FreeBSD Manual Pages

home | help
NAME
       enma -- A milter	program	for domain authentication technologies

SYNOPSIS
       enma [-cvh] [-o key=value]

DESCRIPTION
       enma  is	 a program of domain authentication technologies. It authenti-
       cates message senders with SPF, Sender ID, DKIM and/or  DKIM  ADSP  and
       inserts the Authentication-Results: field with authentication results.

       Configurations have order of preference as follows:

	     1.	  The command line options
	     2.	  The configuration file
	     3.	  The default values

OPTIONS
       -h      Displays	available options.

       -v      Verbose mode.

       -c filename
	       Specifies a configuration file.

       -o key=value
	       Specifies configuration below.

CONFIGURATION FILE
       Each  line  is  in the format of	"key:value". Spaces between "key:" and
       "value" are ignored. Lines begging with '#' and	empty  lines  are  ig-
       nored.  If  there  is  no  configuration	of a given "key:", its default
       value is	used.  Absolute	paths must be used when	specified.

       milter.verbose (-v)
	       If true,	log is recorded	in detail. (Default value: false)

       milter.conffile (-c)
	       Specifies the path to the configration  file.  If  ommited,  no
	       configuration  file  is	read  and the default values are used.
	       The -c option should be used usually instead.  (Default	value:
	       no value)

       milter.user
	       Specifies  a user name. If not specified, the user name of exe-
	       cution is used. This is typically used to step  down  the  user
	       authority  of  enma  executed  in  a start-up script.  (Default
	       value: no value)

       milter.pidfile
	       Specify the path	to the PID file. If milter.user	is  specified,
	       the PID file is written as the user. So,	appropriate permission
	       should	be   given   to	  the	directory.   (Default	value:
	       /var/run/enma/enma.pid)

       milter.chdir
	       Specified a working  directory  after  execution.  If  ommited,
	       nothing happens.	(Default value:	no value)

       milter.socket
	       Specifies socket	type of	milter communication from MTA.	Choose
	       one of the followings:
		     1.	  inet:<port number>@<IP adddress or hostname>
		     2.	  unix:<a path to UNIX domain socket>
	       For  more  information,	refer  to "cf/README" contained	in the
	       Sendmail	package. (Default value: inet:10025@127.0.0.1)

       milter.timeout
	       Specifies timeout of milter communication with MTA in  seconds.
	       (Default	value: 7210)

       milter.loglevel
	       Specifies  log  level  of  libmilter (not enma).	This should be
	       used for	debugging purpose.  For	more information, please refer
	       to "libmilter/docs/smfi_setdbg.html" in the  Sendmail  package.
	       (Default	value: 0)

       milter.sendmail813
	       If  the version of Sendmail is 8.13 or earlier, specify "true",
	       Otherwise, specify "false". (Default value: false)

       milter.postfix
	       If true,	MTA is Postfix.	If false, MTA  is  Sendmail.  (Default
	       value: false)

       syslog.ident
	       Specified  an  identifier  labeled to syslog messages. (Default
	       value: enma)

       syslog.facility
	       Specifies facility of syslog. (Default value: local4)

       syslog.logmask
	       Specifies mask of syslog.  Messages which level	is  over  this
	       value  are  printed  to syslog. Usually "info" should be	speci-
	       fied. (Default value: info)

       common.exclusion_addresses
	       Specifies IP address ranges which are exception of  domain  au-
	       thentication.  If the source IP address of the peer matches the
	       ranges, domain  authentication  process	is  omitted.  Multiple
	       ranges  can  be	enumerated  with the comma separator. (Default
	       value: 127.0.0.1,::1)

       spf.auth
	       If true,	SPF  authentication  is	 processed.   (Default	value:
	       true)

       spf.explog
	       If  true, the "exp" modifier is evaluated in the	case where SPF
	       authentication result  is  "hardfail".	For  more  information
	       about  the  "exp"  modifier,  refer  to Section 6.2 of RFC4408.
	       (Default	value: true)

       sidf.auth
	       If true,	Sender ID authentication is processed. (Default	value:
	       true)

       sidf.explog
	       If true,	the "exp" modifier is  evaluated  in  the  case	 where
	       Sender ID authentication	result is "hardfail".  For more	infor-
	       mation  about  the  "exp"  modifier,  refer  to	Section	6.2 of
	       RFC4408.	 (Default value: true)

       dkim.auth
	       If true,	DKIM  authentication  is  processed.  (Default	value:
	       true)

       dkim.signheader_limit
	       Specifies  a  limit number of the DKIM-Signature: fields.  They
	       are evaluated from the top,  and	 are  ignored  if  the	number
	       reaches the limit.  (Default value: 10)

       dkim.accept_expired_signature
	       If  true,  expired  DKIM	 signatures are	treated	as valid. This
	       value should be false in	normal case. (Default value: false)

       dkimadsp.auth
	       If turu,	DKIM ADSP check	is processed. (Default value: true)

       authresult.identifier
	       Specifies the hostname to identity the  Authentication-Results:
	       field.  If the Authentication-Results: field which has the same
	       identifier exists, the entire  field  is	 removed.  Also,  this
	       identifier  is  used  when the Authentication-Results: field is
	       inserted	to record authentication result.  (Default value:  lo-
	       calhost)

LOG
       Log  is	recored	 to  syslog. facility and mask of syslog are specified
       with "syslog.facility" and "syslog.logmask", respectively.

EXAMPLE	OF LOG
       The case	where authentication process was normally done:

       [m75AKEOh009630]	[SPF-auth] ipaddr=192.168.1.1, eval=smtp.mailfrom, helo=example.jp, envfrom=<user@example.jp>, score=pass
       [m75AKEOh009630]	[SIDF-auth] ipaddr=192.168.1.1,	header.From=user@example.jp, score=pass
       [m75AKEOh009630]	[DKIM-auth] header.i=user@example.jp, score=pass
       [m75AKEOh009630]	[DKIM-ADSP-auth] header.from=user@example.jp, score=pass

       The case	where authentication process was skipped because  of  lack  of
       authentication information:

       [m75AKEOh009630]	[SPF-auth] score=permerror
       [m75AKEOh009630]	[SIDF-auth] score=permerror
       [m75AKEOh009630]	[DKIM-auth] score=permerror
       [m75AKEOh009630]	[DKIM-ADSP-auth] score=permerror

       The case	where no signature exists:

       [m75AKEOh009630]	[DKIM-auth] score=none

DESCRIPTION OF LOG ITEM
       Common

       [m75AKEOh009630]
	       Queue ID	to identify SMTP transaction labeled by	MTA

       [SIDF-auth], [SPF-auth],	[DKIM-auth], [DKIM-ADSP-auth]
	       These indicates Sender ID, SPF, DKIM, DKIM ADSP,	respectively.

       ipaddr=192.168.1.1
	       The IP address of the sender

       score=pass
	       Score of	authentication result
       SPF

       eval=smtp.mailfrom
	       Which  authentication information was used, either MAIL FROM or
	       EHLO/HELO.

       helo=example.jp
	       EHLO/HELO provided by the sender

       envfrom=<user@example.jp>
	       MAIL FROM provided by the sender
       Sender ID

       header.From=user@example.jp
	       The field name and the mail address used	for authentication.
       DKIM

       header.i=user@example.jp
	       The mail	address	or domain of a signer.
       DKIM ADSP

       header.From=user@example.jp
	       The field name and the mail address used	for authentication.

SCORE
       See RFC5451.

				 Apr 03, 2009			       ENMA(1)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=enma&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
