Re: [exim] Looking for Mail::SPF (2.002) Exim acl example

Tue, 09 Jan 2007 14:28:07 -0800 

> The older Mail::SPF::Query perl module also included a simple Exim acl
> example, the newer Mail::SPF does not.  Does someone have an example acl
> that might include checking at the HELO, MAIL commands in addition to RCPT
> and DATA commands.
>

You can use the same settings but change a few of the keywords (you can use
the old ones as they aere backwards compatible). If you are familiar with
exim you should be able to add this stuff in..

run at startup: (I'm running Debian)

/usr/sbin/spfd -s /tmp/spfd --socket-user Debian-exim --socket-group
mail --socket-perms 777 -set-user Debian-exim --set-group mail &

exim config things to add..
-------------
acl_smtp_mail                    = acl_check_mail
acl_smtp_rcpt                    = acl_check_rcpt
acl_smtp_data                    = acl_check_data

acl_check_mail:

  deny !acl         = spf_rcpt_acl
          !senders     = : [EMAIL PROTECTED]
          hosts        = !+relay_from_hosts

spf_rcpt_acl:

  warn  set acl_m8  = $sender_address
  deny  !acl        = spf_check
  warn  message     = :at_start:Received-SPF: $acl_m8 ($acl_m7)

accept

spf_from_acl:

  warn  set acl_m8  = ${address:$h_from:}
  deny  !acl        = spf_check
  warn  message     = :at_start:Received-SPF: $acl_m8 ($acl_m7)
        log_message = "SPF Status = $acl_m8"
  accept


spf_check:

    warn     set acl_m9  = ${readsocket{/tmp/spfd}\
                           {ip_address=$sender_host_address\n\
                           helo_identity=$sender_helo_name\n\
                           scope=mfrom\n\
                           identity=$acl_m8\n\n}{60s}{\n}{socket failure}}

    warn    condition    = ${if eq{$acl_m9}{socket failure}{yes}{no}}
             message     = Cannot connect to spfd
             log_message = Error with SPFD

    warn     set acl_m9  = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\" }}
             set acl_m8  = ${extract{result}{$acl_m9}{$value}{unknown}}
             set acl_m7  = ${extract{local_explanation}{$acl_m9}{$value}{}}

    deny     condition   = ${if eq{$acl_m8}{fail}{yes}{no}}
             message     =
${extract{authority_explanation}{$acl_m9}{$value}{}}
             log_message =
${extract{authority_explanation}{$acl_m9}{$value}{}}

    deny     condition   = ${if eq{$acl_m8}{unknown}{yes}{no}}
             message     =
${extract{authority_explanation}{$acl_m9}{$value}{}}
             log_message =
${extract{authority_explanation}{$acl_m9}{$value}{}}

    warn     condition   = ${if eq{$acl_m8}{softfail}{yes}{no}}
            log_message  = Softfail of SPF.

   accept

acl_check_data:

  deny senders = :
       !acl = spf_from_acl

--------------- 


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to