Re: [exim] Adding authentication results headers for SPF and…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Konstantin Boyandin
Ημερομηνία:  
Προς: exim-users
Υ/ο: Jeremy Harris
Αντικείμενο: Re: [exim] Adding authentication results headers for SPF and DKIM
Jeremy Harris писал 2015-12-14 22:23:
> On 14/12/15 15:52, Konstantin Boyandin wrote:
>> Please elaborate. If I set
>>
>> DISABLE_DKIM=no
>>
>> and run make, and DKIM is *not* built-in, this is expected behaviour?
>> Looks like the actual value of this macro isn't checked, and its mere
>> presence excludes DKIM functionality.
>
> Precisely. The comments say you can set it to "yes", and the example
> has it commented out. You can't infer that you may set it to "no"
> and have what you thought were the obvious semantics, be used.


Why saying about "yes", if actual value doesn't matter?

If mere existence is checked, it's kind of confusing to say about
setting to "yes". The comments should unambiguously define that *any*
value will result in DKIM support being removed.

To whom it may concern: I managed to reach my original goal and set SPF
status headers as required, bu setting the below lines after
acl_check_data: section:

warn    spf = pass:fail:softfail:none:neutral:err_perm:err_temp
         add_header = X-Authentication-Results: spf=$spf_result
         add_header = :at_start:$spf_received


Note that setting

spf = *

in the first line does nothing, I only managed to get headers by listing
explicitly all the possible values.

The core problem, however, was inadequate nameservers in resolv.conf.
They were unable to get properly all the requests in time. To test that,
I ran spfquery utility from command line, and it complained about
'temporary errors' (when 'include' parts were present in SPF record).

So, in case someone really needs the above SPF support, make sure you
specify robust nameservers first, since every message would incur
several (in my tests, up to 12) DNS queries - SPF support is costly.

Thansk to everyone for hints.

Sincerely,
Konstantin