NAME

SYNOPSIS

DESCRIPTION

Configurations have order of preference as follows:

1. The command line options
2. The configuration file
3. The default values

OPTIONS

-h

Displays available options.

-v

Verbose mode.

-c filename

Specifies a configuration file.

-o key=value

Specifies configuration below.

CONFIGURATION FILE

milter.verbose (-v)

If true, log is recorded in detail. (Default value: false)

milter.conffile (-c)

Specifies the path to the configration file. If ommited, no configuration file is read and the default values are used. The -c option should be used usually instead. (Default value: no value)

milter.user

Specifies a user name. If not specified, the user name of execution is used. This is typically used to step down the user authority of enma executed in a start-up script. (Default value: no value)

milter.pidfile

Specify the path to the PID file. If milter.user is specified, the PID file is written as the user. So, appropriate permission should be given to the directory. (Default value: /var/run/enma/enma.pid)

milter.chdir

Specified a working directory after execution. If ommited, nothing happens. (Default value: no value)

milter.socket

Specifies socket type of milter communication from MTA. Choose one of the followings:

1. inet:<port number>@<IP adddress or hostname>
2. unix:<a path to UNIX domain socket>

For more information, refer to "cf/README" contained in the Sendmail package. (Default value: inet:10025@127.0.0.1)

milter.timeout

Specifies timeout of milter communication with MTA in seconds. (Default value: 7210)

milter.loglevel

Specifies log level of libmilter (not enma). This should be used for debugging purpose. For more information, please refer to "libmilter/docs/smfi_setdbg.html" in the Sendmail package. (Default value: 0)

milter.sendmail813

If the version of Sendmail is 8.13 or earlier, specify "true", Otherwise, specify "false". (Default value: false)

milter.postfix

If true, MTA is Postfix. If false, MTA is Sendmail. (Default value: false)

syslog.ident

Specified an identifier labeled to syslog messages. (Default value: enma)

syslog.facility

Specifies facility of syslog. (Default value: local4)

syslog.logmask

Specifies mask of syslog. Messages which level is over this value are printed to syslog. Usually "info" should be specified. (Default value: info)

common.exclusion_addresses

Specifies IP address ranges which are exception of domain authentication. If the source IP address of the peer matches the ranges, domain authentication process is omitted. Multiple ranges can be enumerated with the comma separator. (Default value: 127.0.0.1,::1)

spf.auth

If true, SPF authentication is processed. (Default value: true)

spf.explog

If true, the "exp" modifier is evaluated in the case where SPF authentication result is "hardfail". For more information about the "exp" modifier, refer to Section 6.2 of RFC4408. (Default value: true)

sidf.auth

If true, Sender ID authentication is processed. (Default value: true)

sidf.explog

If true, the "exp" modifier is evaluated in the case where Sender ID authentication result is "hardfail". For more information about the "exp" modifier, refer to Section 6.2 of RFC4408. (Default value: true)

dkim.auth

If true, DKIM authentication is processed. (Default value: true)

dkim.signheader_limit

Specifies a limit number of the DKIM-Signature: fields. They are evaluated from the top, and are ignored if the number reaches the limit. (Default value: 10)

dkim.accept_expired_signature

If true, expired DKIM signatures are treated as valid. This value should be false in normal case. (Default value: false)

dkimadsp.auth

If turu, DKIM ADSP check is processed. (Default value: true)

authresult.identifier

Specifies the hostname to identity the Authentication-Results: field. If the Authentication-Results: field which has the same identifier exists, the entire field is removed. Also, this identifier is used when the Authentication-Results: field is inserted to record authentication result. (Default value: localhost)

LOG

EXAMPLE OF LOG

[m75AKEOh009630] [SPF-auth] ipaddr=192.168.1.1, eval=smtp.mailfrom, helo=example.jp, envfrom=<user@example.jp>, score=pass
[m75AKEOh009630] [SIDF-auth] ipaddr=192.168.1.1, header.From=user@example.jp, score=pass
[m75AKEOh009630] [DKIM-auth] header.i=user@example.jp, score=pass
[m75AKEOh009630] [DKIM-ADSP-auth] header.from=user@example.jp, score=pass

The case where authentication process was skipped because of lack of authentication information:

[m75AKEOh009630] [SPF-auth] score=permerror
[m75AKEOh009630] [SIDF-auth] score=permerror
[m75AKEOh009630] [DKIM-auth] score=permerror
[m75AKEOh009630] [DKIM-ADSP-auth] score=permerror

The case where no signature exists:

[m75AKEOh009630] [DKIM-auth] score=none

DESCRIPTION OF LOG ITEM

[m75AKEOh009630]

Queue ID to identify SMTP transaction labeled by MTA

[SIDF-auth], [SPF-auth], [DKIM-auth], [DKIM-ADSP-auth]

These indicates Sender ID, SPF, DKIM, DKIM ADSP, respectively.

ipaddr=192.168.1.1

The IP address of the sender

score=pass

Score of authentication result

eval=smtp.mailfrom

Which authentication information was used, either MAIL FROM or EHLO/HELO.

helo=example.jp

EHLO/HELO provided by the sender

envfrom=<user@example.jp>

MAIL FROM provided by the sender

header.From=user@example.jp

The field name and the mail address used for authentication.

header.i=user@example.jp

The mail address or domain of a signer.

header.From=user@example.jp

The field name and the mail address used for authentication.

SCORE