home *** CD-ROM | disk | FTP | other *** search

---

/ linuxmafia.com 2016 / linuxmafia.com.tar / linuxmafia.com / exim4 / C048.txt

< prev

next >

Wrap

Internet Message Format  |  2004-08-07  |  3KB

---

1. From: David Saez <david@ols.es>
2. Date: Wed, 30 Jul 2003 16:15:33 +0200
3.  
4. This is a first attempt to have a working SPF ( http://spf.pobox.com/ ) check
5. for Exim 4.xx that does not need patching Exim.
6.  
7.  
8. # SPF Auth test for Exim 4.xx
9. # Version 1.02 by david@ols.es
10. #
11. # Features:
12. #
13. # - SPF lookup with spfinclude recursion support
14. # - Received-SPF: header support
15. # - Null sender support
16. # - No multi spfinclude support
17. # - No IPv6 support
18. #
19. # Warning:
20. #
21. # Will use acl_m9 and acl_m8
22. #
23. # Usage instructions:
24. #
25. # 1. copy this file to your exim installation directory
26. #
27. # 2. add this line to your exim configuration file to allow
28. #    spf like dns names:
29. #
30. #    dns_check_names_pattern = \
31. #    (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9-_]*[^\W_])?)+$
32. #
33. # 3. add this line to your exim configuration file after your
34. #    begin acl:
35. #
36. #    .include spf.acl
37. #
38. # 4. Now you can use the test on your RCPT ACL this way:
39. #
40. #    deny    !acl        = spf_acl
41. #            message     = $sender_host_address is no allowed to send \
42. #                             mail for $sender_address_domain
43. #         log_message = Not authorized by SPF
44. #
45.  
46. spf_acl:
47.  
48.   warn    !senders       = :
49.           set acl_m9     = $sender_address_domain
50.  
51.   warn    senders        = :
52.           set acl_m9     = $sender_helo_name
53.  
54.   deny    !acl           = spf_real_acl
55.   warn    message        = Received-SPF: $acl_m9
56.   accept
57.  
58. spf_real_acl:
59.  
60.   warn    set acl_m9     = ${extract{4}{.}{$sender_host_address}}.\
61.                            ${extract{3}{.}{$sender_host_address}}.\
62.                            ${extract{2}{.}{$sender_host_address}}.\
63.                            ${extract{1}{.}{$sender_host_address}}.\
64.                            in-addr._smtp_client.$acl_m9
65.  
66.   # SPF TXT lookup
67.  
68.   warn    set acl_m8     = ${lookup dnsdb{txt=$acl_m9}{$value}}
69.  
70.   # Split response
71.  
72.   warn    set acl_m8     = ${extract{1}{\n}{$acl_m8}}
73.           set acl_m9     = ${extract{2}{=}{$acl_m8}}
74.           set acl_m8     = ${extract{1}{=}{$acl_m8}}
75.  
76.   # spf=deny
77.  
78.   deny    condition      = ${if eq{$acl_m8}{spf}{yes}{no}}
79.           condition      = ${if eq{$acl_m9}{deny}{yes}{no}}
80.  
81.   # spf=allow
82.  
83.   accept  condition      = ${if eq{$acl_m8}{spf}{yes}{no}}
84.           condition      = ${if eq{$acl_m9}{allow}{yes}{no}}
85.           set acl_m9     = pass ($sender_host_name [$sender_host_address] \
86.                is designated mailer for domain of sender \
87.                $sender_address)
88.  
89.   # spf=softdeny
90.  
91.   accept  condition      = ${if eq{$acl_m8}{spf}{yes}{no}}
92.           condition      = ${if eq{$acl_m9}{softdeny}{yes}{no}}
93.           set acl_m9     = softfail ($sender_host_name [$sender_host_address] \
94.                            not a designated mailer for transitioning \
95.                            domain of sender $sender_address)
96.  
97.   # no SPF
98.  
99.   accept condition       = ${if eq{$acl_m8}{spfinclude}{no}{yes}}
100.          set acl_m9      = unknown (domain of sender $sender_address \
101.                            does not designate mailers)
102.  
103.   # spfinclude
104.  
105.   accept condition       = ${if match{$acl_m9}{:}{yes}{no}}
106.          set acl_m9      = pass (unsupported multiple spfinclude detected)
107.  
108.   accept acl             = spf_real_acl
109.   deny
110.