Following on from my question about getting access to the libspf2 functions
from within Exim routers/transports rather than within ACLs, so I can easily
restrict SRS rewriting to envelope senders I'm forbidden to relay as, I've
implemented a spf lookup type for Exim 4.51. The (very small) patch is here:
http://home.arachsys.com/~chris/exim-4.51-spflookup.patch
I've conditionalised on EXPERIMENTAL_SPF rather than LOOKUP_SPF, as
presumably the two sets of features belong together, and if the spf ACL is
experimental, my lookup certainly is! I'm happy to change this, though, and
rework the patch as required to (hopefully) get it into exim. Without a
lookup or condition along these lines, the newly introduced SRS support is
hard to use in a non-invasive way.
The lookup works like this:
$ build-Linux-i386/exim -be
> ${lookup {chris@???} spf{127.0.0.1}}
pass
> ${lookup {chris@???} spf{131.111.8.42}}
none
> ${lookup {postmaster@???} spf{82.211.77.6}}
neutral
> ${lookup {postmaster@???} spf{turnip}}
Failed: invalid IP address 'turnip'
so you can put something like
srs_condition = ${if match {${lookup {$return_path} spf{MYIP}}} {fail}}
on the srs rewriting router to get sensible behaviour.
Feedback very gladly received. I'm aware the code is somewhat devoid of
boilerplate and comments at the moment, but I thought I'd get a tentative
version out for people's thoughts before polishing!
Cheers,
Chris.
