Re: [exim] SPF

Top Page
Delete this message
Reply to this message
Author: Grant Peel
Date:  
To: exim-users
Subject: Re: [exim] SPF
Hi all,

I have SPF working for our domain and all incoming email.

1 (Last) question, I hope:


I want to accept email from all hosts at reflexion.net, even if the spf
fails, and then obey all other spf entries. Do these lines look right?

  accept  spf           = fail
          sender_domains = *.reflexion.net
          endpass
          log_message    = Accepted Reflexion
  deny    message       = $sender_host_address is not allowed to send mail 
from \
                          $sender_address_domain
          spf           = fail


-Grant




























Using thelines below in my ACL.

  deny    message       = rejected because $sender_host_address was \
                          found in our blacklist
          log_message   = domain found in $blacklisted_domains
          hosts         = +blacklisted_domains
  accept  spf           = fail
          sender_domains = *.reflexion.net
          log_message    = Accepted Reflexion
  deny    message       = $sender_host_address is not allowed to send mail 
from $sender_address_dom$
          spf           = fail
  accept  domains       = +local_domains


----- Original Message -----
From: "Grant Peel" <gpeel@???>
To: "Toshio Kumagai" <Toshio_Kumagai@???>; <exim-users@???>
Sent: Monday, April 07, 2008 9:55 AM
Subject: Re: [exim] SPF


> Thanks for the Reply,
>
> I guess what I was asking was how to specify those parms when installing
> Exim from FreeBSD ports.
>
> looks like:
>
> make -I WITH_SPF
>
> worked. Just watching the logs now.
>
> But since this discussion is still going, adding these lines from the Wiki
> ... 2 questions.
>
> 1. Does the spf lines look OK?
>
> 2. Are they in the right place in my acl?
>
> begin acl
> acl_check_rcpt:
>  accept  hosts = :
>  deny senders = :
>        dnslists        = ips.backscatterer.org
>        message         = This message looks like a bounce, and your server
> is listed at \
>                        ips.backscatterer.org, so I assume that this is
> "backscatter". \
>                        Please configure your mail server to not send
> "backscatter spam". \
>                        For advice, try http://www.dontbouncespam.org/
>                        log_message = ATTENTION BACKSCATTERER
>  deny    local_parts   = ^.*[@%!/|] : ^\\.
>  deny    senders = :
>          condition     = ${if ! eq{$recipients_count}{1}{1}}
>          message       = Bounces must have only a single recipient
>          log_message   = Another denied due to backscatter-Single 
> Recipient
> # accept  local_parts   = postmaster
> #          domains      = +local_domains
>  require verify        = sender
>  deny    message       = rejected because $sender_host_address was \
>                          found in our blacklist
>          log_message   = domain found in $blacklisted_domains
>          hosts         = +blacklisted_domains
>  deny    message       = $sender_host_address is not allowed to send mail
> from $sender_address_domain
>          spf           = fail
>  accept  domains       = +local_domains
>          endpass
>          message       = unknown user
>          verify        = recipient
>  accept  domains       = +relay_to_domains
>          endpass
>          message       = unrouteable address
>          verify        = recipient
>  accept  hosts         = +relay_from_hosts
>  accept  authenticated = *

>
> -Grant
>
>
> ----- Original Message -----
> From: "Toshio Kumagai" <Toshio_Kumagai@???>
> To: <exim-users@???>
> Sent: Monday, April 07, 2008 9:38 AM
> Subject: Re: [exim] SPF
>
>
>> My config (for solaris10) says:
>>
>> EXPERIMENTAL_SPF=yes
>> CFLAGS=-DSPF -I/usr/local/include
>> EXTRALIBS_EXIM=-L/usr/local/lib -lspf2 -liconv
>>
>> HTH
>>
>> ###
>>
>> Grant Peel ????????:
>>> Hi Ted and all ....
>>>
>>> I now have spf2 installed in its default location, and would like to
>>> recompile Exim to use it.
>>>
>>> I am stumbling (from the info in the Wiki mentioned below) on how to
>>> correctly set these flags in FreeBSD (ports install versions).
>>>
>>> Any help would be appreciated.
>>>
>>> To compile Exim with SPF support, set these additional flags in
>>> Local/Makefile:
>>>
>>> EXPERIMENTAL_SPF=yes
>>> CFLAGS=-DSPF -I/usr/local/include
>>> EXTRALIBS_EXIM=-L/usr/local/lib -lspf2
>>> -Grant----- Original Message -----
>>> From: "Ted Cooper" <eximX1211@???>
>>> To: <exim-users@???>
>>> Sent: Sunday, April 06, 2008 9:51 PM
>>> Subject: Re: [exim] SPF
>>>
>>>
>>>> Grant Peel wrote:
>>>>> Hi all,
>>>>>
>>>>> Sorry, I am sure this questions has been asked, but I cant seem to
>>>>> find
>>>>> the answer.
>>>>>
>>>>> Does anyone have a sample ACL that looks for and honours SPF, and if
>>>>> no
>>>>> SPF is present, ignores and moves on?
>>>>>
>>>>> If so, would you mind sending me a copy with a short explanation?
>>>>>
>>>>> TIA,
>>>>>
>>>>> -Grant
>>>> http://wiki.exim.org/SPF
>>>>
>>>> --
>>>> The Exim Manual
>>>> http://www.exim.org/docs.html
>>>> http://docs.exim.org/current/
>>>>
>>>> --
>>>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>>>> ## Exim details at http://www.exim.org/
>>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>>
>>>>
>>>
>>>
>>
>>
>> --
>> Toshio Kumagai Toshio_Kumagai_At_Kumasan_Dot_ORG, Japan
>> TK2959 / TK127-AP
>> Please replace _At_ and _Dot_ to an appropriate character.
>>
>>
>>
>> --
>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>>
>
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>