Sender Policy Framework

<%attr>

autohandler_skip => 1

</%attr>

1. SPF Auth test for Exim 4.xx
2. Version 2.09 by david @ ols . es
3. Features:
4. Full SPF support via spfd socket
5. Warning:
6. Will use acl_m9, acl_m8, acl_m7
7. Requires
8. Mail::SPF::Query ver 1.9.1
9. Usage instructions:
10. 1. copy this file to your /usr/local/exim
11. 2. add this line to your exim configuration file after your
12. begin acl:
13. .include /usr/local/exim/spf.acl
14. 3. Grab a copy of Mail::SPF::Query from
15. http://spf.pobox.com/downloads.html and install it
16. 4. Run spfd -path=/tmp/spfd as the same user as Exim runs
17. 5. Now you can use the test on your RCPT/MAIL ACL this way:
18. deny !acl = spf_rcpt_acl
19. And on your DATA ACL:
20. deny senders = :
21. !acl = spf_from_acl
22. now acl_m8 will hold 'pass','fail', 'unknown', ...
23. so you can take other decisions based on the result
24. like being more strict on some circumstances:
25. deny senders = :
26. condition = ${if eq {$acl_m8}{softfail}{yes}{no
27. message = Not authorized by SPF

spf_rcpt_acl:

    # Check envelope sender
    warn     set acl_m8  = $sender_address
    deny     !acl        = spf_check
    warn     message     = Received-SPF: $acl_m8 ($acl_m7)
    accept

spf_from_acl:

    # Check header From:
    warn     set acl_m8  = ${address:$h_from:}
    deny     !acl        = spf_check
    warn     message     = Received-SPF: $acl_m8 ($acl_m7)
    accept

spf_check:

    warn     set acl_m9  = ${readsocket{/tmp/spfd}\
                           {ip=$sender_host_address\n\
			   helo=${if def:sender_helo_name\
			   {$sender_helo_name}{NOHELO\
                           \nsender=$acl_m8\n\n}{20s}{\n}{socket failure 
    # Defer on socket error
    defer    condition   = ${if eq{$acl_m9}{socket failure}{yes}{no
             message     = Cannot connect to spfd
    # Prepare answer and get results
    warn     set acl_m9  = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\" 
             set acl_m8  = ${extract{result}{$acl_m9}{$value}{unknown
             set acl_m7  = ${extract{header_comment}{$acl_m9}{$value}{
    # Check for fail
    deny     condition   = ${if eq{$acl_m8}{fail}{yes}{no
             message     = ${extract{smtp_comment}{$acl_m9}{$value}{
             log_message = Not authorized by SPF
    accept