# Sendmail SPF milter?



## yourlord (Jul 9, 2015)

I have Sendmail set up on FreeBSD 10.1 using mail/spamassassin and mail/opendkim milters. I am wanting to deploy the mail/opendmarc milter as well, but I've run into a road block trying to find a milter to authenticate SPF. It seems there are very few milters available to address this and most which are available and remotely active seem to try to focus on greylisting, etc, and SPF is an afterthought and not fully baked. Virtually all of the others appear to be essentially dead projects; some not seeing updates for years to over a decade.

After setting up DKIM and DNSSEC I never imagined my biggest road block would be SPF; a long established protocol which I figured would be quick and easy to set up in the defacto standard MTA. I've Googled until my fingers are about to fall off and can't seem to find any solid, up-to-date information on a reliable and open SPF solution with Sendmail.

Do any of you have suggestions or links to relevent information? I can't be the only person in the world trying to set up sendmail to authenticate SPF records. I prefer to use packages in the pkg repos, but I'll go to ports if I have to. I've scanned through the ports tree and didn't get any warm fuzzy feelings about the prospects in there.


----------



## ondra_knezour (Jul 10, 2015)

There are few SPF tools in the ports, namely mail/spfval, mail/enma and mail/sid-milter, none tested by me personally. Did you try them?


----------



## adri (Jul 13, 2015)

Both mail/enma and mail/sid-milter have problems with IPv6 addresses.
mail/enma only does checking, but won't reject messages if the SPF check fails.
mail/sid-milter does have options to reject messages on hard-fail.
A newer version of mail/enma exists, which corrects the IPv6 problems and can use DMarc for rejecting messages.
The newer version of mail/enma has been renamed to YENMA and is not available through ports, only at https://github.com/iij/yenma.

I have created local patches to mail/enma to fix the IPv6 bug and optionally allow for mail rejection at the milter stage.


----------



## junovitch@ (Jul 14, 2015)

adri said:


> Both mail/enma and mail/sid-milter have problems with IPv6 addresses.
> mail/enma only does checking, but won't reject messages if the SPF check fails.
> mail/sid-milter does have options to reject messages on hard-fail.
> A newer version of mail/enma exists, which corrects the IPv6 problems and can use DMarc for rejecting messages.
> ...



If you've already done the legwork to locally patch mail/enma it would be beneficial for everybody to have a PR submitted to get that patch added.


----------



## adri (Jul 14, 2015)

Submitted as PR 201557.


----------

