This is a multi-part message in MIME format.
--
Hi !!
This is a first attempt to have a working SPF (
http://spf.pobox.com/ ) check
for Exim 4.xx that does not need patching Exim.
--
Just enjoy ...
I tried switching to gum but couldn't keep it lit.
----------------------------------------------------------------
David Saez Padros http://www.ols.es
On-Line Services 2000 S.L. e-mail david@???
Pintor Vayreda 1 telf +34 902 50 29 75
08184 Palau-Solita i Plegamans movil +34 670 35 27 53
----------------------------------------------------------------
--
# SPF Auth test for Exim 4.xx
# Version 1.02 by david@???
#
# Features:
#
# - SPF lookup with spfinclude recursion support
# - Received-SPF: header support
# - Null sender support
# - No multi spfinclude support
# - No IPv6 support
#
# Warning:
#
# Will use acl_m9 and acl_m8
#
# Usage instructions:
#
# 1. copy this file to your exim installation directory
#
# 2. add this line to your exim configuration file to allow
# spf like dns names:
#
# dns_check_names_pattern = \
# (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9-_]*[^\W_])?)+$
#
# 3. add this line to your exim configuration file after your
# begin acl:
#
# .include spf.acl
#
# 4. Now you can use the test on your RCPT ACL this way:
#
# deny !acl = spf_acl
# message = $sender_host_address is no allowed to send \
# mail for $sender_address_domain
# log_message = Not authorized by SPF
#
spf_acl:
warn !senders = :
set acl_m9 = $sender_address_domain
warn senders = :
set acl_m9 = $sender_helo_name
deny !acl = spf_real_acl
warn message = Received-SPF: $acl_m9
accept
spf_real_acl:
warn set acl_m9 = ${extract{4}{.}{$sender_host_address}}.\
${extract{3}{.}{$sender_host_address}}.\
${extract{2}{.}{$sender_host_address}}.\
${extract{1}{.}{$sender_host_address}}.\
in-addr._smtp_client.$acl_m9
# SPF TXT lookup
warn set acl_m8 = ${lookup dnsdb{txt=$acl_m9}{$value}}
# Split response
warn set acl_m8 = ${extract{1}{\n}{$acl_m8}}
set acl_m9 = ${extract{2}{=}{$acl_m8}}
set acl_m8 = ${extract{1}{=}{$acl_m8}}
# spf=deny
deny condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{deny}{yes}{no}}
# spf=allow
accept condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{allow}{yes}{no}}
set acl_m9 = pass ($sender_host_name [$sender_host_address] \
is designated mailer for domain of sender \
$sender_address)
# spf=softdeny
accept condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{softdeny}{yes}{no}}
set acl_m9 = softfail ($sender_host_name [$sender_host_address] \
not a designated mailer for transitioning \
domain of sender $sender_address)
# no SPF
accept condition = ${if eq{$acl_m8}{spfinclude}{no}{yes}}
set acl_m9 = unknown (domain of sender $sender_address \
does not designate mailers)
# spfinclude
accept condition = ${if match{$acl_m9}{:}{yes}{no}}
set acl_m9 = pass (unsupported multiple spfinclude detected)
accept acl = spf_real_acl
deny
--
