Best-guess is now deprecated, so that code should be removed. With
"--guess true", the command returns "Error: 'guess' option is black
magic! Do not use it!" and a 255 code, and Exim places "X-SPF-Guess:
error" in the header.
Also it seems that the "--mail-from" option name should be changed to
"--id" (assuming default scope of mfrom), and "--helo" to "--helo-id".
*** 30_exim4-config_check_rcpt.orig 2010-07-03 05:56:37.000000000 -0700
--- 30_exim4-config_check_rcpt 2011-01-06 02:26:31.000000000 -0800
***************
*** 240,282 ****
#
# This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
# enable if that's an issue. Also note that if you enable this, you must
! # install "libmail-spf-query-perl" which provides the spfquery command.
! # Missing libmail-spf-query-perl will trigger the "Unexpected error in
! # SPF check" warning.
.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
! condition = ${run{/usr/bin/spfquery.mail-spf-query-perl --ip \"$sender_host_address\" --mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
! {no}{${if eq {$runrc}{1}{yes}{no}}}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
!acl = acl_local_deny_exceptions
! condition = ${if eq {$runrc}{5}{yes}{no}}
warn
! message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
! {${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
! condition = ${if <={$runrc}{6}{yes}{no}}
warn
log_message = Unexpected error in SPF check.
! condition = ${if >{$runrc}{6}{yes}{no}}
!
! # Support for best-guess (see http://www.openspf.org/developers-guide.html)
! warn
! message = X-SPF-Guess: ${run{/usr/bin/spfquery.mail-spf-query-perl --ip \"$sender_host_address\" --mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
! {pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
! {${if eq {$runrc}{6}{none}{error}}}}}}}}}}
! condition = ${if <={$runrc}{6}{yes}{no}}
!
! defer
! message = Temporary DNS error while checking SPF record. Try again later.
! !acl = acl_local_deny_exceptions
! condition = ${if eq {$runrc}{5}{yes}{no}}
.endif
--- 244,272 ----
#
# This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
# enable if that's an issue. Also note that if you enable this, you must
! # install "spf-tools-perl" which provides the spfquery command. Missing
! # spf-tools-perl will trigger the "Unexpected error in SPF check" warning.
.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
! condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \"$sender_host_address\" --id \"$sender_address\" --helo-id \"$sender_helo_name\"}\
! {no}{${if eq {$runrc}{1}}}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
!acl = acl_local_deny_exceptions
! condition = ${if eq {$runrc}{5}}
warn
! message = ${sg{$value}{(.|\\n)*(Received-SPF: [^\\n]*)(.|\\n)*}{\$2}}
! condition = ${if <= {$runrc}{6}}
warn
log_message = Unexpected error in SPF check.
! condition = ${if > {$runrc}{6}}
.endif
