[Exim] SPF Checks ONLY for non valid users?

Top Page
Delete this message
Reply to this message
Author: Cal Evans
Date:  
To: Exim-users
Subject: [Exim] SPF Checks ONLY for non valid users?
Greets all,

I've been Googeling for a while now and can't seem to find an answer to
my questions so I'll post it here.

I'm running 4.41 w/exiscan and lspf2.

I have the example ACL working the way I want and life is good. But now
I need to tweak it to support my road-warriors. I have people in the
field w/laptops that use the corporate mail server to send mail.

Is it possible to use something like
!verify        = sender
in the acl_check_rcpt ACL to override the SPF check?


Currently, I have this for SPF support:

   warn    message = X-SPF-3: SPOOF!
           sender_domains = +local_domains
           spf     = !pass


   warn    message = X-SPF-1: SPF Failed.
           spf     = fail
   warn    message = X-SPF-2: $spf_received
           log_message = $spf_received
           spf     = fail


   warn    message = X-SPF-1: SPF $spf_result
           spf     = !fail
   warn    message = X-SPF-2: $spf_received
           log_message = $spf_received
           spf     = !fail


This puts 2 or 3 headers in each email.

X-SPF-1 = the result
X-SPF-2 = the SPF record
X-SPF-3 = Optional. If this looks like a spoofed local domain.

I'm just testing before I start doming something more draconian. But I'd
like to modify X-SPF-3 to ignore a !pass if this is a valid user of the
system.

For the moment, I'm thinking:
   warn    message        = X-SPF-3: SPOOF!
           sender_domains = +local_domains
      !verify        = sender
           spf            = !pass


Would this work? If not, how do others support RoadWarriors and SPF at
the same time? Are there ramifications to doing this I don't understand?

TIA,
=C=

--
:
: Cal Evans
: Evans Internet Construction Company
: 615-260-3385
: http://www.eicc.com
: Building web sites that build your business
: