[Pkg-exim4-users] SPF, update for the default example & documentation

Gijs Hillenius gijs at hillenius.net
Wed Jun 17 16:25:57 BST 2020 

Hello

I hope this is useful to others.

There is a section on SPF in spec.txt.gz that comes with exim4-base
(version 4.92-8+deb10u4), is a little out of date.

It refers to http://www.openspf.org which stopped working sometime last
year.

Then the Debian Exim wiki showed me that I had failed to notice the
change to spf-tools-perl as the preferred external tool for SPF
checks.

https://wiki.debian.org/Exim#SPF_filtering

All of this because I started noticing that the macro for SPF support
that came with Exim years and years ago was not (no longer?) returning a
meaningfully warning message: it answers "none" to all warnings.

If you use spfquery from spf-tools-perl, the fix is rather simple:
specify you want spfquery to use version 1 (-v 1). There are also a few
minor changes to the syntax of that query.

Here is my current SPF macro


  # Use spfquery to perform a pair of SPF checks
  # This is quite costly in terms of DNS lookups (~6 lookups per mail).  Do not
  # enable if that's an issue.
  # 
  # required:
  # apt install spf-tools-perl
  # and (for monolithic conf file, set CHECK_RCPT_SPF=true in exim4.conf.localmacros
  .ifdef CHECK_RCPT_SPF
  deny
    message = [SPF] $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
              Please check your SPF set-up            
    log_message = SPF check failed.
    condition = ${run{/usr/bin/spfquery -v 1 --ip \"$sender_host_address\" -s \"$sender_address\" --helo-id \"$sender_helo_name\"}\
                     {no}{${if eq {$runrc}{1}{yes}{no}}}}

  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    condition = ${if eq {$runrc}{5}{yes}{no}}

  warn
    condition = ${if <={$runrc}{6}{yes}{no}}
    message = :at_start:Received-SPF: ${if eq {$runrc}{0}{pass}\
                           {${if eq {$runrc}{2}{softfail}\
                           {${if eq {$runrc}{3}{neutral}\
                           {${if eq {$runrc}{4}{unknown}\
                           {${if eq {$runrc}{6}{none}{error}}}}}}}}}\
                           } client-ip=$sender_host_address; \
                                ${if def:sender_address_domain \
                                   {envelope-from=${sender_address}; }{}}\
                                helo=$sender_helo_name

  warn
    log_message = Unexpected error in SPF check.
    condition = ${if >{$runrc}{6}{yes}{no}}
  .endif

More information about the Pkg-exim4-users mailing list