vrfydmn - reject an email message if the RFC5322 From:-address does not comply.

Author

       Christian Roessner <c@roessner.co> wrote the program.

       Patrick Ben Koetter <p@sys4.de> wrote this man page.

Bugs

       There are no known bugs so far. Please submit bugs to https://github.com/croessner/vrfydmn/issues.

Copying

       Copyright (C) 2014-2015 Christian Roessner. Free use of this software is granted under the terms of the
       GNU General Public License (GPL).

vrfydmn 0.4                                        02/09/2015                                         VRFYDMN(8)

Description

       In email everyone is free to specify any RFC5322 From:-header address. Miscreants — virus authors,
       spammers and phishers — are aware of this fact. They forge the RFC5322 From:-header address on purpose to
       impersonate someone that suits their goal.

       Average users are not aware of this fact. They tend to believe a message really was sent by the person
       indicated in the RFC5322 From:-header address.

       vrfydmn verifies RFC5322 From:-headers in mail messages. It compares a messages From:-header field to a
       list of permitted sender domains assigned to the sender. If the address does not meet the expectations
       vrfydmn may either rectify the RFC5322 From:-header or reject the message.

       This program was created to control and reject phishing abuse on SMTP submission ports. It serves also to
       prevent mail loss in cases, when the given address was under DMARC policy, i.e. Yahoo or AOL.

Name

       vrfydmn - reject an email message if the RFC5322 From:-address does not comply.

Options

-u,--useruser (default: milter)
Run vrfydmn as user user.

-g,--groupgroup (default: milter)
Run vrfydmn as group user.

-s,--socketsocket (default: inet6:30072@[::1])
Specifes the socket vrfydmn should listen on for incoming verification requests. The socket consists
of three parts - protocol, port and address.

protocol
Use inet as prefix to indicate an IPv4 socket e.g. inet:10000@127.0.0.1 or inet6 as prefix to
indicate an IPv6 socket e.g. inet6:30072@[::1].

port
Use numbers to indicate the port vrfydmn should establish its socket on e.g. 30072.

address
Specify an IP address. The address type must correspond to the protocol choosen. IPv6 addresses must
be enclosed in square brackets e.g. [address].

-p,--pidpidfile (default: none)
Specifies the name of a file in which vrfydmn should note its process id.

-f,--filefile (default: none)
This file typically is a postfix(8) map, i.e. relay_domains file. It should be a map with 2 columns.
First column is the domain (the key) and the second column represents some value. The value is
totally ignored in vrfydmn! If a flat file was given, the file can be refreshed during runtime by
sending the SIGHUP signal and the result can be dumped to syslog (or standard out, if -d, --debug was
given) with the SIGUSR1 signal.

-l,--ldapfile (default: none)
Specifies the path to a configuration file. The file holds options for LDAP queries. If specified
vrfydmn will establish a persistent LDAP connection. See vrfydmn_ldap(5) for details.

-m,--memcachedsocket (default: none)
Specifies a TCP socket to a memcache server. If enabled LDAP query results will be cached in the
memcache. The socket must be specified as address and port separated by a colon e.g.
127.0.0.1:11211.

-f,--fix
If specified vrfydmn will not reject messages with RFC5322 From:-headers that fail verification.
Instead it will attempt to fix them. It will copy the erroneous header to a Reply-To:-header (only if
none already exists). Then it will replace the existing From:-header with the envelope-sender address
(MAIL From). This option is recommended for web servers.

-d,--debug
This option is mainly for debugging and development purposes. If specified vrfydmn will not detach.
It will run in foreground and output its activities to stdout.

Resources

       vrfydmn’s home is at https://github.com/croessner/vrfydmn.

Synopsis

vrfydmn [OPTIONS] FILE