GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ENMA(1) FreeBSD General Commands Manual ENMA(1)

enma
A milter program for domain authentication technologies

enma [
-cvh
] [
-o key=value
]

enma is a program of domain authentication technologies. It authenticates message senders with SPF, Sender ID, DKIM and/or DKIM ADSP and inserts the Authentication-Results: field with authentication results.
Configurations have order of preference as follows:
  1. The command line options
  2. The configuration file
  3. The default values

Displays available options.
Verbose mode.
filename
Specifies a configuration file.
key=value
Specifies configuration below.

Each line is in the format of "key:value". Spaces between "key:" and "value" are ignored. Lines begging with '#' and empty lines are ignored. If there is no configuration of a given "key:", its default value is used. Absolute paths must be used when specified.
milter.verbose (-v)
If true, log is recorded in detail. (Default value: false)
milter.conffile (-c)
Specifies the path to the configration file. If ommited, no configuration file is read and the default values are used. The -c option should be used usually instead. (Default value: no value)
milter.user
Specifies a user name. If not specified, the user name of execution is used. This is typically used to step down the user authority of enma executed in a start-up script. (Default value: no value)
milter.pidfile
Specify the path to the PID file. If milter.user is specified, the PID file is written as the user. So, appropriate permission should be given to the directory. (Default value: /var/run/enma/enma.pid)
milter.chdir
Specified a working directory after execution. If ommited, nothing happens. (Default value: no value)
milter.socket
Specifies socket type of milter communication from MTA. Choose one of the followings:
  1. inet:<port number>@<IP adddress or hostname>
  2. unix:<a path to UNIX domain socket>
For more information, refer to "cf/README" contained in the Sendmail package. (Default value: inet:10025@127.0.0.1)
milter.timeout
Specifies timeout of milter communication with MTA in seconds. (Default value: 7210)
milter.loglevel
Specifies log level of libmilter (not enma). This should be used for debugging purpose. For more information, please refer to "libmilter/docs/smfi_setdbg.html" in the Sendmail package. (Default value: 0)
milter.sendmail813
If the version of Sendmail is 8.13 or earlier, specify "true", Otherwise, specify "false". (Default value: false)
milter.postfix
If true, MTA is Postfix. If false, MTA is Sendmail. (Default value: false)
syslog.ident
Specified an identifier labeled to syslog messages. (Default value: enma)
syslog.facility
Specifies facility of syslog. (Default value: local4)
syslog.logmask
Specifies mask of syslog. Messages which level is over this value are printed to syslog. Usually "info" should be specified. (Default value: info)
common.exclusion_addresses
Specifies IP address ranges which are exception of domain authentication. If the source IP address of the peer matches the ranges, domain authentication process is omitted. Multiple ranges can be enumerated with the comma separator. (Default value: 127.0.0.1,::1)
spf.auth
If true, SPF authentication is processed. (Default value: true)
spf.explog
If true, the "exp" modifier is evaluated in the case where SPF authentication result is "hardfail". For more information about the "exp" modifier, refer to Section 6.2 of RFC4408. (Default value: true)
sidf.auth
If true, Sender ID authentication is processed. (Default value: true)
sidf.explog
If true, the "exp" modifier is evaluated in the case where Sender ID authentication result is "hardfail". For more information about the "exp" modifier, refer to Section 6.2 of RFC4408. (Default value: true)
dkim.auth
If true, DKIM authentication is processed. (Default value: true)
dkim.signheader_limit
Specifies a limit number of the DKIM-Signature: fields. They are evaluated from the top, and are ignored if the number reaches the limit. (Default value: 10)
dkim.accept_expired_signature
If true, expired DKIM signatures are treated as valid. This value should be false in normal case. (Default value: false)
dkimadsp.auth
If turu, DKIM ADSP check is processed. (Default value: true)
authresult.identifier
Specifies the hostname to identity the Authentication-Results: field. If the Authentication-Results: field which has the same identifier exists, the entire field is removed. Also, this identifier is used when the Authentication-Results: field is inserted to record authentication result. (Default value: localhost)

Log is recored to syslog. facility and mask of syslog are specified with "syslog.facility" and "syslog.logmask", respectively.

The case where authentication process was normally done:
[m75AKEOh009630] [SPF-auth] ipaddr=192.168.1.1, eval=smtp.mailfrom, helo=example.jp, envfrom=<user@example.jp>, score=pass 
[m75AKEOh009630] [SIDF-auth] ipaddr=192.168.1.1, header.From=user@example.jp, score=pass 
[m75AKEOh009630] [DKIM-auth] header.i=user@example.jp, score=pass 
[m75AKEOh009630] [DKIM-ADSP-auth] header.from=user@example.jp, score=pass
The case where authentication process was skipped because of lack of authentication information:
[m75AKEOh009630] [SPF-auth] score=permerror 
[m75AKEOh009630] [SIDF-auth] score=permerror 
[m75AKEOh009630] [DKIM-auth] score=permerror 
[m75AKEOh009630] [DKIM-ADSP-auth] score=permerror
The case where no signature exists:
[m75AKEOh009630] [DKIM-auth] score=none

Common
[m75AKEOh009630]
Queue ID to identify SMTP transaction labeled by MTA
[SIDF-auth], [SPF-auth], [DKIM-auth], [DKIM-ADSP-auth]
These indicates Sender ID, SPF, DKIM, DKIM ADSP, respectively.
ipaddr=192.168.1.1
The IP address of the sender
score=pass
Score of authentication result
SPF
eval=smtp.mailfrom
Which authentication information was used, either MAIL FROM or EHLO/HELO.
helo=example.jp
EHLO/HELO provided by the sender
envfrom=<user@example.jp>
MAIL FROM provided by the sender
Sender ID
header.From=user@example.jp
The field name and the mail address used for authentication.
DKIM
header.i=user@example.jp
The mail address or domain of a signer.
DKIM ADSP
header.From=user@example.jp
The field name and the mail address used for authentication.

See RFC5451.
April 3, 2009

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.