Re: [exim] Looking for Mail::SPF (2.002) Exim acl example

Top Page
Delete this message
Reply to this message
Author: Craig Whitmore
Date:  
To: Dan_Mitton
CC: exim-users
Subject: Re: [exim] Looking for Mail::SPF (2.002) Exim acl example
> The older Mail::SPF::Query perl module also included a simple Exim acl
> example, the newer Mail::SPF does not. Does someone have an example acl
> that might include checking at the HELO, MAIL commands in addition to RCPT
> and DATA commands.
>


You can use the same settings but change a few of the keywords (you can use
the old ones as they aere backwards compatible). If you are familiar with
exim you should be able to add this stuff in..

run at startup: (I'm running Debian)

/usr/sbin/spfd -s /tmp/spfd --socket-user Debian-exim --socket-group
mail --socket-perms 777 -set-user Debian-exim --set-group mail &

exim config things to add..
-------------
acl_smtp_mail                    = acl_check_mail
acl_smtp_rcpt                    = acl_check_rcpt
acl_smtp_data                    = acl_check_data


acl_check_mail:

  deny !acl         = spf_rcpt_acl
          !senders     = : postmaster@*
          hosts        = !+relay_from_hosts


spf_rcpt_acl:

  warn  set acl_m8  = $sender_address
  deny  !acl        = spf_check
  warn  message     = :at_start:Received-SPF: $acl_m8 ($acl_m7)


accept

spf_from_acl:

  warn  set acl_m8  = ${address:$h_from:}
  deny  !acl        = spf_check
  warn  message     = :at_start:Received-SPF: $acl_m8 ($acl_m7)
        log_message = "SPF Status = $acl_m8"
  accept



spf_check:

    warn     set acl_m9  = ${readsocket{/tmp/spfd}\
                           {ip_address=$sender_host_address\n\
                           helo_identity=$sender_helo_name\n\
                           scope=mfrom\n\
                           identity=$acl_m8\n\n}{60s}{\n}{socket failure}}


    warn    condition    = ${if eq{$acl_m9}{socket failure}{yes}{no}}
             message     = Cannot connect to spfd
             log_message = Error with SPFD


    warn     set acl_m9  = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\" }}
             set acl_m8  = ${extract{result}{$acl_m9}{$value}{unknown}}
             set acl_m7  = ${extract{local_explanation}{$acl_m9}{$value}{}}


    deny     condition   = ${if eq{$acl_m8}{fail}{yes}{no}}
             message     =
${extract{authority_explanation}{$acl_m9}{$value}{}}
             log_message =
${extract{authority_explanation}{$acl_m9}{$value}{}}


    deny     condition   = ${if eq{$acl_m8}{unknown}{yes}{no}}
             message     =
${extract{authority_explanation}{$acl_m9}{$value}{}}
             log_message =
${extract{authority_explanation}{$acl_m9}{$value}{}}


    warn     condition   = ${if eq{$acl_m8}{softfail}{yes}{no}}
            log_message  = Softfail of SPF.


accept

acl_check_data:

  deny senders = :
       !acl = spf_from_acl


---------------