On 06/04/2021 03:32, Victor Sudakov via Exim-users wrote:
> acl_smtp_dkim = acl_check_dkim
> begin acl
> acl_check_dkim:
> accept add_header = :at_start:${authresults {$primary_hostname}}
>
> However I see only the iprev= and dkim= results in the resulting
> "Authentication-Results:" header. What and where should I add to also
> see the SPF results there?
>
> On another box elsewhere, I have an "spf = fail" check in
> acl_check_mail, but on this box, I don't want to block incoming mail on
> SPF failure, I just want the result of SPF validation to appear in the
> "Authentication-Results".
>
Doing an spf verify operation (either by using an ACL "spf" condition or
by using an spf lookup string-expansion) records info that the
authresults expansion can incorporate. You do not need to take any
action (specifically, you do not need to reject the message) as a
result of doing the spf verify; a warn verb (with no message...)
would do the job.
Your use of the dkim acl for adding the auth-results header will
go wrong when there are multiple or no dkim signatures. Use the
data acl instead.
--
Cheers,
Jeremy
