[Pkg-exim4-users] activating SPF check on incomming mail
Andreas Metzler
ametzler at downhill.at.eu.org
Thu Jan 6 08:18:56 UTC 2011
Hans Ekbrand <hans at sociologi.cjb.net> wrote:
> I have recently installed exim4-daemon-heavy and sa-exim with a few
> anti-spam measures. I have documented the steps taken here:
> http://code.cjb.net/mail-server.html
> Spamassassin and greylistd both work as expected, but SPF verification
> does not seem to work.
[...]
> I thought this mail would fail a SPF check, since the IP 178.33.110.173
> is not from gmail/google (I assume).
It is not, but google's SPF records say "neutral".
ametzler at argenau:~$ host -t txt gmail.com
gmail.com descriptive text "v=spf1 redirect=_spf.google.com"
ametzler at argenau:~$ host -t txt _spf.google.com
_spf.google.com descriptive text "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
http://www.openspf.org/SPF_Record_Syntax
"Neutral The SPF record specifies explicitly that nothing can
be said about validity. Intended action: accept"
(LENNY)ametzler at argenau:~$ spfquery.mail-spf-query-perl --ip 178.33.110.173 --mail-from rosanneb.b at gmail.com --helo novembre ; echo $?
neutral
Please see http://www.openspf.org/why.html?sender=rosanneb.b%40gmail.com&ip=178.33.110.173&receiver=spfquery
spfquery: 178.33.110.173 is neither permitted nor denied by domain of rosanneb.b at gmail.com
Received-SPF: neutral (spfquery: 178.33.110.173 is neither permitted nor denied by domain of rosanneb.b at gmail.com) client-ip=178.33.110.173; envelope-from=rosanneb.b at gmail.com; helo=novembre;
3
> But there is nothing in the exim logs about any SPF check being done.
> The mail has two SPF related mail headers, but I guess they could be
> forged.
They are added by the rcpt acl.
[...]
> How do you know that exim does SPF verification?
Try a domain with a restrictive policy, add log statements to the ACL.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-exim4-users
mailing list