Provided by: courier-filter-perl_0.200+ds-4_all bug


       Courier::Filter::Module::SPFout - Outbound SPF filter module for the Courier::Filter


           use Courier::Filter::Module::SPFout;

           my $module = Courier::Filter::Module::SPFout->new(
               match_on            => ['fail', 'permerror', 'temperror'],
               default_response    => $default_response_text,
               force_response      => $force_response_text,
                                   => ['', '2001:6ag:10e1::1'],
               spf_options         => {
                   # any Mail::SPF::Server options

               logger      => $logger,
               inverse     => 0,
               trusting    => 0,
               testing     => 0,
               debugging   => 0

           my $filter = Courier::Filter->new(
               modules     => [ $module ],


       This class is a filter module for use with Courier::Filter.  It matches a message if any
       of the receiving (local) machine's outbound IP addresses are not authorized to send mail
       from the envelope sender's (MAIL FROM) domain according to that domain's DNS SPF (Sender
       Policy Framework) record.  This is outbound SPF checking.

       The point of inbound SPF checking is for message submission agents (MSAs, smarthosts) to
       protect others against forged envelope sender addresses in messages submitted by the MSA's

       The following constructor is provided:

       new(%options): returns Courier::Filter::Module::SPFout
           Creates a new SPFout filter module.

           %options is a list of key/value pairs representing any of the following options:

               Disabled.  Since outbound SPF checking, as opposed to inbound SPF checking, is
               applied to trusted (authenticated) messages only, setting this module to be
               trusting does not make sense.  This property is thus locked to false.  Also see
               the description of Courier::Message's "trusted" property .

               A reference to an array containing the set of SPF result codes which should cause
               the filter module to match a message.  Possible result codes are "pass", "fail",
               "softfail", "neutral", "none", "permerror", and "temperror".  See the SPF
               specification for details on the meaning of those.  If "temperror" is listed, an
               "temperror" result will by definition never cause a permanent rejection, but only
               a temporary one.  Defaults to ['fail', 'permerror', 'temperror'].

               Note:  With early SPF specification drafts as well as the obsolete
               Mail::SPF::Query module, the "permerror" and "temperror" result codes were known
               as "unknown" and "error", respectively; the old codes are now deprecated but still
               supported for the time being.

               A string that is to be returned as the module's match result in case of a match,
               that is when the "match_on" option includes the result code of the SPF check (by
               default when a message fails the SPF check).  However, this default response is
               used only if the (claimed) envelope sender domain does not provide an explicit
               response.  See "default_authority_explanation" in Mail::SPF::Server for more

               SPF macro substitution is performed on the default response, just like on
               explanations provided by domain owners.  If undef, Mail::SPF's default explanation
               will be used.  Defaults to undef.

               Instead of merely specifying a default response for cases where the sender domain
               does not provide an explicit response, you can also specify a response to be used
               in all cases, even if the sender domain does provide one.  This may be useful if
               you do not want to confuse your own users with 3rd-party provided explanations
               when in fact they are only dealing with your server not wanting to relay their
               messages.  Defaults to undef.

               A reference to an array containing the local system's set of outbound IP addresses
               that will be assumed as the sender IP address in outbound SPF checks.  This set
               should include all public IP addresses that are used for relaying mail.  By
               default, automatic discovery of one public IP address that is "en route" to "the
               internet" is attempted for each of IPv4 and IPv6.  Auto-discovery does not work
               from behind NATs.

               A hash-ref specifying options for the Mail::SPF server object used by this filter
               module.  See "new" in Mail::SPF::Server for the supported options.

           All options of the Courier::Filter::Module constructor (except for the trusting
           option) are also supported.  Please see "new" in Courier::Filter::Module for their

   Instance methods
       See "Instance methods" in Courier::Filter::Module for a description of the provided
       instance methods.


       Courier::Filter::Module::SPF, Courier::Filter::Module, Courier::Filter::Overview,

       For AVAILABILITY, SUPPORT, and LICENSE information, see Courier::Filter::Overview.


       SPF website (Sender Policy Framework)

       SPF specification


       Julian Mehnle <>