Re: [exim] Experimental SPF

Heiko Schlittermann via Exim-users Fri, 22 Sep 2017 12:07:48 -0700

Pierre-Philipp Braun <[email protected]> (Mi 20 Sep 2017 09:55:52 CEST):
> Hello,
> 
> I tried to take advantage of Experimental SPF support with no much success
> in Exim 4.89 as well as development head.  I do not know if this is me not
> writing the ACLs correctly or if this is truly unfeatured.
> 
> [...]
> 
> acl_check_mail:
>        warn            spf = !unknown
>        add_header      = :at_start:$spf_received
>        log_message     = SPF=$spf_result
>        accept spf      = pass


>        accept

You accept everything, despite the SPF results.

> The ACL described earlier passes everything through but
> at least returns information about the SPF result in the logs even if it is
> false, I think.

I'm not sure about the 'spf = !unknown', here on my system I have
a similiar line as 'spf = !none'.

Here is my setup that serves a similiar purpose>

warn     spf          = !none
         logwrite     = SPF: $spf_result for $sender_address
         add_header   = :at_start:$spf_received

> 2017-09-20 10:44:16 H=localhost (crap) [127.0.0.1] Warning: SPF=pass
> 2017-09-20 10:44:45 H=mx.nethence.com (crap) [62.210.110.7] Warning:
> SPF=temperror

Maybe this helps for your localhost experiments:
I did a fast "selfcheck" using swaks:

    swaks … --pipe 'exim -bh 127.0.0.1'

>>> check spf = !none
>>> SPF result is pass (2)
>>> check logwrite = SPF: $spf_result for $sender_address
>>>                = SPF: pass for [email protected]
LOG: [17759] SPF: pass for [email protected]
>>> check add_header = :at_start:$spf_received
>>>                  = :at_start:Received-SPF: pass (mx.net.schlittermann.de: 
>>> localhost is always allowed.) client-ip=127.0.0.1; 
>>> [email protected]; helo=mx.net.schlittermann.de;

schlittermann.de.       3600    IN      TXT     "v=spf1 a:hh.schlittermann.de 
ip4:84.19.194.3/32 -all"

and clearly does not include localhost. So passing messags from
localhost might be a feature of SPF in general or of the implementation
in Exim.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -

signature.asc
Description: PGP signature

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: [exim] Experimental SPF

Reply via email to