SPF works well in the receipt phase if domain.com is in the group spfenabled. So in the example below my spf in rcpt phase the SPF give back the proper error and blocks the email if it comes from a mail server not in the SPF record.
Result of SPF
check spf = softfail : failSPF result is softfail (4)
ACL in RCPT phasedrop sender_domains = +spfenabled spf = softfail : fail logwrite = SPFRCPTFAIL - $spf_header_comment
Examplehelo testermail from: <test@???>rcpt to: <myemail@???>data
but in the this scenario it fails. So i would like to be able to test the "From:" against SPF as well. It looks like it is working but it gives back a neutral response which is wrong.
Examplehelo testermail from: <test@???>rcpt to: <myemail@???>dataFrom:<test@???>
ACL in DATA phasedrop condition = ${if match_domain{${domain:${address:$h_from:}}}{+spfenabled}} spf = softfail : fail logwrite = SPFDATAFAIL - $spf_header_comment
processing "deny"domain.com in "lsearch;/etc/exim/config/spfblocklist"? yes (matched "lsearch;/etc/exim/config/spfblocklist")domain.com in "+spfenabled"? yes (matched "+spfenabled")check condition = ${if match_domain{${domain:${address:$h_from:}}}{+spfenabled}} = truecheck spf = softfail : failSPF result is neutral (1)
I would like the SPF to work in the DATA phase as well.