Scroll to navigation

POLICYD-SPF-FS(8) System Manager's Manual POLICYD-SPF-FS(8)


policyd-spf-fs — SPF policy daemon for the Postfix MTA



spf-policy  unix  -       n       n       -       -       spawn

user=nobody argv=/usr/sbin/policyd-spf-fs [options]


This manual page documents briefly the policyd-spf-fs command. It was written for the Debian® distribution because the original program initially didn't have a manual page (it does now, but the maintainer feels that this one is a little better).

policyd-spf-fs performs Sender Policy Framework (SPF) authorization checks based on queries sent to it on standard input following a special protocol. For more information on this protocol see the Postfix documentation in the postfix-doc package. For information on SPF see


This programs follows the GNU getopt_long_only(3) command line syntax: Long options can be given with one or two dashes and can be abbreviated to a prefix long enough to be non-ambiguous. If an option starting with a single dash doesn't match a long option, it is taken as a short option with a following parameter, if applicable. An equals sign between the option name and the parameter is optional for both short and long options.

Turn on debugging output. A level of 3 or higher is passed to libspf2 (as level-2). Level 1 and 2 is only used by the daemon itself.
Test against spf-terms before the final (implicit or explicit) “all” in an SPF record. This can be used to implement a local policy for whitelisting.
Check the sender domain with This is a non-standard feature.
Do not check the sender domain with This is the default.
Test the sender domain against spf-mechanisms if the domain has no SPF record.
Default explanation string to use if the SPF record does not specify an explanation string itself.
Maximum number of DNS lookups to allow.
Do [not] sanitize the output by condensing consecutive whitespace into a single space and replacing non-printable characters with question marks. Enabled by default.
Use hostname as the name of the local system instead of looking it up (the name is used in the output).
Provide override and fallback SPF records for certain domains. Not implemented yet. policyd-spf-fs would act as if the specified records were present before and after any existing record, respectively, of those domains.
Show summary of options.
Show version of program.


spfquery(1), master(5), RFC 4408, /usr/share/doc/postfix/SMTPD_POLICY_README.gz


Yes, this program is an early development stage. Among other things, several of the spfquery options are semi-recognized, which may give confusing results.


policyd-spf-fs was written by Matthias Cramer.

This manual page was written by Magnus Holmgren for the Debian® system (but may be used by others), based on the manpage for spfquery(1), which was in turn heavily inspired by the spfquery manpage of libmail-spf-query-perl (spfquery.mail-spf-query-perl(1)) by Julian Mehnle.


Copyright © 2007 Magnus Holmgren. Permission is granted to copy, distribute and/or modify this document under the terms of the BSD License.

On Debian systems, the complete text of the BSD License can be found in /usr/share/common-licenses/BSD.