Bug#1126961: exim4-config: Enable exim4 trust host when checking SPF to enable mx backup host to send the email back.

Eduardo Diaz Rodriguez ediaz at pk25.com
Wed Feb 4 20:37:34 GMT 2026 

I will like to add some type of support for external backup emails.

went you send a email from one server and the mail server is not 
responding, you can send to the MX backup email in a priority order like 
MX 5 MX10 MX100, after the some time the mail backup server will send 
you the mail back to you...

the mail issue is, on the default config a new file 
30_exim4-config_check_rcpt
   .ifdef _HAVE_SPF
   deny
     !acl = acl_local_deny_exceptions
     spf = fail
     message = [SPF] $sender_host_address is not allowed to send mail from \
               ${if def:sender_address_domain 
{$sender_address_domain}{$sender_helo_name}}.
     log_message = SPF check failed.

By default is deny the email..

Will be great if we enable some file like: /etc/exim4/trustedmailhosts 
in order to bypass this rule and allow send the mail back from the MX 
backup without check the SPF
My proposal will be like:

  .ifdef CHECK_RCPT_SPF
   .ifdef _HAVE_SPF
   deny
     !acl = acl_local_deny_exceptions
     !condition = ${if 
match_ip{$sender_host_address}{iplsearch;/etc/exim4/trustedmailhosts}{1}{0}}
     spf = fail
     message = [SPF] $sender_host_address is not allowed to send mail from \
               ${if def:sender_address_domain 
{$sender_address_domain}{$sender_helo_name}}.
     log_message = SPF check failed.

   defer
     !acl = acl_local_deny_exceptions
     spf = temperror
     message = Temporary DNS error while checking SPF record.  Try again 
later.

   warn

I am not a expert on exim rules, maybe there is other way to do it.

Regards!

On 2026-02-04 19:53, Andreas Metzler wrote:
> On 2026-02-04 Eduardo Diaz Rodriguez via Pkg-exim4-maintainers<pkg-exim4-maintainers at alioth-lists.debian.net> wrote:
>> Package: exim4-config
>> Version: 4.96-15+deb12u7
>> Severity: normal
>
>
>
>> -- Package-specific info:
>> Exim version 4.96 #2 built 22-Mar-2025 10:25:14
> [... and nothing else ]
>
> I am at loss. What is this report about?
>
> cu Andreas
>

-------------
By Pk25.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-exim4-maintainers/attachments/20260204/8cf71f37/attachment-0005.htm>

More information about the Pkg-exim4-maintainers mailing list