Re: [Exim] Anyone using SPF?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: exim
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [Exim] Anyone using SPF?
So, like, the other day Avleen Vig mumbled:
> I was wondering if anyone has had good or bad experiences with Sender
> Permitted From.
>
> It seems a very confusing setup and I'm not sure if the end result is
> worth it.
> Most importantly, is it's integration with Exim difficult?
>
> Any suggestions would be appreciated as I can't seem to find an archive
> for the SPF list from http://spf.pobox.com/


I am in the middle of setting it up here at jdl.com.
I have a published SPF record which can be obtained via:

    % dig @jdl.com TXT


To be honest, that was the format from a month ago. It is
possible that the draft spec has changed a bit since then.
I need to go verify that. (It is firming up!)

I have also installed the Mail::SPF::Query module and have
verified that it is up and running.

However, the hard part was made easy by david@???!
I've not enabled these ACLs yet, but plan on doing so RSN!

Enjoy,
jdl
------------------------------------------------------------------
Jon Loeliger                Loeliger Consulting
jdl@???                FreeBSD, Linux, Compilers, Games



----------------------------------------------------------------

# SPF Auth test for Exim 4.xx
# Version 2.02 by david@???
#
# Features:
#
#    Full SPF support via spfd socket
#
# Warning:
#
#    Will use acl_m9, acl_m8, acl_m7 and acl_m6
#
# Requires
#
#    Mail::SPF::Query ver 1.9.1
#
# Usage instructions:
#
# 1. copy this file to your exim installation directory
#
# 2. add this line to your exim configuration file after your
#    begin acl:
#
#    .include spf.acl
#
# 3. Grab a copy of Mail::SPF::Query from
#    http://spf.pobox.com/downloads.html and install it
#
# 4. Run spfd -path=/tmp/spfd
#
# 5. Now you can use the test on your RCPT/MAIL ACL this way:
#
#    deny    !acl        = spf_rcpt_acl
#
#    And on your DATA ACL:
#
#    deny    senders     = :
#            !acl        = spf_from_acl


spf_rcpt_acl:

    # Check envelope sender


    warn     set acl_m8  = $sender_address
    deny     !acl        = spf_check
    warn     message     = Received-SPF: $acl_m7
    accept


spf_from_acl:

    # Check header From:


    warn     set acl_m8  = ${address:$h_from:}
    deny     !acl        = spf_check
    warn     message     = Received-SPF: $acl_m7
    accept


spf_check:

    warn     set acl_m9  = ${readsocket{/tmp/spfd}\
                           {ip=$sender_host_address\nhelo=$sender_helo_name\
                           \nsender=$acl_m8\n\n}{20s}{\n}{socket failure}}


    # Defer on socket error


    defer    condition   = ${if eq{$acl_m9}{socket failure}{yes}{no}}
             message     = Cannot connect to spfd


    # Prepare answer and get results


    warn     set acl_m9  = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\" }}
             set acl_m8  = ${extract{result}{$acl_m9}{$value}{unknown}}
             set acl_m7  = ${extract{header_comment}{$acl_m9}{$value}{}}


    # Check for fail


    deny     condition   = ${if eq{$acl_m8}{fail}{yes}{no}}
             message     = $acl_m7
             log_message = Not authorized by SPF


    accept