Dan_Mitton@??? wrote:
> I agree SPF != Ident, but when I test SPF / libspf2 using the -bh command
> line option, I get nothing but '(permanent error) (7)' results.
>
> I sent a real mail message from my gmail account. I see in my logs that
> SPF gives a 'pass'...
>
> 2008-07-14 08:32:36 [25130] H=yx-out-1718.google.com [74.125.44.152]:32110
> I=[198.147.246.55]:25 Warning: MAIL - Would not be blocked by SPF: (pass)
> ip=74.125.44.152, sender=danmittonsr@???,
> helo=yx-out-1718.google.com
Doing the same thing as you with libspf2-1.2.5 with the following ACL
snippet in my RCPT ACL ..
# Deny outright a plain as day failure. This should be whitelisted
deny message = ERRMSG_SPFFAIL
hosts = !+relay_from_hosts
!authenticated = *
spf = fail
continue = ${readsocket{GLSOCK}{spffail \
$sender_host_address}{20s}{ }{SOCKETERROR}}
exim -bh 74.125.44.152
...
HELO yx-out-1718.google.com
...
MAIL FROM:<example@???>
...
RCPT TO:<valid@???>
...
>>> processing "deny"
>>> check hosts = !+relay_from_hosts
>>> host in "!+relay_from_hosts"? yes (end of list)
>>> check !authenticated = *
>>> check spf = fail
>>> SPF result is pass (2)
>>> deny: condition test failed
Perhaps it is causing an error without the HELO/EHLO string. I can't
test that easily right now. It shouldn't need to be in the RCPT ACL
either, the MAIL FROM one I think should be fine, but that's another
thing to check.
--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/
