home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
linuxmafia.com 2016
/
linuxmafia.com.tar
/
linuxmafia.com
/
exim4
/
C048.txt
< prev
next >
Wrap
Internet Message Format
|
2004-08-07
|
3KB
From: David Saez <david@ols.es>
Date: Wed, 30 Jul 2003 16:15:33 +0200
This is a first attempt to have a working SPF ( http://spf.pobox.com/ ) check
for Exim 4.xx that does not need patching Exim.
# SPF Auth test for Exim 4.xx
# Version 1.02 by david@ols.es
#
# Features:
#
# - SPF lookup with spfinclude recursion support
# - Received-SPF: header support
# - Null sender support
# - No multi spfinclude support
# - No IPv6 support
#
# Warning:
#
# Will use acl_m9 and acl_m8
#
# Usage instructions:
#
# 1. copy this file to your exim installation directory
#
# 2. add this line to your exim configuration file to allow
# spf like dns names:
#
# dns_check_names_pattern = \
# (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9-_]*[^\W_])?)+$
#
# 3. add this line to your exim configuration file after your
# begin acl:
#
# .include spf.acl
#
# 4. Now you can use the test on your RCPT ACL this way:
#
# deny !acl = spf_acl
# message = $sender_host_address is no allowed to send \
# mail for $sender_address_domain
# log_message = Not authorized by SPF
#
spf_acl:
warn !senders = :
set acl_m9 = $sender_address_domain
warn senders = :
set acl_m9 = $sender_helo_name
deny !acl = spf_real_acl
warn message = Received-SPF: $acl_m9
accept
spf_real_acl:
warn set acl_m9 = ${extract{4}{.}{$sender_host_address}}.\
${extract{3}{.}{$sender_host_address}}.\
${extract{2}{.}{$sender_host_address}}.\
${extract{1}{.}{$sender_host_address}}.\
in-addr._smtp_client.$acl_m9
# SPF TXT lookup
warn set acl_m8 = ${lookup dnsdb{txt=$acl_m9}{$value}}
# Split response
warn set acl_m8 = ${extract{1}{\n}{$acl_m8}}
set acl_m9 = ${extract{2}{=}{$acl_m8}}
set acl_m8 = ${extract{1}{=}{$acl_m8}}
# spf=deny
deny condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{deny}{yes}{no}}
# spf=allow
accept condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{allow}{yes}{no}}
set acl_m9 = pass ($sender_host_name [$sender_host_address] \
is designated mailer for domain of sender \
$sender_address)
# spf=softdeny
accept condition = ${if eq{$acl_m8}{spf}{yes}{no}}
condition = ${if eq{$acl_m9}{softdeny}{yes}{no}}
set acl_m9 = softfail ($sender_host_name [$sender_host_address] \
not a designated mailer for transitioning \
domain of sender $sender_address)
# no SPF
accept condition = ${if eq{$acl_m8}{spfinclude}{no}{yes}}
set acl_m9 = unknown (domain of sender $sender_address \
does not designate mailers)
# spfinclude
accept condition = ${if match{$acl_m9}{:}{yes}{no}}
set acl_m9 = pass (unsupported multiple spfinclude detected)
accept acl = spf_real_acl
deny