SPF and Exim in Debian

Note: This is an old post in a blog with a lot of posts over a long span of time. The world has changed, technologies have changed, and I've changed. It's likely this is out of date, the code doesn't work, the ideas haven't aged well, or the ideas were terrible to begin with. Let me know if you think this is something that needs updating.

Turns out the Debian packager doesn't enable SPF in the exim4-daemon-heavy package. But it took me a couple of hours to figure that out. I ended up implementing SPF using the libmail-spf-query-perl package by adding the following rule to my rcpt acl just before greylist stuff:

accept
  message     = [SPF] $sender_host_address is not allowed to send mail \
                from $sender_address_domain.
  log_message = SPF check failed.
  set acl_m9  = -ipv4=$sender_host_address \
                -sender=$sender_address \
                -helo=$sender_helo_name
  set acl_m9  = ${run{/usr/bin/spfquery $acl_m9}}
  condition   = ${if eq {$runrc}{0}{true}{false}}

The exit codes for spfquery are in the spfquery file (it's a Perl script) and the code for "pass" is 0. So (in theory) this will accept any email that passes the SPF check. Any email that fails the SPF check will go through greylistd. I think that does what I want it to do.

Incidentally, I found the above code (though I inverted the check) here at The Linux Documentation Project.

Want to comment? Send an email to willkg at bluesock dot org. Include the url for the blog entry in your comment so I have some context as to what you're talking about.