Re: [exim] Full SPF/DKIM/DMARC validation policies for Exim …

>   deny condition = ${if eq{$sender_helo_name}{} {1}}
>        message = Nice boys say HELO first
>   # SPF validation
>   deny spf = fail : softfail
>           message = SPF validation failed: \
>                   $sender_host_address is not allowed to send mail from \
>                   ${if def:sender_address_domain \
>                       {$sender_address_domain}{$sender_helo_name}}
>           log_message = SPF validation failed\
>                   ${if eq{$spf_result}{softfail} { (softfail)}{}}: \
>                   $sender_host_address is not allowed to send mail from \
>                   ${if def:sender_address_domain \
>                       {$sender_address_domain}{$sender_helo_name}}
>   deny spf = permerror
>           message = SPF validation failed: \
>                   syntax error in SPF record(s) for \
>                   ${if def:sender_address_domain \
>                       {$sender_address_domain}{$sender_helo_name}}
>           log_message = SPF validation failed (permerror): \
>                   syntax error in SPF record(s) for \
>                   ${if def:sender_address_domain \
>                       {$sender_address_domain}{$sender_helo_name}}
>   defer spf = temperror
>           message = temporary error during SPF validation; \
>                   please try again later
>           log_message = SPF validation failed temporary; deferred
>   # Log SPF none/neutral result
>   warn spf = none : neutral
>           log_message = SPF validation none/neutral
>   warn condition = ${if eq{$sender_host_name}{} {1}}
>        set acl_m_greylistreasons = Host $sender_host_address \
>            lacks reverse DNS\n$acl_m_greylistreasons
>   accept
>           # Add an SPF-Received header to the message
>           add_header = :at_start: $spf_received
>           logwrite = SPF validation passed
> acl_check_dkim:
>   deny dkim_status = fail
>           message = DKIM validation failed: $dkim_verify_status
>           log_message = DKIM validation failed: $dkim_verify_status \
>               (address=$sender_address, domain=$dkim_cur_signer), \
>               signature is bad
>   defer dkim_status = invalid
>           message = DKIM signature invalid: $dkim_verify_status
>           log_message = DKIM signature invalid: $dkim_verify_status \
>               (address=$sender_address, domain=$dkim_cur_signer), \
>               invalid signature
>   # NOTE: dkim_status = none should never happen in this ACL
>   accept
>           # Add an X-DKIM header to the message
>           add_header = :at_start: X-DKIM: DKIM validation passed: \
>               (address=$sender_address domain=$dkim_cur_signer), \
>               signature is good
>           logwrite = DKIM validation passed
> # DMARC
> warn    dmarc_status = quarantine
>         !authenticated = *
>         log_message = Message from $dmarc_used_domain failed sender's
> DMARC policy; QUARANTINE
>         control = dmarc_enable_forensic
>         set acl_m_quarantine = 1
>         # this variable to use in a router/transport
> deny    dmarc_status = reject
>         !authenticated = *
>         message = Message from $dmarc_used_domain failed sender's DMARC
> policy; REJECT
>         control = dmarc_enable_forensic
> warn    add_header = :at_start: ${authresults {$primary_hostname}}
>   local_delivery_quarantine:
>     driver = appendfile
>     #file = /var/mail/$local_part
>     directory = /home/mail-quarantine/Maildir
>     user = mail-quarantine
>     home_directory = /home/mail-quarantine
>     current_directory = /home/mail-quarantine
>     maildir_format
>     delivery_date_add
>     envelope_to_add
>     return_path_add
>     group = mail
>     mode = 0660

This message is part of the following thread:
	the complete thread tree sorted by date
	Adrian (Aad) Offerman at
	Adrian (Aad) Offerman at