global::spf

Implementation of the Sender Policy Framework (SPF), described by RFC 4408. (https://www.ietf.org/rfc/rfc4408.txt)

fn check

fn check() -> Status
fn check(params: Map) -> Status
Check spf record following the Sender Policy Framework (RFC 7208). see
  • a map composed of the following parameters:
    • header - The header(s) where the spf results will be written. Can be “spf”, “auth”, “both” or “none”. (default: “both”)
    • policy - Degrees of flexibility when getting spf results. Can be “strict” or “soft”. (default: “strict”) A “soft” policy will let softfail pass while a “strict” policy will return a deny if the results are not “pass”.
  • deny(code550_7_23 | code550_7_24) - an error occurred during lookup. (returned even when a softfail is received using the “strict” policy)
  • next() - the operation succeeded.

mail and onwards.

  • The header argument is not valid.
  • The policy argument is not valid.

spf::check only checks for the sender’s identity, not the helo value.

    mail: [
       rule "check spf" || spf::check(),
    ]
}

    mail: [
        // if this check succeed, it wil return `next`.
        // if it fails, it might return `deny` with a custom code
        // (X.7.24 or X.7.25 for example)
        //
        // if you want to use the return status, just put the spf::check
        // function on the last line of your rule.
        rule "check spf 1" || {
            log("debug", `running sender policy framework on ${ctx::mail_from()} identity ...`);
            spf::check(#{ header: "spf", policy: "soft" })
        },

        // policy is set to "strict" by default.
        rule "check spf 2" || spf::check(#{ header: "both" }),
    ],
}


fn check_raw

fn check_raw() -> Map
WARNING: Low level API, use `spf::check` instead if you do not need to peek inside the spf result data.

Check spf record following the Sender Policy Framework (RFC 7208). see https://datatracker.ietf.org/doc/html/rfc7208

  • map - the result of the spf check, contains the result, mechanism and problem keys.

mail and onwards.

spf::check only checks for the sender’s identity, not the helo value.

#{
    mail: [
       rule "check spf relay" || {
            const spf = spf::check_raw();

            log("info", `spf results: ${spf.result}, mechanism: ${spf.mechanism}, problem: ${spf.problem}`)
        },
    ]
}