[Exim] SPF ACL for Exim

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MPhilip Hazel at ->
Delete this message
Reply to this message
Author: David Saez
Date:  
To: spf-discuss, exim-users
Subject: [Exim] SPF ACL for Exim
This is a multi-part message in MIME format.
--
Hi !!

This is a first attempt to have a working SPF ( http://spf.pobox.com/ ) check
for Exim 4.xx that does not need patching Exim.

--
Just enjoy ...

I tried switching to gum but couldn't keep it lit. 

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david@???
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------
--
# SPF Auth test for Exim 4.xx
# Version 1.02 by david@???
#
# Features:
#
# - SPF lookup with spfinclude recursion support
# - Received-SPF: header support
# - Null sender support
# - No multi spfinclude support
# - No IPv6 support
#
# Warning:
#
# Will use acl_m9 and acl_m8
#
# Usage instructions:
#
# 1. copy this file to your exim installation directory
#
# 2. add this line to your exim configuration file to allow
#    spf like dns names:
#
#    dns_check_names_pattern = \
#    (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9-_]*[^\W_])?)+$
#
# 3. add this line to your exim configuration file after your
#    begin acl:
#
#    .include spf.acl
#
# 4. Now you can use the test on your RCPT ACL this way:
#
#    deny    !acl        = spf_acl
#            message     = $sender_host_address is no allowed to send \
#                             mail for $sender_address_domain
#         log_message = Not authorized by SPF
#


spf_acl:

warn !senders = :
set acl_m9 = $sender_address_domain

warn senders = :
set acl_m9 = $sender_helo_name

deny !acl = spf_real_acl
warn message = Received-SPF: $acl_m9
accept

spf_real_acl:

warn set acl_m9 = ${extract{4}{.}{$sender_host_address}}.\
${extract{3}{.}{$sender_host_address}}.\
${extract{2}{.}{$sender_host_address}}.\
${extract{1}{.}{$sender_host_address}}.\
in-addr._smtp_client.$acl_m9

# SPF TXT lookup

warn set acl_m8 = ${lookup dnsdb{txt=$acl_m9}{$value}}

# Split response

warn set acl_m8 = ${extract{1}{\n}{$acl_m8}}
set acl_m9 = ${extract{2}{=}{$acl_m8}}
set acl_m8 = ${extract{1}{=}{$acl_m8}}

# spf=deny

deny condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{deny}{yes}{no}}

# spf=allow

accept condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{allow}{yes}{no}}
set acl_m9 = pass ($sender_host_name [$sender_host_address] \
             is designated mailer for domain of sender \
             $sender_address)

# spf=softdeny

accept condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{softdeny}{yes}{no}}
set acl_m9 = softfail ($sender_host_name [$sender_host_address] \
not a designated mailer for transitioning \
domain of sender $sender_address)

# no SPF

accept condition = ${if eq{$acl_m8}{spfinclude}{no}{yes}}
set acl_m9 = unknown (domain of sender $sender_address \
does not designate mailers)

# spfinclude

accept condition = ${if match{$acl_m9}{:}{yes}{no}}
set acl_m9 = pass (unsupported multiple spfinclude detected)

accept acl = spf_real_acl
deny
--



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] Testing messages released with -Mt command[Exim] exim and virtual domains->
Tahini Development Archives administrated by Tahini AdminsLurker (version 2.1)