On 2025/12/08 11:05 PM, Jim Pazarena via Exim-users wrote:
I am wondering what logic I need to put in place to let them bypass the SPF if
they come in by local SSL authentication ? I can't quite reason it out. Thanks
for any suggestions/advice.
First, you need to be not doing the SPF check before the customer has
had a chance to authenticate. But since the checking needs an envelope-from
that was always the case. The mail ACL is a reasonable place.
Second, you need to condition the SPF check on authentication having
not been done. For the commonly-implemented auth methods this ACL
condition suffices:
!authenticated = *
Where you place it depends on how yours SPF checking is phrased.
Here's a simple case:
deny !authenticated = *
spf = fail
For general info on ACLs please refer to the documentation:
https://exim.org/exim-html-current/doc/html/spec_html/index.html
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
