Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ENMA(1)			  BSD General Commands Manual		       ENMA(1)

NAME
     enma -- A milter program for domain authentication	technologies

SYNOPSIS
     enma [-cvh] [-o key=value]

DESCRIPTION
     enma is a program of domain authentication	technologies. It authenticates
     message senders with SPF, Sender ID, DKIM and/or DKIM ADSP	and inserts
     the Authentication-Results: field with authentication results.

     Configurations have order of preference as	follows:

	   1.	The command line options
	   2.	The configuration file
	   3.	The default values

OPTIONS
     -h	     Displays available	options.

     -v	     Verbose mode.

     -c	filename
	     Specifies a configuration file.

     -o	key=value
	     Specifies configuration below.

CONFIGURATION FILE
     Each line is in the format	of "key:value".	Spaces between "key:" and
     "value" are ignored. Lines	begging	with '#' and empty lines are ignored.
     If	there is no configuration of a given "key:", its default value is
     used.  Absolute paths must	be used	when specified.

     milter.verbose (-v)
	     If	true, log is recorded in detail. (Default value: false)

     milter.conffile (-c)
	     Specifies the path	to the configration file. If ommited, no con-
	     figuration	file is	read and the default values are	used.  The -c
	     option should be used usually instead. (Default value: no value)

     milter.user
	     Specifies a user name. If not specified, the user name of execu-
	     tion is used. This	is typically used to step down the user	au-
	     thority of	enma executed in a start-up script.  (Default value:
	     no	value)

     milter.pidfile
	     Specify the path to the PID file. If milter.user is specified,
	     the PID file is written as	the user. So, appropriate permission
	     should be given to	the directory. (Default	value:
	     /var/run/enma/enma.pid)

     milter.chdir
	     Specified a working directory after execution. If ommited,	noth-
	     ing happens. (Default value: no value)

     milter.socket
	     Specifies socket type of milter communication from	MTA.  Choose
	     one of the	followings:
		   1.	inet:<port number>@<IP adddress	or hostname>
		   2.	unix:<a	path to	UNIX domain socket>
	     For more information, refer to "cf/README"	contained in the Send-
	     mail package. (Default value: inet:10025@127.0.0.1)

     milter.timeout
	     Specifies timeout of milter communication with MTA	in seconds.
	     (Default value: 7210)

     milter.loglevel
	     Specifies log level of libmilter (not enma). This should be used
	     for debugging purpose.  For more information, please refer	to
	     "libmilter/docs/smfi_setdbg.html" in the Sendmail package.	(De-
	     fault value: 0)

     milter.sendmail813
	     If	the version of Sendmail	is 8.13	or earlier, specify "true",
	     Otherwise,	specify	"false". (Default value: false)

     milter.postfix
	     If	true, MTA is Postfix. If false,	MTA is Sendmail. (Default
	     value: false)

     syslog.ident
	     Specified an identifier labeled to	syslog messages. (Default
	     value: enma)

     syslog.facility
	     Specifies facility	of syslog. (Default value: local4)

     syslog.logmask
	     Specifies mask of syslog.	Messages which level is	over this
	     value are printed to syslog. Usually "info" should	be specified.
	     (Default value: info)

     common.exclusion_addresses
	     Specifies IP address ranges which are exception of	domain authen-
	     tication. If the source IP	address	of the peer matches the
	     ranges, domain authentication process is omitted. Multiple	ranges
	     can be enumerated with the	comma separator. (Default value:
	     127.0.0.1,::1)

     spf.auth
	     If	true, SPF authentication is processed.	(Default value:	true)

     spf.explog
	     If	true, the "exp"	modifier is evaluated in the case where	SPF
	     authentication result is "hardfail".  For more information	about
	     the "exp" modifier, refer to Section 6.2 of RFC4408.  (Default
	     value: true)

     sidf.auth
	     If	true, Sender ID	authentication is processed. (Default value:
	     true)

     sidf.explog
	     If	true, the "exp"	modifier is evaluated in the case where	Sender
	     ID	authentication result is "hardfail".  For more information
	     about the "exp" modifier, refer to	Section	6.2 of RFC4408.	 (De-
	     fault value: true)

     dkim.auth
	     If	true, DKIM authentication is processed.	(Default value:	true)

     dkim.signheader_limit
	     Specifies a limit number of the DKIM-Signature: fields.  They are
	     evaluated from the	top, and are ignored if	the number reaches the
	     limit.  (Default value: 10)

     dkim.accept_expired_signature
	     If	true, expired DKIM signatures are treated as valid. This value
	     should be false in	normal case. (Default value: false)

     dkimadsp.auth
	     If	turu, DKIM ADSP	check is processed. (Default value: true)

     authresult.identifier
	     Specifies the hostname to identity	the Authentication-Results:
	     field. If the Authentication-Results: field which has the same
	     identifier	exists,	the entire field is removed. Also, this	iden-
	     tifier is used when the Authentication-Results: field is inserted
	     to	record authentication result.  (Default	value: localhost)

LOG
     Log is recored to syslog. facility	and mask of syslog are specified with
     "syslog.facility" and "syslog.logmask", respectively.

EXAMPLE	OF LOG
     The case where authentication process was normally	done:

     [m75AKEOh009630] [SPF-auth] ipaddr=192.168.1.1, eval=smtp.mailfrom, helo=example.jp, envfrom=<user@example.jp>, score=pass
     [m75AKEOh009630] [SIDF-auth] ipaddr=192.168.1.1, header.From=user@example.jp, score=pass
     [m75AKEOh009630] [DKIM-auth] header.i=user@example.jp, score=pass
     [m75AKEOh009630] [DKIM-ADSP-auth] header.from=user@example.jp, score=pass

     The case where authentication process was skipped because of lack of au-
     thentication information:

     [m75AKEOh009630] [SPF-auth] score=permerror
     [m75AKEOh009630] [SIDF-auth] score=permerror
     [m75AKEOh009630] [DKIM-auth] score=permerror
     [m75AKEOh009630] [DKIM-ADSP-auth] score=permerror

     The case where no signature exists:

     [m75AKEOh009630] [DKIM-auth] score=none

DESCRIPTION OF LOG ITEM
     Common

     [m75AKEOh009630]
	     Queue ID to identify SMTP transaction labeled by MTA

     [SIDF-auth], [SPF-auth], [DKIM-auth], [DKIM-ADSP-auth]
	     These indicates Sender ID,	SPF, DKIM, DKIM	ADSP, respectively.

     ipaddr=192.168.1.1
	     The IP address of the sender

     score=pass
	     Score of authentication result
     SPF

     eval=smtp.mailfrom
	     Which authentication information was used,	either MAIL FROM or
	     EHLO/HELO.

     helo=example.jp
	     EHLO/HELO provided	by the sender

     envfrom=<user@example.jp>
	     MAIL FROM provided	by the sender
     Sender ID

     header.From=user@example.jp
	     The field name and	the mail address used for authentication.
     DKIM

     header.i=user@example.jp
	     The mail address or domain	of a signer.
     DKIM ADSP

     header.From=user@example.jp
	     The field name and	the mail address used for authentication.

SCORE
     See RFC5451.

				 Apr 03, 2009

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | CONFIGURATION FILE | LOG | EXAMPLE OF LOG | DESCRIPTION OF LOG ITEM | SCORE

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=enma&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help