The syntax of configuration
Here is a default config file:
#Port: 10025
#Address: 127.0.0.1
#Reject_Plus_All: Yes
#Minimum_IPv4_Mask_Length: 16
#Minimum_IPv6_Mask_Length: 48
#Include_Redirect_Limit: 10
#Syslog_Facility: local4
#Log_Level: notice
#Logonly: No
#Debug: No
#Prefork_Process_Number: 4
#Thread_Number_Per_Process: 500
#User: nobody
#Group: nobody
#Pid_File: /var/run/rpf.pidThe line started with ‘#’ is a comment. All lines are commented out because they are the default value. If you want to change values, first you should remove ‘#’.
- Port:
- The port to which the rpf daemon listens
- Address:
- The IP address to which the rpf daemon listens
- Reject_Plus_All:
- Whether or not the rpf deamon rejects “+all” of SPF RR. If Yes, “+all” is treated as PermError. (Yes or No)
- Minimum_IPv4_Mask_Length:
- Minimun IPv4 mask length which the rpf daemon accepts. If IPv4 range of SPF RR whose length is shorter than this value, it is treated as PermError.
- Minimum_IPv6_Mask_Length:
- Minimun IPv6 mask length which the rpf daemon accepts. If IPv6 range of SPF RR whose length is shorter than this value, it is treated as PermError.
- Include_Redirect_Limit:
- The limitation of total number of “include” and “redirect” of SPF RR. If the total number exceeds this value, the case is treated as PermError.
- Syslog_Facility:
- The facility for syslog. If ‘Debug’ is ‘No’, this option is used.
- Log_Level:
- Level of logging. (debug, info, notice, or warning)
- Logonly:
- Whether or not the rpf daemon logs but does not effect to behavior of MTA. If Yes, the rpf daemon logs actions according its policy but returns “accept” to MTA. If No, the rpf daemon return decided action to MTA. (Yes or No)
- Debug:
- Whether or not the rpf daemon runs in debug mode. If No, the rpf daemon detaches its terminal and becomes a daemon. If Yes, it keeps its terminal and prints log to the terminal. (Yes or No)
- Prefork_Process_Number
- The number of process to be pre-forked.
- Thread_Number_Per_Process
- The number of connections to be accepted by a pre-forked process. This must be 1,024 or less. But for safety, 500 is recommended.
- User
- A user name. If the rpf daemon is executed with root privilege, it switches to this user.
- Group
- A group name. If the rpf daemon is executed with root privilege, it switches to this group.
- Pid_File: /var/run/rpf.pid
- The name of PID file
Since the user thread of GHC 6.12 or earlier using the select() system call, one process can accept only 1,024 connections or less. To solve this problem, the pre-fork technique is used. “Prefork_Process_Number * Thread_Number_Per_Process” connections are accepted in the same time.
Checking behavior
For the fist time, you should run “rpf” as a foreground process with the following configuration file:
Logonly: Yes
Debug: Yes
Prefork_Process_Number: 1The daemon does not change behavior of MTA and all messages are accepted. Log is displayed in the terminal only. To stop the daemon, type C-c.
Loggin only mode
If you want to execute “rpf” as a daemon but does not want to change behavior of MTA, use the following configuration file.
Logonly: YesLog is record through syslog.