  Specifies log level of libmilter (not enma). This should be used for debugging purpose. For more information, please refer to "libmilter/docs/smfi_setdbg.html" in the Sendmail package. (Default value: 0)
milter.sendmail813
  If the version of Sendmail is 8.13 or earlier, specify "true", Otherwise, specify "false". (Default value: false)
milter.postfix
  If true, MTA is Postfix. If false, MTA is Sendmail. (Default value: false)
syslog.ident
  Specified an identifier labeled to syslog messages. (Default value: enma)
syslog.facility
  Specifies facility of syslog. (Default value: local4)
syslog.logmask
  Specifies mask of syslog. Messages which level is over this value are printed to syslog. Usually "info" should be specified. (Default value: info)
common.exclusion_addresses
  Specifies IP address ranges which are exception of domain authentication. If the source IP address of the peer matches the ranges, domain authentication process is omitted. Multiple ranges can be enumerated with the comma separator. (Default value: 127.0.0.1,::1)
spf.auth
  If true, SPF authentication is processed. (Default value: true)
spf.explog
  If true, the "exp" modifier is evaluated in the case where SPF authentication result is "hardfail". For more information about the "exp" modifier, refer to Section 6.2 of RFC4408. (Default value: true)
sidf.auth
  If true, Sender ID authentication is processed. (Default value: true)
sidf.explog
  If true, the "exp" modifier is evaluated in the case where Sender ID authentication result is "hardfail". For more information about the "exp" modifier, refer to Section 6.2 of RFC4408. (Default value: true)
dkim.auth
  If true, DKIM authentication is processed. (Default value: true)
dkim.signheader_limit
  Specifies a limit number of the DKIM-Signature: fields. They are evaluated from the top, and are ignored if the number reaches the limit. (Default value: 10)
dkim.accept_expired_signature
  If true, expired DKIM signatures are treated as valid. This value should be false in normal case. (Default value: false)
dkimadsp.auth
  If turu, DKIM ADSP check is processed. (Default value: true)
authresult.identifier
  Specifies the hostname to identity the Authentication-Results: field. If the Authentication-Results: field which has the same identifier exists, the entire field is removed. Also, this identifier is used when the Authentication-Results: field is inserted to record authentication result. (Default value: localhost)

LOG

Log is recored to syslog. facility and mask of syslog are specified with "syslog.facility" and "syslog.logmask", respectively.

EXAMPLE OF LOG

The case where authentication process was normally done:
[m75AKEOh009630] [SPF-auth] ipaddr=192.168.1.1, eval=smtp.mailfrom, helo=example.jp, envfrom=<user@example.jp>, score=pass
[m75AKEOh009630] [SIDF-auth] ipaddr=192.168.1.1, header.From=user@example.jp, score=pass
[m75AKEOh009630] [DKIM-auth] header.i=user@example.jp, score=pass
[m75AKEOh009630] [DKIM-ADSP-auth] header.from=user@example.jp, score=pass

The case where authentication process was skipped because of lack of authentication information:

[m75AKEOh009630] [SPF-auth] score=permerror
[m75AKEOh009630] [SIDF-auth] score=permerror
[m75AKEOh009630] [DKIM-auth] score=permerror
[m75AKEOh009630] [DKIM-ADSP-auth] score=permerror

The case where no signature exists:

[m75AKEOh009630] [DKIM-auth] score=none

DESCRIPTION OF LOG ITEM

Common
[m75AKEOh009630]
  Queue ID to identify SMTP transaction labeled by MTA
[SIDF-auth], [SPF-auth], [DKIM-auth], [DKIM-ADSP-auth]
  These indicates Sender ID, SPF, DKIM, DKIM ADSP, respectively.
ipaddr=192.168.1.1
  The IP address of the sender
score=pass
  Score of authentication result
SPF
eval=smtp.mailfrom
  Which authentication information was used, either MAIL FROM or EHLO/HELO.
helo=example.jp
  EHLO/HELO provided by the sender
envfrom=<user@example.jp>
  MAIL FROM provided by the sender
Sender ID
header.From=user@example.jp
  The field name and the mail address used for authentication.
DKIM
header.i=user@example.jp
  The mail address or domain of a signer.
DKIM ADSP
header.From=user@example.jp
  The field name and the mail address used for authentication.

SCORE

See RFC5451.
Search for    or go to Top of page |  Section 1 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.