[Pkg-exim4-users] Does sa-exim block the use of the SPF ACL?

Steinar Bang sb at dod.no
Tue Aug 17 10:16:30 UTC 2010

>>>>> Steinar Bang <sb at dod.no>:

> So I guess that SPF is now working.  Only not for my own domain.

> Which means that there is something wrong with my DNS SPF records...?

The answer is that I had set up the SPF for "softfail"

It was 
 mydomain.no.           86400   IN      TXT     "v=spf1 mx ~all"
but is now
 mydomain.no.           86400   IN      TXT     "v=spf1 mx -all"

When creating the original record I just followed the wizard at
"Deploying SPF" on http://www.openspf.org/ and pasted the results into
the bind zone file.  And a soft fail was what it created.

Later reading seems to indicate that there should be an SPF record type,
rather than misusing the TXT record type.  But I don't know if the BIND
that publishes my zone file supports that.

So.. right now there are two handlers of SPF: exim itself and
sa-exim/spamassassin.  I guess sa-exim never sees it, since exim now
rejects SPF failures...?  Are there downsides to letting exim4 handle
SPF failures directly?  Would I be better off letting
sa-exim/spamassassin handle SPF failures?


- Steinar

More information about the Pkg-exim4-users mailing list