On 16/05/11 14:50, James Isolder wrote:
> SPF works well in the receipt phase if domain.com is in the group
> spfenabled. So in the example below my spf in rcpt phase the SPF give
> back the proper error and blocks the email if it comes from a mail
> server not in the SPF record.
[snip]
> I would like the SPF to work in the DATA phase as well.
SPF will only work in the HELO and RCPT ACLs as this is when the
information is available. You can store the information in $acl_m_ type
variables at RCPT time in a "warn" block and use it in the DATA or
preDATA ACL if you really want to move the check there.
There is no way to force the spf control to use a different address as
it uses the one given either on the HELO/EHLO line, or RCPT TO line. By
the time it gets to DATA or preDATA, it has no data to use.
It actually appears to be a bug that Exim doesn't panic and error out
when the spf control is used anywhere but in the helo or rcpt acls.
Reject on softfail is a bit iffy. Of course, google.com is an exception
there.
You should also not be checking the From: header against SPF. The From:
header is part of the message and can contain anything the sender feels
like. If you do this check against emails that come from this mailing
list, you will also run into many false positives.
If you wish to ensure the data inside the message is valid, use DKIM,
PGP, S/MIME, etc. instead of something designed for a different purpose.
The SPF RFC
http://www.ietf.org/rfc/rfc4408.txt