Mike Cardwell wrote:
>>>> I'm thinking that forgers would be less of a problem that false
>>>> positives produced by forwarded email.
>>>>
>>> I'm thinking the opposite.
>> Then you would merely NOT use the feature and I would.
>
> I'm not sure "feature" is the right word. What you've suggested will
> never be a part of any SPF implementation as it is quite simply
> ludicrous. If someone wanted to do it though, I'd suggest using spfquery:
>
> ${run{/usr/bin/spfquery --mail-from $sender_address --helo
> $sender_helo_name --ip $acl_m0}}
>
> Where $acl_m0 is the IP. You'd use one of the ${for} methods to iterate
> over a list of IPs after stripping them out of the received headers with
> ${sg}
You could make an argument actually that the SPF support in Exim should
allow you to specify the IP address. There are cases where a trusted
mail server forwards mail on to you and you might want to pull out the
ip from the last received header or elsewhere, for the check.
So the following two would be equivalent:
deny spf = fail
deny spf = fail/$sender_host_address
I don't care enough to put in a feature request though.
--
Mike Cardwell
(
https://secure.grepular.com/) (
http://perlcv.com/)