Re: [exim] Help to install exim with SPF

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: Re: [exim] Help to install exim with SPF
Dan_Mitton@??? wrote:
> I agree SPF != Ident, but when I test SPF / libspf2 using the -bh command
> line option, I get nothing but '(permanent error) (7)' results.
>
> I sent a real mail message from my gmail account. I see in my logs that
> SPF gives a 'pass'...
>
> 2008-07-14 08:32:36 [25130] H=yx-out-1718.google.com [74.125.44.152]:32110
> I=[198.147.246.55]:25 Warning: MAIL - Would not be blocked by SPF: (pass)
> ip=74.125.44.152, sender=danmittonsr@???,
> helo=yx-out-1718.google.com


Doing the same thing as you with libspf2-1.2.5 with the following ACL 
snippet in my RCPT ACL ..
# Deny outright a plain as day failure. This should be whitelisted
deny    message       = ERRMSG_SPFFAIL
         hosts         = !+relay_from_hosts
         !authenticated = *
         spf           = fail
         continue     = ${readsocket{GLSOCK}{spffail \
           $sender_host_address}{20s}{ }{SOCKETERROR}}


exim -bh 74.125.44.152
...
HELO yx-out-1718.google.com
...
MAIL FROM:<example@???>
...
RCPT TO:<valid@???>
...
>>> processing "deny"
>>> check hosts = !+relay_from_hosts
>>> host in "!+relay_from_hosts"? yes (end of list)
>>> check !authenticated = *
>>> check spf = fail
>>> SPF result is pass (2)
>>> deny: condition test failed


Perhaps it is causing an error without the HELO/EHLO string. I can't
test that easily right now. It shouldn't need to be in the RCPT ACL
either, the MAIL FROM one I think should be fine, but that's another
thing to check.

--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/