[Pkg-exim4-users] activating SPF check on incomming mail

Tue Jan 4 19:59:37 UTC 2011

Hi list,

I have recently installed exim4-daemon-heavy and sa-exim with a few
anti-spam measures. I have documented the steps taken here:

http://code.cjb.net/mail-server.html

Spamassassin and greylistd both work as expected, but SPF verification
does not seem to work.

2011-01-04 15:22:56 H=178-33-110-173.kimsufi.com (gtei.net) [178.33.110.173] F=<rosanneb.b at gmail.com> temporarily rejected RCPT <hans at sociologi.cjb.net>: greylisted.
...
2011-01-04 17:30:31 1Pa9mJ-00077o-0G SA: Debug: SAEximRunCond expand returned: '1'
2011-01-04 17:30:31 1Pa9mJ-00077o-0G SA: Debug: check succeeded, running spamc
2011-01-04 17:30:33 1Pa9mJ-00077o-0G SA: Action: scanned but message isn't spam: score=4.8 required=5.0 (scanned in 2/2 secs | Message-Id: 76649590.20110104083008 at gmail.com). From <rosanneb.b at gmail.com> (host=178-33-110-173.kimsufi.com [178.33.110.173]) for hans at sociologi.cjb.net
2011-01-04 17:30:33 1Pa9mJ-00077o-0G <= rosanneb.b at gmail.com H=178-33-110-173.kimsufi.com (novembre) [178.33.110.173] P=smtp S=1322 id=76649590.20110104083008 at gmail.com
2011-01-04 17:30:34 1Pa9mJ-00077o-0G => |/usr/bin/procmail <hans at sociologi.cjb.net> R=userforward T=address_pipe
2011-01-04 17:30:34 1Pa9mJ-00077o-0G Completed

I thought this mail would fail a SPF check, since the IP 178.33.110.173
is not from gmail/google (I assume).

But there is nothing in the exim logs about any SPF check being done.
The mail has two SPF related mail headers, but I guess they could be
forged.

Received: from 178-33-110-173.kimsufi.com ([178.33.110.173] helo=novembre) 
by sociologi.cjb.net with smtp (Exim 4.69) 
(envelope-from <rosanneb.b at gmail.com>) 
id 1Pa9mJ-00077o-0G
for hans at sociologi.cjb.net; Tue, 04 Jan 2011 17:30:33 +0100
From: Rosanne Bentley <rosanneb.b at gmail.com> 
To: Hans <hans at sociologi.cjb.net>
Date: Tue, 4 Jan 2011 08:30:08 +0100 
Reply-To: Rosanne Bentley <rosanneb.b at gmail.com> 
Message-ID: <76649590.20110104083008 at gmail.com>
X-Priority: 3 (Normal) 
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1" 
Content-Transfer-Encoding: quoted-printable
Received-SPF: neutral
X-SPF-Guess: neutral 
X-SA-Exim-Connect-IP: 178.33.110.173 
X-SA-Exim-Mail-From: rosanneb.b at gmail.com
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sociologi.cjb.net 
X-Spam-Level: **** 
X-Spam-Status: No, score=4.8 required=5.0 tests=DATE_IN_PAST_06_12,
RDNS_DYNAMIC,SPF_NEUTRAL,TVD_RCVD_IP autolearn=no version=3.2.5
Subject: web_site_eval 
X-SA-Exim-Version: 4.2.1 (built Wed, 25 Jun 2008 17:14:11 +0000) 
X-SA-Exim-Scanned: Yes (on sociologi.cjb.net)

I configured SPF with the following file:

# cat /etc/exim4/conf.d/main/00_local_options
CHECK_RCPT_REVERSE_DNS = yes
CHECK_RCPT_SPF = yes
smtp_max_synprot_errors = 10

libmail-spf-query-perl is installed:

# dpkg -l libmail-spf-query-perl
||/ Name                                                  Version                                               Description
+++-=====================================================-=====================================================-==========================================================================================================================
ii  libmail-spf-query-perl                                1:1.999.1-3                                           query SPF (Sender Policy Framework) to validate mail senders

How do you know that exim does SPF verification?

-- 
Note that I use Debian version 5.0.7
Linux spelmaskinen 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686 GNU/Linux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20110104/4e0c98a4/attachment.pgp>