Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SPF: Help

EXIM+SPF+whitelist

  

 
SPF help RSS feed   Index | Next | Previous | View Threaded


san.ranbir at gmail

Oct 21, 2009, 4:26 AM

Post #1 of 13 (132 views)
Permalink
EXIM+SPF+whitelist
Hi all,

Thank in advance.

I am new to both EXIM and SPF. Recently I have migrated my mail server from
sendmail to exim4. Operating system is Debian lenny.

I am not sure whether the integration between exim4 and spf on my m/c is
working properly. Following is the procedures that i have used.

1. I have installed spfmilter, spfqtool,spfquery,libmail-spf-query-perl
2. then I have enable the macro CHECK_RCPT_SPF = yes.

I have observed that, other then the "SPF check fail", in all other mails
SPF header appears. In the case where "SPF check fail", mails are rejected.

I want the following:
1. mails to be delivered even after "SPF check fail" status with appropriate
header.
2. how do i add whitelist on SPF (i an running debian lenny)?
3. Is there any document which explains the integration between exim4 and
spf?

Any help would be appreciated.

-ranbir


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spfdiscuss at alandoherty

Oct 21, 2009, 9:12 AM

Post #2 of 13 (127 views)
Permalink
Re: EXIM+SPF+whitelist [In reply to]
none of these are related to this group
{this group is for people seeking help with their "SPF record" setup, not for receivers trying to configure their mailservers}

ALL should be sent to an exim forum/group

as an exim user i can tell you all are well documented in the extensive exim manual

as often stated, exim is a macro programming language, for designing/building your own mailserver from the toolset it provides,
it is not a simple application, and when used properly can be infinitely versatile and complex.

http://lmgtfy.com/?q=Documentation+for+exim

but simply look for the line in your config {somewhere in the rcpt code} that says deny {and has as a condition spf = fail}

comment/rewrite it

but take it off-list

At 12:26 21/10/2009 Wednesday, Ranbir Sanasam wrote:
>Hi all,
>
>Thank in advance.
>
>I am new to both EXIM and SPF. Recently I have migrated my mail server from
>sendmail to exim4. Operating system is Debian lenny.
>
>I am not sure whether the integration between exim4 and spf on my m/c is
>working properly. Following is the procedures that i have used.
>
>1. I have installed spfmilter, spfqtool,spfquery,libmail-spf-query-perl
>2. then I have enable the macro CHECK_RCPT_SPF = yes.
>
>I have observed that, other then the "SPF check fail", in all other mails
>SPF header appears. In the case where "SPF check fail", mails are rejected.
>
>I want the following:
>1. mails to be delivered even after "SPF check fail" status with appropriate
>header.
>2. how do i add whitelist on SPF (i an running debian lenny)?
>3. Is there any document which explains the integration between exim4 and
>spf?
>
>Any help would be appreciated.
>
>-ranbir
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


scott at kitterman

Oct 21, 2009, 10:11 AM

Post #3 of 13 (128 views)
Permalink
Re: EXIM+SPF+whitelist [In reply to]
On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net> wrote:
>none of these are related to this group
>{this group is for people seeking help with their "SPF record" setup, not
for receivers trying to configure their mailservers}
>

I very much disagree. It is on topic. That said, unless someone here is
using Exim, an Exim specific venue might be better (I'm glad to help with
Postfix questions).

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spfdiscuss at alandoherty

Oct 21, 2009, 10:50 AM

Post #4 of 13 (128 views)
Permalink
Re: EXIM+SPF+whitelist [In reply to]
At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
>On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net> wrote:
>>none of these are related to this group
>>{this group is for people seeking help with their "SPF record" setup, not
>for receivers trying to configure their mailservers}
>>
>
>I very much disagree. It is on topic. That said, unless someone here is
>using Exim, an Exim specific venue might be better (I'm glad to help with
>Postfix questions).

if it is I take it all back
send me a copy of the rcpt code of your exim.conf and I'll point out the line

my bad sorry



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


steve at teamITS

Oct 21, 2009, 10:59 AM

Post #5 of 13 (128 views)
Permalink
RE: EXIM+SPF+whitelist [In reply to]
> 2. how do i add whitelist on SPF (i an running debian lenny)?

If you mean that you want any message that passes an SPF check
should be accepted, I would think that could let in a lot of spam...
SPF doesn't say "spam" or "not spam" it tells the recipient if the
sending mail server is authorized to send mail for a domain. I could
set up an SPF record for a domain and then send you a thousand messages
from it, and they would pass SPF.


-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- Have you noticed since everyone has a camcorder these days no one
talks about seeing UFOs like they used to?

~ Taglines by Taglinator: www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


danny at easynetworks

Oct 21, 2009, 12:22 PM

Post #6 of 13 (128 views)
Permalink
RE: EXIM+SPF+whitelist [In reply to]
Well , if it’s a group for helping people seeking help to set up spf records, why cant I get help setting up spf records? Is there some butt licking procedure that must be adhered to first before help is provided?

Danny



-----Original Message-----
From: alan [mailto:spfdiscuss[at]alandoherty.net]
Sent: Thursday, 22 October 2009 3:50 AM
To: spf-help[at]v2.listbox.com
Subject: Re: [spf-help] EXIM+SPF+whitelist

At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
>On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net> wrote:
>>none of these are related to this group
>>{this group is for people seeking help with their "SPF record" setup, not
>for receivers trying to configure their mailservers}
>>
>
>I very much disagree. It is on topic. That said, unless someone here is
>using Exim, an Exim specific venue might be better (I'm glad to help with
>Postfix questions).

if it is I take it all back
send me a copy of the rcpt code of your exim.conf and I'll point out the line

my bad sorry



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


aculver at uwo

Oct 21, 2009, 12:28 PM

Post #7 of 13 (128 views)
Permalink
Re: EXIM+SPF+whitelist [In reply to]
I don't see that you've posted any SPF questions to the list. Please use
a fresh Subject: line though, so we don't confuse the two threads.

Andrew


Danny Vincent wrote:
> Well , if it’s a group for helping people seeking help to set up spf records, why cant I get help setting up spf records? Is there some butt licking procedure that must be adhered to first before help is provided?
>
> Danny
>
>
>
> -----Original Message-----
> From: alan [mailto:spfdiscuss[at]alandoherty.net]
> Sent: Thursday, 22 October 2009 3:50 AM
> To: spf-help[at]v2.listbox.com
> Subject: Re: [spf-help] EXIM+SPF+whitelist
>
> At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
>> On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net> wrote:
>>> none of these are related to this group
>>> {this group is for people seeking help with their "SPF record" setup, not
>> for receivers trying to configure their mailservers}
>> I very much disagree. It is on topic. That said, unless someone here is
>> using Exim, an Exim specific venue might be better (I'm glad to help with
>> Postfix questions).
>
> if it is I take it all back
> send me a copy of the rcpt code of your exim.conf and I'll point out the line
>
> my bad sorry
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spfdiscuss at alandoherty

Oct 21, 2009, 12:44 PM

Post #8 of 13 (128 views)
Permalink
RE: EXIM+SPF+whitelist [In reply to]
At 20:22 21/10/2009 Wednesday, Danny Vincent wrote:
>Well , if it?s a group for helping people seeking help to set up spf records, why cant I get help setting up spf records? Is there some butt licking procedure that must be adhered to first before help is provided?

no just mail your question

just grepped my mails and your address has never been seen as long as I have been a subscriber



>Danny
>
>
>
>-----Original Message-----
>From: alan [mailto:spfdiscuss[at]alandoherty.net]
>Sent: Thursday, 22 October 2009 3:50 AM
>To: spf-help[at]v2.listbox.com
>Subject: Re: [spf-help] EXIM+SPF+whitelist
>
>At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
>>On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net> wrote:
>>>none of these are related to this group
>>>{this group is for people seeking help with their "SPF record" setup, not
>>for receivers trying to configure their mailservers}
>>>
>>
>>I very much disagree. It is on topic. That said, unless someone here is
>>using Exim, an Exim specific venue might be better (I'm glad to help with
>>Postfix questions).
>
>if it is I take it all back
>send me a copy of the rcpt code of your exim.conf and I'll point out the line
>
>my bad sorry
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com
>
>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


scott at kitterman

Oct 21, 2009, 12:53 PM

Post #9 of 13 (128 views)
Permalink
RE: EXIM+SPF+whitelist [In reply to]
On Thu, 22 Oct 2009 05:22:57 +1000 "Danny Vincent" <danny[at]easynetworks.com.au> wrote:
>Well , if it’s a group for helping people seeking help to set up spf records, why cant I get help setting up spf records? Is there some ...

No, but that's an excellent way to get yourself removed from the list. First and only warning.

Scott K


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


san.ranbir at gmail

Oct 21, 2009, 11:01 PM

Post #10 of 13 (128 views)
Permalink
Re: EXIM+SPF+whitelist [In reply to]
Thanks Allan,
Following is the rcpt record.

.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail from
${if def:sender_address_domain
{$sender_address_domain}{$sender_helo_name}}. \
Please see
http://www.openspf.org/Why?scope=${ifdef:sender_address_domain
{mfrom}{helo}};identity=${if
def:sender_address_domain
{$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\"
--mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}

defer
message = Temporary DNS error while checking SPF record. Try again
later.
condition = ${if eq {$runrc}{5}{yes}{no}}

warn
message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
{$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}{${if eq
{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}

warn
message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
{$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}{${if eq
{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
log_message = Unexpected error in SPF check.
condition = ${if >{$runrc}{6}{yes}{no}}

# Support for best-guess (see http://www.openspf.org/developers-guide.html
)
warn
message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip
\"$sender_host_address\" --mail-from \"$sender_address\" \ --helo
\"$sender_helo_name\" --guess true}\
{pass}{${if eq {$runrc}{2}{softfail}{${if eq
{$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}

defer
message = Temporary DNS error while checking SPF record. Try again
later.
condition = ${if eq {$runrc}{5}{yes}{no}}
.endif


On Wed, Oct 21, 2009 at 11:20 PM, alan <spfdiscuss[at]alandoherty.net> wrote:

> At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
> >On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net>
> wrote:
> >>none of these are related to this group
> >>{this group is for people seeking help with their "SPF record" setup, not
> >for receivers trying to configure their mailservers}
> >>
> >
> >I very much disagree. It is on topic. That said, unless someone here is
> >using Exim, an Exim specific venue might be better (I'm glad to help with
> >Postfix questions).
>
> if it is I take it all back
> send me a copy of the rcpt code of your exim.conf and I'll point out the
> line
>
> my bad sorry
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


spfdiscuss at alandoherty

Oct 21, 2009, 11:46 PM

Post #11 of 13 (127 views)
Permalink
Re: EXIM+SPF+whitelist [In reply to]
wow messy
but think the below changes to first section should work

ie no deny happens

and then later condition 1 is another valid header adding condition

but this could be done way cleaner and i can't figure out the second header adding code that runs the same code if response is >6 {which should cause an error}
{also if you don't want to reject on fail you might also not want to defer on dns issues?}

will get sleep and possibly have a 2 section version for you tomorrow
7:45 and still awake from yesterday

At 07:01 22/10/2009 Thursday, Ranbir Sanasam wrote:
>Thanks Allan,
>Following is the rcpt record.
>
> .ifdef CHECK_RCPT_SPF
> warn
> message = [SPF] $sender_host_address is not allowed to send mail from
>${if def:sender_address_domain
>{$sender_address_domain}{$sender_helo_name}}. \
> Please see
>http://www.openspf.org/Why?scope=${ifdef:sender_address_domain
>{mfrom}{helo}};identity=${if
>def:sender_address_domain
>{$sender_address}{$sender_helo_name}};ip=$sender_host_address
> log_message = SPF check failed.
> !acl = acl_local_deny_exceptions
> condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\"
>--mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
> {no}{${if eq {$runrc}{1}{yes}{no}}}}
>
> defer
> message = Temporary DNS error while checking SPF record. Try again
>later.
> condition = ${if eq {$runrc}{5}{yes}{no}}
>
> warn
> message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
>{$runrc}{1}{hardfail}{${if eq{$runrc}{2}{softfail}\
> {${if eq {$runrc}{3}{neutral}{${if eq
>{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}}}
> condition = ${if <={$runrc}{6}{yes}{no}}
>
> warn
> message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
>{$runrc}{2}{softfail}\
> {${if eq {$runrc}{3}{neutral}{${if eq
>{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
> log_message = Unexpected error in SPF check.
> condition = ${if >{$runrc}{6}{yes}{no}}
>
> # Support for best-guess (see http://www.openspf.org/developers-guide.html
>)
> warn
> message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip
>\"$sender_host_address\" --mail-from \"$sender_address\" \ --helo
>\"$sender_helo_name\" --guess true}\
> {pass}{${if eq {$runrc}{2}{softfail}{${if eq
>{$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
> {${if eq {$runrc}{6}{none}{error}}}}}}}}}}
> condition = ${if <={$runrc}{6}{yes}{no}}
>
> defer
> message = Temporary DNS error while checking SPF record. Try again
>later.
> condition = ${if eq {$runrc}{5}{yes}{no}}
> .endif
>
>
>On Wed, Oct 21, 2009 at 11:20 PM, alan <spfdiscuss[at]alandoherty.net> wrote:
>
>> At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
>> >On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net>
>> wrote:
>> >>none of these are related to this group
>> >>{this group is for people seeking help with their "SPF record" setup, not
>> >for receivers trying to configure their mailservers}
>> >>
>> >
>> >I very much disagree. It is on topic. That said, unless someone here is
>> >using Exim, an Exim specific venue might be better (I'm glad to help with
>> >Postfix questions).
>>
>> if it is I take it all back
>> send me a copy of the rcpt code of your exim.conf and I'll point out the
>> line
>>
>> my bad sorry
>>
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/ [
>> http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Powered by Listbox: http://www.listbox.com
>>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


danny at easynetworks

Oct 22, 2009, 12:17 AM

Post #12 of 13 (127 views)
Permalink
RE: EXIM+SPF+whitelist [In reply to]
Ok Alan, thanks for your help today/tonight.

Danny



-----Original Message-----
From: alan [mailto:spfdiscuss[at]alandoherty.net]
Sent: Thursday, 22 October 2009 4:46 PM
To: spf-help[at]v2.listbox.com
Subject: Re: [spf-help] EXIM+SPF+whitelist

wow messy
but think the below changes to first section should work

ie no deny happens

and then later condition 1 is another valid header adding condition

but this could be done way cleaner and i can't figure out the second header adding code that runs the same code if response is >6 {which should cause an error}
{also if you don't want to reject on fail you might also not want to defer on dns issues?}

will get sleep and possibly have a 2 section version for you tomorrow
7:45 and still awake from yesterday

At 07:01 22/10/2009 Thursday, Ranbir Sanasam wrote:
>Thanks Allan,
>Following is the rcpt record.
>
> .ifdef CHECK_RCPT_SPF
> warn
> message = [SPF] $sender_host_address is not allowed to send mail from
>${if def:sender_address_domain
>{$sender_address_domain}{$sender_helo_name}}. \
> Please see
>http://www.openspf.org/Why?scope=${ifdef:sender_address_domain
>{mfrom}{helo}};identity=${if
>def:sender_address_domain
>{$sender_address}{$sender_helo_name}};ip=$sender_host_address
> log_message = SPF check failed.
> !acl = acl_local_deny_exceptions
> condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\"
>--mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
> {no}{${if eq {$runrc}{1}{yes}{no}}}}
>
> defer
> message = Temporary DNS error while checking SPF record. Try again
>later.
> condition = ${if eq {$runrc}{5}{yes}{no}}
>
> warn
> message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
>{$runrc}{1}{hardfail}{${if eq{$runrc}{2}{softfail}\
> {${if eq {$runrc}{3}{neutral}{${if eq
>{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}}}
> condition = ${if <={$runrc}{6}{yes}{no}}
>
> warn
> message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
>{$runrc}{2}{softfail}\
> {${if eq {$runrc}{3}{neutral}{${if eq
>{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
> log_message = Unexpected error in SPF check.
> condition = ${if >{$runrc}{6}{yes}{no}}
>
> # Support for best-guess (see http://www.openspf.org/developers-guide.html
>)
> warn
> message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip
>\"$sender_host_address\" --mail-from \"$sender_address\" \ --helo
>\"$sender_helo_name\" --guess true}\
> {pass}{${if eq {$runrc}{2}{softfail}{${if eq
>{$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
> {${if eq {$runrc}{6}{none}{error}}}}}}}}}}
> condition = ${if <={$runrc}{6}{yes}{no}}
>
> defer
> message = Temporary DNS error while checking SPF record. Try again
>later.
> condition = ${if eq {$runrc}{5}{yes}{no}}
> .endif
>
>
>On Wed, Oct 21, 2009 at 11:20 PM, alan <spfdiscuss[at]alandoherty.net> wrote:
>
>> At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
>> >On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net>
>> wrote:
>> >>none of these are related to this group
>> >>{this group is for people seeking help with their "SPF record" setup, not
>> >for receivers trying to configure their mailservers}
>> >>
>> >
>> >I very much disagree. It is on topic. That said, unless someone here is
>> >using Exim, an Exim specific venue might be better (I'm glad to help with
>> >Postfix questions).
>>
>> if it is I take it all back
>> send me a copy of the rcpt code of your exim.conf and I'll point out the
>> line
>>
>> my bad sorry
>>
>>
>>
>> -------------------------------------------
>> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>> Modify Your Subscription: http://www.listbox.com/member/ [
>> http://www.listbox.com/member/]
>>
>> Archives: https://www.listbox.com/member/archive/1020/=now
>> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>> Powered by Listbox: http://www.listbox.com
>>
>
>
>-------------------------------------------
>Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
>Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]
>
>Archives: https://www.listbox.com/member/archive/1020/=now
>RSS Feed: https://www.listbox.com/member/archive/rss/1020/
>Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com


san.ranbir at gmail

Oct 23, 2009, 3:44 AM

Post #13 of 13 (126 views)
Permalink
Re: EXIM+SPF+whitelist [In reply to]
Thank you Alan,

As of now, it is working as intended.

regards
-ranbir

On Thu, Oct 22, 2009 at 12:16 PM, alan <spfdiscuss[at]alandoherty.net> wrote:

> wow messy
> but think the below changes to first section should work
>
> ie no deny happens
>
> and then later condition 1 is another valid header adding condition
>
> but this could be done way cleaner and i can't figure out the second header
> adding code that runs the same code if response is >6 {which should cause an
> error}
> {also if you don't want to reject on fail you might also not want to defer
> on dns issues?}
>
> will get sleep and possibly have a 2 section version for you tomorrow
> 7:45 and still awake from yesterday
>
> At 07:01 22/10/2009 Thursday, Ranbir Sanasam wrote:
> >Thanks Allan,
> >Following is the rcpt record.
> >
> > .ifdef CHECK_RCPT_SPF
> > warn
> > message = [SPF] $sender_host_address is not allowed to send mail from
> >${if def:sender_address_domain
> >{$sender_address_domain}{$sender_helo_name}}. \
> > Please see
> >http://www.openspf.org/Why?scope=${ifdef:sender_address_domain<http://www.openspf.org/Why?scope=$%7Bifdef:sender_address_domain>
> >{mfrom}{helo}};identity=${if
> >def:sender_address_domain
> >{$sender_address}{$sender_helo_name}};ip=$sender_host_address
> > log_message = SPF check failed.
> > !acl = acl_local_deny_exceptions
> > condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\"
> >--mail-from \"$sender_address\" --helo \"$sender_helo_name\"}\
> > {no}{${if eq {$runrc}{1}{yes}{no}}}}
> >
> > defer
> > message = Temporary DNS error while checking SPF record. Try again
> >later.
> > condition = ${if eq {$runrc}{5}{yes}{no}}
> >
> > warn
> > message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
> >{$runrc}{1}{hardfail}{${if eq{$runrc}{2}{softfail}\
> > {${if eq {$runrc}{3}{neutral}{${if eq
> >{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}}}
> > condition = ${if <={$runrc}{6}{yes}{no}}
> >
> > warn
> > message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
> >{$runrc}{2}{softfail}\
> > {${if eq {$runrc}{3}{neutral}{${if eq
> >{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
> > log_message = Unexpected error in SPF check.
> > condition = ${if >{$runrc}{6}{yes}{no}}
> >
> > # Support for best-guess (see
> http://www.openspf.org/developers-guide.html
> >)
> > warn
> > message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip
> >\"$sender_host_address\" --mail-from \"$sender_address\" \ --helo
> >\"$sender_helo_name\" --guess true}\
> > {pass}{${if eq {$runrc}{2}{softfail}{${if
> eq
> >{$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
> > {${if eq {$runrc}{6}{none}{error}}}}}}}}}}
> > condition = ${if <={$runrc}{6}{yes}{no}}
> >
> > defer
> > message = Temporary DNS error while checking SPF record. Try again
> >later.
> > condition = ${if eq {$runrc}{5}{yes}{no}}
> > .endif
> >
> >
> >On Wed, Oct 21, 2009 at 11:20 PM, alan <spfdiscuss[at]alandoherty.net>
> wrote:
> >
> >> At 18:11 21/10/2009 Wednesday, Scott Kitterman wrote:
> >> >On Wed, 21 Oct 2009 17:12:24 +0100 alan <spfdiscuss[at]alandoherty.net>
> >> wrote:
> >> >>none of these are related to this group
> >> >>{this group is for people seeking help with their "SPF record" setup,
> not
> >> >for receivers trying to configure their mailservers}
> >> >>
> >> >
> >> >I very much disagree. It is on topic. That said, unless someone here
> is
> >> >using Exim, an Exim specific venue might be better (I'm glad to help
> with
> >> >Postfix questions).
> >>
> >> if it is I take it all back
> >> send me a copy of the rcpt code of your exim.conf and I'll point out the
> >> line
> >>
> >> my bad sorry
> >>
> >>
> >>
> >> -------------------------------------------
> >> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org
> ]
> >> Modify Your Subscription: http://www.listbox.com/member/ [
> >> http://www.listbox.com/member/]
> >>
> >> Archives: https://www.listbox.com/member/archive/1020/=now
> >> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >> Powered by Listbox: http://www.listbox.com
> >>
> >
> >
> >-------------------------------------------
> >Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> >Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
> >
> >Archives: https://www.listbox.com/member/archive/1020/=now
> >RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> >Powered by Listbox: http://www.listbox.com
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
> Modify Your Subscription: http://www.listbox.com/member/ [
> http://www.listbox.com/member/]
>
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ [http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

SPF help RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.