Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

exim SPF help

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


bedroomeyes78 at gmail

Jan 20, 2012, 11:20 AM

Post #1 of 2 (349 views)
Permalink
exim SPF help
Folks,

I compiled exim with libspf ( libspf2-1.2.9 )

I published TXT record for the domain that would deny everything except for
my mailers :

IN TXT "v=spf1 mx a ip4: xxx.xxx.xxx.0/24 ip4:xxx.xxx.xxx.x mx:
my_smarthost.com -all"

In my exim.conf in acl_check_rcpt: I added



# SPF Acl clause

warn set acl_m1 = --ip-address=$sender_host_address
--mfrom=$sender_address --helo=$sender_helo_name

set acl_m1 = ${run{/usr/local/bin/spfquery $acl_m1}{$value}{fail}}



deny message = SPF check fail. $sender_host_address is not allowed to
send mail from $sender_address_domain.

condition = ${if eq {$runrc}{1}{1}{0}}



I tested it from remote system by telneting to my relay and was able to
send email forging from address.



What am I missing here? Any help would be greatly appreciated.



Thank you.

Alex
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Jan 21, 2012, 1:45 AM

Post #2 of 2 (343 views)
Permalink
Re: exim SPF help [In reply to]
On 2012-01-20 at 14:20 -0500, bedroomeyes78 [at] gmail wrote:
> Folks,
>
> I compiled exim with libspf ( libspf2-1.2.9 )

That adds a new "spf" condition to Exim's ACL rules. See
"experimental-spec.txt".

> warn set acl_m1 = --ip-address=$sender_host_address
> --mfrom=$sender_address --helo=$sender_helo_name
>
> set acl_m1 = ${run{/usr/local/bin/spfquery $acl_m1}{$value}{fail}}

That runs an external program, instead of using the Exim spf support.

> I tested it from remote system by telneting to my relay and was able to
> send email forging from address.

Run a second copy of the relay on a different port, and debugging turned
on and some extra debugging, like so:

exim -oX $PORTNUM -d+acl,expand -bd

Telnet to that port, look at the debugging output, which will include
more indepth information about ACL testing and string expansion.
--
https://twitter.com/syscomet

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.