Re: [exim] Before I add SPF checking :-)

Top Page
Delete this message
Reply to this message
Author: Frank DeChellis
Date:  
To: Peter Bowyer, exim-users
Subject: Re: [exim] Before I add SPF checking :-)
Well, I think I'll hold off on that a bit until I have a better handle on
how it works. Thanks for the input.

Can anybody offer me a quick set of rules that would compare the ip source
of an email listed in local_domains vs the Ips in relay_from_hosts? This is
for mail coming in from outside?

Sort of this line of thinking:
1. Is the domain of the email listed in local_domains?
2. Yes? Ok, is the source IP listed in relay_from_hosts?
3. Yes? Move one
4. No? Reject it.

I'm trying to stop the avalanche of emails pretending to come from our
system that are avoiding or spam filter.

I'm thinking it goes under acl_smtp_data

deny message = local domain sent from illegal host
     sender_domains = +sender_domains
     hosts = !+relay_from_hosts


Am I on the right track?

Thanks
Frank


On 1/2/09 4:42 AM, "Peter Bowyer" <peter@???> wrote:

> 2009/1/1 Frank DeChellis <frankd@???>:
>>
>> Hi there,
>>
>> I use Exim 4.67 on NetBSD.
>>
>> I have been reading about implementing libspf2 into my system but before I
>> do :-) Have any of you ever installed SPF using this method:
>>
>> http://www.libspf2.org/patch/25_exim4-config_spf
>>
>> Any downfalls I should watch for?
>
> That method uses a standalone daemon around libspf2 ('spfd'). Exim has
> the ability to call libspf2 directly (as long as you compile it in) -
> I would recommend you use the built-in mechanism. Check out
> http://wiki.exim.org/SPF .
>
>> Will it only do SPF checks on domains that have SPF records?
>
> Good question. Using appropriate tests in your ACLs you can control
> exactly what domains are tested and what action to take on what
> outcomes. My setup uses SPF as a whitelist for an internal list of
> 'trusted' domains, and will never reject a message based on an SPF
> result alone. Rejecting outright on SPF FAIL leaves you vulnerable to
> SPF's 'breaks when mail is forwarded' limitation. As I'm sure someone
> will point out shortly.
>
> Peter
>



Frank DeChellis
President, Internet Access Worldwide
Welland, Ontario, Canada
www.iaw.com