Re: [exim] What causes Exim to just silently skip SPF chec…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Sebastian Nielsen
Date:  
À: 'Mailing List'
Sujet: Re: [exim] What causes Exim to just silently skip SPF checking?
Here is my config for SPF:

  accept
    condition = ${if eq {$sender_address}{}{yes}{no}}
    add_header = X-SPF-Signature: none (Blank sender)
    set acl_m1 = 2
    set acl_m2 = =E2=9E=96 SPF-signatur saknas
  deny
    message = 5.7.23 SPF fail (phishing) -
(${sg{${sg{$spf_smtp_comment}{http\:\/\/www\.open-spf\.org\/Why}{https:\/\/w
ww.sebbe.eu\/spf.cgi}}}{&receiver=sebbe\.eu}{}})
    log_message = SPF check failed: ($spf_header_comment)
    spf = fail : softfail
  warn
    set acl_m1 = 4
  warn
    spf = pass
    add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
    set acl_m1 = 3
    set acl_m2 = =E2=9C=94=EF=B8=8F SPF-signaturen =C3=A4r giltig
  warn
    spf = none : neutral
    add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
    set acl_m1 = 2
    set acl_m2 = =E2=9E=96 SPF-signatur saknas
  warn
    spf = permerror : temperror
    log_message = SPF failure: $spf_header_comment
    add_header = X-SPF-Signature: $spf_result ($spf_header_comment)
    set acl_m1 = 1
    set acl_m2 = =E2=9A=A0=EF=B8=8F Trasig SPF-signatur
   warn
    condition =  ${if eq{$acl_m1}{4}{yes}{no}}
    add_header = X-SPF-Signature: permerror (No SPF lookup was made due to
technical error)
    set acl_m1 = 1
    set acl_m2 = =E2=9A=A0=EF=B8=8F Trasig SPF-signatur
  accept



And the SPF check ends up in " X-SPF-Signature: permerror (No SPF lookup was
made due to technical error)" meaning that the execution isn't aborted
earlier.


-----Ursprungligt meddelande-----
Från: Cyborg via Exim-users <exim-users@???>
Skickat: den 17 september 2020 10:30
Till: exim-users@???
Ämne: Re: [exim] What causes Exim to just silently skip SPF checking?

Am 17.09.20 um 05:54 schrieb Sebastian Nielsen via Exim-users:
> What causes Exim to just silently skip SPF checking?
>


A logic error :)

>
>
> It has started just skipping SPF checking silently, resulting in no
> SPF header at all. And no, there is no ACL that is tripping before the
> SPF check, because I have done a "catch-all" ACL which inserts a
> header after all the SPF checks.
>
> So what can it be?
>

You could start with supplying your acl where the SPF check is done.

Normally it should be in  ...

acl_check_rcpt:

... a lot of other rules ...              <= there will be an "accept"
and the email triggered it.

  # ADD SPF HERE

  # Use "spfquery" to obtain SPF status for this particular sender/host.
  # If the return code of that command is 1, this is an unauthorized sender.
  #
  deny
    message     = [SPF] $sender_host_address is not allowed to send mail
from $sender_address_domain.
    log_message = SPF check failed for $sender_address from
$sender_host_address
   
    etc.. etc..

... a few more other rules ...

best regards,
Marius


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/