[EMAIL PROTECTED] wrote:
> I agree SPF != Ident, but when I test SPF / libspf2 using the -bh command
> line option, I get nothing but '(permanent error) (7)' results.
>
> I sent a real mail message from my gmail account. I see in my logs that
> SPF gives a 'pass'...
>
> 2008-07-14 08:32:36 [25130] H=yx-out-1718.google.com [74.125.44.152]:32110
> I=[198.147.246.55]:25 Warning: MAIL - Would not be blocked by SPF: (pass)
> ip=74.125.44.152, [EMAIL PROTECTED],
> helo=yx-out-1718.google.com
Doing the same thing as you with libspf2-1.2.5 with the following ACL
snippet in my RCPT ACL ..
# Deny outright a plain as day failure. This should be whitelisted
deny message = ERRMSG_SPFFAIL
hosts = !+relay_from_hosts
!authenticated = *
spf = fail
continue = ${readsocket{GLSOCK}{spffail \
$sender_host_address}{20s}{ }{SOCKETERROR}}
exim -bh 74.125.44.152
...
HELO yx-out-1718.google.com
...
MAIL FROM:<[EMAIL PROTECTED]>
...
RCPT TO:<[EMAIL PROTECTED]>
...
>>> processing "deny"
>>> check hosts = !+relay_from_hosts
>>> host in "!+relay_from_hosts"? yes (end of list)
>>> check !authenticated = *
>>> check spf = fail
>>> SPF result is pass (2)
>>> deny: condition test failed
Perhaps it is causing an error without the HELO/EHLO string. I can't
test that easily right now. It shouldn't need to be in the RCPT ACL
either, the MAIL FROM one I think should be fine, but that's another
thing to check.
--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
