Autor: Slavko (tblt) Data: Para: exim-users Assunto: Re: [exim] converting from debian package to source
Dňa 8. januára 2022 15:27:45 UTC používateľ Julian Bradfield via Exim-users <exim-users@???> napísal:
>So I suppose the question is: if I drop the master-source-built binary
>on top of the Debian one, what can I expect to break?
IMO nothing will break, except two things:
+ many ACL & routers presets, which may be missing in default config -- carefuly check after change
+ security updates from debian -- you will have to watch and apply them by self
AFAIK spfquery is used in debian's exim for years, thus i am confused, why it is problem for you right now,
especially when most important sites uses SPF in conjunction with DMARC, and you will have problem
to build exim with DMARC support in debian after buster, as it has new version of DMARC lib, which fails
to build with exim (it requires <1.4).
Anyway, checking (pure) SPF only for DMARC enabled sites can leads to false positive/negative results,
especially with forwarding... Phishers already know that RFC5321_From is not shown for users, thus can
be set to something which will pass SPF, i see them daily...
I abandon rejecting mails based on SPF fail some time ago, for now it is logged only (and filled into A-R
header) and i do not remember any one failed SPF, which is not rejected latter due multiple RBL listing...