<%attr>
autohandler_skip => 1
</%attr>
- SPF Auth test for Exim 4.xx
- Version 2.09 by david @ ols . es
- Features:
- Full SPF support via spfd socket
- Warning:
- Will use acl_m9, acl_m8, acl_m7
- Requires
- Mail::SPF::Query ver 1.9.1
- Usage instructions:
- 1. copy this file to your /usr/local/exim
- 2. add this line to your exim configuration file after your
- begin acl:
- .include /usr/local/exim/spf.acl
- 3. Grab a copy of Mail::SPF::Query from
- http://spf.pobox.com/downloads.html and install it
- 4. Run spfd -path=/tmp/spfd as the same user as Exim runs
- 5. Now you can use the test on your RCPT/MAIL ACL this way:
- deny !acl = spf_rcpt_acl
- And on your DATA ACL:
- deny senders = :
- !acl = spf_from_acl
- now acl_m8 will hold 'pass','fail', 'unknown', ...
- so you can take other decisions based on the result
- like being more strict on some circumstances:
- deny senders = :
- condition = ${if eq {$acl_m8}{softfail}{yes}{no
- message = Not authorized by SPF
spf_rcpt_acl:
# Check envelope sender
warn set acl_m8 = $sender_address
deny !acl = spf_check
warn message = Received-SPF: $acl_m8 ($acl_m7)
accept
spf_from_acl:
# Check header From:
warn set acl_m8 = ${address:$h_from:}
deny !acl = spf_check
warn message = Received-SPF: $acl_m8 ($acl_m7)
accept
spf_check:
warn set acl_m9 = ${readsocket{/tmp/spfd}\
{ip=$sender_host_address\n\
helo=${if def:sender_helo_name\
{$sender_helo_name}{NOHELO\
\nsender=$acl_m8\n\n}{20s}{\n}{socket failure
# Defer on socket error
defer condition = ${if eq{$acl_m9}{socket failure}{yes}{no
message = Cannot connect to spfd
# Prepare answer and get results
warn set acl_m9 = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\"
set acl_m8 = ${extract{result}{$acl_m9}{$value}{unknown
set acl_m7 = ${extract{header_comment}{$acl_m9}{$value}{
# Check for fail
deny condition = ${if eq{$acl_m8}{fail}{yes}{no
message = ${extract{smtp_comment}{$acl_m9}{$value}{
log_message = Not authorized by SPF
accept