Provided by: vrfydmn_0.11.0-2_all bug


       vrfydmn - reject an email message if the RFC5322 From:-address does not comply.


       vrfydmn [OPTIONS] FILE


       In email everyone is free to specify any RFC5322 From:-header address. Miscreants — virus
       authors, spammers and phishers — are aware of this fact. They forge the RFC5322
       From:-header address on purpose to impersonate someone that suits their goal.

       Average users are not aware of this fact. They tend to believe a message really was sent
       by the person indicated in the RFC5322 From:-header address.

       vrfydmn verifies RFC5322 From:-headers in mail messages. It compares a messages
       From:-header field to a list of permitted sender domains assigned to the sender. If the
       address does not meet the expectations vrfydmn may either rectify the RFC5322 From:-header
       or reject the message.

       This program was created to control and reject phishing abuse on SMTP submission ports. It
       serves also to prevent mail loss in cases, when the given address was under DMARC policy,
       i.e. Yahoo or AOL.


       -u, --user user (default: milter)
           Run vrfydmn as user user.

       -g, --group group (default: milter)
           Run vrfydmn as group user.

       -s, --socket socket (default: inet6:30072@[::1])
           Specifes the socket vrfydmn should listen on for incoming verification requests. The
           socket consists of three parts - protocol, port and address.

           Use inet as prefix to indicate an IPv4 socket e.g.  inet:10000@ or inet6 as
           prefix to indicate an IPv6 socket e.g.  inet6:30072@[::1].

           Use numbers to indicate the port vrfydmn should establish its socket on e.g.  30072.

           Specify an IP address. The address type must correspond to the protocol choosen. IPv6
           addresses must be enclosed in square brackets e.g.  [address].

       -p, --pid pidfile (default: none)
           Specifies the name of a file in which vrfydmn should note its process id.

       -f, --file file (default: none)
           This file typically is a postfix(8) map, i.e. relay_domains file. It should be a map
           with 2 columns. First column is the domain (the key) and the second column represents
           some value. The value is totally ignored in vrfydmn! If a flat file was given, the
           file can be refreshed during runtime by sending the SIGHUP signal and the result can
           be dumped to syslog (or standard out, if -d, --debug was given) with the SIGUSR1

       -l, --ldap file (default: none)
           Specifies the path to a configuration file. The file holds options for LDAP queries.
           If specified vrfydmn will establish a persistent LDAP connection. See vrfydmn_ldap(5)
           for details.

       -m, --memcached socket (default: none)
           Specifies a TCP socket to a memcache server. If enabled LDAP query results will be
           cached in the memcache. The socket must be specified as address and port separated by
           a colon e.g.

       -f, --fix
           If specified vrfydmn will not reject messages with RFC5322 From:-headers that fail
           verification. Instead it will attempt to fix them. It will copy the erroneous header
           to a Reply-To:-header (only if none already exists). Then it will replace the existing
           From:-header with the envelope-sender address (MAIL From). This option is recommended
           for web servers.

       -d, --debug
           This option is mainly for debugging and development purposes. If specified vrfydmn
           will not detach. It will run in foreground and output its activities to stdout.




       There are no known bugs so far. Please submit bugs to


       Christian Roessner <> wrote the program.

       Patrick Ben Koetter <> wrote this man page.


       vrfydmn’s home is at


       Copyright (C) 2014-2015 Christian Roessner. Free use of this software is granted under the
       terms of the GNU General Public License (GPL).