Re: [exim] Experimental SPF

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: Pierre-Philipp Braun
Subject: Re: [exim] Experimental SPF
Pierre-Philipp Braun <pbraun@???> (Mi 20 Sep 2017 09:55:52 CEST):
> Hello,
>
> I tried to take advantage of Experimental SPF support with no much success
> in Exim 4.89 as well as development head. I do not know if this is me not
> writing the ACLs correctly or if this is truly unfeatured.
>
> [...]
>
> acl_check_mail:
>        warn            spf = !unknown
>        add_header      = :at_start:$spf_received
>        log_message     = SPF=$spf_result
>        accept spf      = pass


>        accept


You accept everything, despite the SPF results.

> The ACL described earlier passes everything through but
> at least returns information about the SPF result in the logs even if it is
> false, I think.


I'm not sure about the 'spf = !unknown', here on my system I have
a similiar line as 'spf = !none'.

Here is my setup that serves a similiar purpose>

warn     spf          = !none
         logwrite     = SPF: $spf_result for $sender_address
         add_header   = :at_start:$spf_received


> 2017-09-20 10:44:16 H=localhost (crap) [127.0.0.1] Warning: SPF=pass
> 2017-09-20 10:44:45 H=mx.nethence.com (crap) [62.210.110.7] Warning:
> SPF=temperror


Maybe this helps for your localhost experiments:
I did a fast "selfcheck" using swaks:

    swaks … --pipe 'exim -bh 127.0.0.1'


>>> check spf = !none
>>> SPF result is pass (2)
>>> check logwrite = SPF: $spf_result for $sender_address
>>>                = SPF: pass for hs@???

LOG: [17759] SPF: pass for hs@???
>>> check add_header = :at_start:$spf_received
>>>                  = :at_start:Received-SPF: pass (mx.net.schlittermann.de: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=hs@???; helo=mx.net.schlittermann.de;


schlittermann.de.    3600    IN    TXT    "v=spf1 a:hh.schlittermann.de ip4:84.19.194.3/32 -all"


and clearly does not include localhost. So passing messags from
localhost might be a feature of SPF in general or of the implementation
in Exim.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -