[Exim] SPF ACL for Exim

Top Page
Delete this message
Reply to this message
Author: David Saez
Date:  
To: spf-discuss, exim-users
Subject: [Exim] SPF ACL for Exim
This is a multi-part message in MIME format.
--
Hi !!

This is a first attempt to have a working SPF ( http://spf.pobox.com/ ) check
for Exim 4.xx that does not need patching Exim.

--
Just enjoy ...

I tried switching to gum but couldn't keep it lit.

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david@???
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------
--
# SPF Auth test for Exim 4.xx
# Version 1.02 by david@???
#
# Features:
#
# - SPF lookup with spfinclude recursion support
# - Received-SPF: header support
# - Null sender support
# - No multi spfinclude support
# - No IPv6 support
#
# Warning:
#
# Will use acl_m9 and acl_m8
#
# Usage instructions:
#
# 1. copy this file to your exim installation directory
#
# 2. add this line to your exim configuration file to allow
#    spf like dns names:
#
#    dns_check_names_pattern = \
#    (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9-_]*[^\W_])?)+$
#
# 3. add this line to your exim configuration file after your
#    begin acl:
#
#    .include spf.acl
#
# 4. Now you can use the test on your RCPT ACL this way:
#
#    deny    !acl        = spf_acl
#            message     = $sender_host_address is no allowed to send \
#                             mail for $sender_address_domain
#         log_message = Not authorized by SPF
#


spf_acl:

  warn    !senders       = :
          set acl_m9     = $sender_address_domain


  warn    senders        = :
          set acl_m9     = $sender_helo_name


  deny    !acl           = spf_real_acl
  warn    message        = Received-SPF: $acl_m9
  accept


spf_real_acl:

  warn    set acl_m9     = ${extract{4}{.}{$sender_host_address}}.\
                           ${extract{3}{.}{$sender_host_address}}.\
                           ${extract{2}{.}{$sender_host_address}}.\
                           ${extract{1}{.}{$sender_host_address}}.\
                           in-addr._smtp_client.$acl_m9


# SPF TXT lookup

  warn    set acl_m8     = ${lookup dnsdb{txt=$acl_m9}{$value}}


# Split response

  warn    set acl_m8     = ${extract{1}{\n}{$acl_m8}}
          set acl_m9     = ${extract{2}{=}{$acl_m8}}
          set acl_m8     = ${extract{1}{=}{$acl_m8}}


# spf=deny

  deny    condition      = ${if eq{$acl_m8}{spf}{yes}{no}}
          condition      = ${if eq{$acl_m9}{deny}{yes}{no}}


# spf=allow

  accept  condition      = ${if eq{$acl_m8}{spf}{yes}{no}}
          condition      = ${if eq{$acl_m9}{allow}{yes}{no}}
          set acl_m9     = pass ($sender_host_name [$sender_host_address] \
               is designated mailer for domain of sender \
               $sender_address)


# spf=softdeny

  accept  condition      = ${if eq{$acl_m8}{spf}{yes}{no}}
          condition      = ${if eq{$acl_m9}{softdeny}{yes}{no}}
          set acl_m9     = softfail ($sender_host_name [$sender_host_address] \
                           not a designated mailer for transitioning \
                           domain of sender $sender_address)


# no SPF

  accept condition       = ${if eq{$acl_m8}{spfinclude}{no}{yes}}
         set acl_m9      = unknown (domain of sender $sender_address \
                           does not designate mailers)


# spfinclude

  accept condition       = ${if match{$acl_m9}{:}{yes}{no}}
         set acl_m9      = pass (unsupported multiple spfinclude detected)


  accept acl             = spf_real_acl
  deny
--