|  | 
  
    |  | 
  
    |  | 
  
    | 
 | 
  
    | 
      
        | spfaction |  
        | Description: Define how to react to various SPF results 
 Contents: Inside this file place a single digit between 0 and 7.
 
 Type: Integer
 Default: 1 (enabled)
 
 Below describes the behaviour of these digits:
 
 0: disabled
 1: enabled (only prepends headers, and only if spfheaderstate == 1)
 2: REJECT: fail; ACCEPT: pass, none, softfail, error, netural, unknown;
 3: REJECT: fail, softfail; ACCEPT: pass, none, error, netural, unknown;
 4: REJECT: fail, softfail, neutral; ACCEPT: pass, none, error, unknown;
 5: REJECT: fail, softfail, neutral, none; ACCEPT: pass, error, unknown;
 6: REJECT: fail, softfail, neutral, none, error; ACCEPT: pass, unknown;
 7: REJECT: fail, softfail, neutral, none, error, unknown; ACCEPT: pass;
 
 
 |  
        |  |  
        | Running higher than 2 or 3 will definitely result in a loss of email.
          Consult the Adoption role at http://spftools.net and see the number of
          SPF records that are parsed incorrectly, so be careful. |  | 
  
    | 
 | 
  
    | 
      
        | spftarpit |  
        | Description:  Tarpit or 'latch-on' to a client you don't like 
 0 (default) = disable tarpitting
 1 (enabled) = enable tarpitting
 
 Type: Integer (time in seconds)
 Default: 0 (off)
 
 Tarpitting happens based on the above set spfaction.  If the action 
          was set to 2, then upon a softfail the process would sleep x seconds
          and then call quit (where x is the value of spftarpittime or the
          default 60)
 
 
 |  
        |  |  
        | I suggest you use this with caution, perhaps only enabling it on
          FAIL which is something that can only happen when an SPF rule is
          supplied, and some how the connecting client violates the policy.
          You have been warned.  This could quite EASILY LEAD TO YOUR SERVER
          BEING DOSSED BY SOME TURD.  DO NOT BLAME ME, DEFAULT IS OFF.
          CONSIDER YOUR SELF WARNED. |  | 
  
    | 
 | 
  
    | 
      
        | spftarpittime |  
        | Description:  How long to tarpit a client Type: Integer (time in seconds)
 
 
 |  
        |  |  
        | Not too short, or its pointless, but not too long or you'll be clientless |  | 
  
    | 
 | 
  
    | 
      
        | spfexplainstate |  
        | Description:  Enable or Disable giving of 'SPF Explanations' 
 Type: Integer
 Default: 0 (off)
 
 When set to 1, explanations will be automatically printed out after any SPF
          query excluding SPF_PASS.  This information is designed to be informative and
          helpful to a user who has just likely had his or her email rejected.  See the
          above 'spfexplain' to define your own string to use instead.  The default value
          exists within libSPF, so creating the control file is only necessary if you
          wish to change this value.
 
 
 |  
        |  |  
        | When set to 0, explanations are not appended. |  | 
  
    | 
 | 
  
    | 
      
        | spfexplanation |  
        | Description:  Explanation to provide client in any event result but SPF_PASS 
 Type: String
 
 This string (can include macros) is expanded and sent to the client for every    
          result case excluding pass.  The default value exists within libspf, so creating 
          the control file is only necessary if you wish to change this
          value.
 
 
 |  
        | 
          
            | Default: See http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=%{xR} |  |  
        | When set to 0, explanations are not appended. |  | 
  
    | 
 | 
  
    | 
      
        | spftrustedstate |  
        | Description:  Enable or Disable SPF Trusted Forwarder mode 
 Type: Integer
 
 When set to 1, libspf will attempt to contact the site contained within that text,
          which would be ideally a whitelisting site (anything can really go there, but this
          particular file is here specifically to handle larger whitelisting services) that
          would be contacted in the event an SPF query returns NONE.  The default value exists
          within libspf, so creating the control file is only necessary if you wish to change
          this value.
 
 
 |  
        |  |  
        | This is a great way to get around any hosts who refuse to publish!  Simply
        publish for them in your own local DNS server, or you can make use of the the real
        "Trusted Forwarder" service which has many well known "non-SPF-publishing" sites
        already.  http://trusted-forwarder.org |  | 
  
    | 
 | 
  
    | 
      
        | spftrustedforwarder |  
        | Description:  Define your Trusted Forwarder SPF Query 
 Type: String
 
 This string (can include macros) is expanded and is used in the event that a 
          connecting client's query results in NONE (no SPF record published).  libSPF
          will then (if enabled) attempt to contact trusted-forwarder.org (default) which
          is a global whitelisting system. You can add additional sites, or provide your
          own.  The default value exists withinlibSPF, so creating the control file is
          only necessary if you wish to change this value
 
 
 |  
        | 
          
            | Default: v=spf1 include:spf.trusted-forwarder.org |  |  
        | Its VERY important that this string end with a SPACE at the end!
          Failure to do so will likely result in parse failures. |  | 
  
    | 
 | 
  
    | 
      
        | spfguessstate |  
        | Description:  Enable or Disable SPF Best Guess mode 
 Type: Integer
 
 When an SPF query fails, and then subsequently a trusted forwarder query possibly fails,
            libspf will attempt to perform a "best guess" query using a default string which can
            be redefined using the 'spfguess' control file.  The default value exists within libspf,
            so creating the control file is only necessary if you wish to change
            this value.
 
 
 |  
        |  |  
        |  |  | 
  
    | 
 | 
  
    | 
      
        | spfbestguess |  
        | Description:  Define your Best Guess SPF Query 
 Type: String
 
 This query is looked up in an attempt to make a guess against the user in the event
          no record is found and the trusted forwarder lookup fails.  The default value exists
          within libspf, so creating the control file is only necessary if you wish to change
          this value.
 
 
 |  
        | 
          
            | Default: v=spf1 a/24 mx/24 ptr |  |  
        | Its VERY important that this string end with a SPACE at the end!
          Failure to do so will likely result in parse failures. |  | 
  
    | 
 | 
  
    | 
      
        | spfheaderstate |  
        | Description:  Enable or Disable Received-SPF: header prepending 
 Type: Integer
 
 When set to 1, libspf will pre-pend "Received-SPF:" headers as per the SPF RFC
          Internet Draft.  This are useful for third party applications such as SpamAssassin,
          and even email clients capable of parsing headers to know where to
          filter email to.
 
 
 |  
        |  |  
        | You should leave this ON.  Failure to pre-pend Received-SPF: headers will nullify
        any possible benefit had through 3rd party Anti-Spam implementations such as SpamAssassin
        which will look at headers and evaluate them based on their content.  It should be noted
        however, that SpamAssassin (unless someone intentionally does this) will only
        consider FAIL messages, because to do otherwise would be stupid.  Spammers would
        simply tag their own messages with Received-SPF: pass messages :-) 
 |  | 
  
    | 
 | 
  
    | 
      
        | spfdebugstate |  
        | Description:  Enable or Disable libSPF debugging 
 Type: Integer
 
 When set to anything above 0 this will enable debugging in libSPF (provided that
          when you configured libSPF you supplied --enable-debug).  To learn more about how
          debugging works in libSPF please read the "Debugging libSPF" PDF or TXT that
          accompanied your distribution or see the on-line version at:
          
          http://libspf.org/debugging_libspf.html.
 
 
 |  
        |  |  
        | It should be noted that Autoconf enables _SPF_DEBUG_LOGFILE by default, and the
          only way to disable this (to get deubgging to show up on STDOUT) is to manually
          edit the Makefile and comment out or remove the _SPF_DEBUG_LOGFILE macro leaving
          only _SPF_DEBUG. |  |