Adding SPF support for Exim
Posted: Mon, Apr 18 11:08 AM (PDT)Adding SPF (Sender Policy Framework) support for Exim version 4.75
To learn more about SPF, visit http://www.openspf.org
Before implement SPF in your Exim mail system, compile and install Exim with libspf2 library. Google will help you :-)
You can now run SPF checks in incoming SMTP by using the "spf" ACL condition in either the MAIL, RCPT or DATA ACLs. When using it in the RCPT ACL, you can make the checks dependend on the RCPT address (or domain), so you can check SPF records only for certain target domains. This gives you the possibility to opt-out certain customers that do not want their mail to be subject to SPF checking.
So. Open your exim configuration file. Find 'acl_check_rcpt' and add after 'accept hosts = :' follow the code:
deny message = $sender_host_address is not allowed to send mail from $sender_address_domain. spf = fail:softfail log_message = SPF check failed. $sender_host_address is not allowed to send mail from $sender_address_domain defer message = SPF check temporary error. Try again later spf = err_temp log_message = SPF check temporary error. H=$sender_host_address D=$sender_address_domain warn spf = pass:neutral:err_perm add_header = X-SPF: $spf_result ($spf_header_comment) warn spf = none add_header = X-SPF: $spf_result (SPF record was not found)
SPF check results:
pass - The SPF check passed, the sending host is positively verified by SPF.
fail - The SPF check failed, the sending host is NOT allowed to send mail for the domain in the envelope-from address.
softfail - The SPF check failed, but the queried domain can't absolutely confirm that this is a forgery.
none - The queried domain does not publish SPF records.
neutral - The SPF check returned a "neutral" state. This means the queried domain has published a SPF record, but wants to allow outside servers to send mail under its domain as well.
err_perm - This indicates a syntax error in the SPF record of the queried domain. This should be treated like "none".
err_temp - This indicates a temporary error during all processing, including Exim's SPF processing. You may defer messages when this occurs.
When the spf condition has run, it sets up several expansion variables:
$spf_header_comment - This contains a human-readable string describing the outcome of the SPF check. You can add it to a custom header or use it for logging purposes.
$spf_received - This contains a complete SPF-Received: header that can be added to the message. Please note that according to the SPF draft, this header must be added at the top of the header list. Please see section 10 on how you can do this.
$spf_result - This contains the outcome of the SPF check in string form, one of pass, fail, softfail, none, neutral, err_perm or err_temp.
$spf_smtp_comment - This contains a string that can be used in a SMTP response to the calling party. Useful for "fail".