So, like, the other day Avleen Vig mumbled:
> I was wondering if anyone has had good or bad experiences with Sender
> Permitted From.
>
> It seems a very confusing setup and I'm not sure if the end result is
> worth it.
> Most importantly, is it's integration with Exim difficult?
>
> Any suggestions would be appreciated as I can't seem to find an archive
> for the SPF list from http://spf.pobox.com/
I am in the middle of setting it up here at jdl.com.
I have a published SPF record which can be obtained via:
% dig @jdl.com TXT
To be honest, that was the format from a month ago. It is
possible that the draft spec has changed a bit since then.
I need to go verify that. (It is firming up!)
I have also installed the Mail::SPF::Query module and have
verified that it is up and running.
However, the hard part was made easy by david@???!
I've not enabled these ACLs yet, but plan on doing so RSN!
Enjoy,
jdl
------------------------------------------------------------------
Jon Loeliger Loeliger Consulting
jdl@??? FreeBSD, Linux, Compilers, Games
----------------------------------------------------------------
# SPF Auth test for Exim 4.xx
# Version 2.02 by david@???
#
# Features:
#
# Full SPF support via spfd socket
#
# Warning:
#
# Will use acl_m9, acl_m8, acl_m7 and acl_m6
#
# Requires
#
# Mail::SPF::Query ver 1.9.1
#
# Usage instructions:
#
# 1. copy this file to your exim installation directory
#
# 2. add this line to your exim configuration file after your
# begin acl:
#
# .include spf.acl
#
# 3. Grab a copy of Mail::SPF::Query from
# http://spf.pobox.com/downloads.html and install it
#
# 4. Run spfd -path=/tmp/spfd
#
# 5. Now you can use the test on your RCPT/MAIL ACL this way:
#
# deny !acl = spf_rcpt_acl
#
# And on your DATA ACL:
#
# deny senders = :
# !acl = spf_from_acl
spf_rcpt_acl:
# Check envelope sender
warn set acl_m8 = $sender_address
deny !acl = spf_check
warn message = Received-SPF: $acl_m7
accept
spf_from_acl:
# Check header From:
warn set acl_m8 = ${address:$h_from:}
deny !acl = spf_check
warn message = Received-SPF: $acl_m7
accept
spf_check:
warn set acl_m9 = ${readsocket{/tmp/spfd}\
{ip=$sender_host_address\nhelo=$sender_helo_name\
\nsender=$acl_m8\n\n}{20s}{\n}{socket failure}}
# Defer on socket error
defer condition = ${if eq{$acl_m9}{socket failure}{yes}{no}}
message = Cannot connect to spfd
# Prepare answer and get results
warn set acl_m9 = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\" }}
set acl_m8 = ${extract{result}{$acl_m9}{$value}{unknown}}
set acl_m7 = ${extract{header_comment}{$acl_m9}{$value}{}}
# Check for fail
deny condition = ${if eq{$acl_m8}{fail}{yes}{no}}
message = $acl_m7
log_message = Not authorized by SPF
accept
