Join Log in
Score:0
avatar Server

How to configure EXIM to check SPF record for incoming emails and add 'Received SPF' header to the incoming emails?

by flag
ishtiaqashiq5

I'm playing with Exim and created a mail server that can accept and send emails alright. Now, I want to enable SPF checking for every incoming email so that a Received SPF header is added to these emails. But I can't seem to figure out a way how to do this.

The doc says, SPF verification support is built into Exim if SUPPORT_SPF=yes is set in Local/Makefile. The support uses the libspf2 library https://www.libspf2.org/.

But I suppose one can only set this option to yes if he/she is building Exim from source. I installed it directly from ubuntu package (I imagine libspf2 is auto-installed then) and don't know where the location of the Local/Makefile is. I am pretty sure this can be done pretty easily but I have no clue of this right now.

I also checked the Exim config directory and found the following relevant piece of code in 30_exim4-config_check_rcpt file.

This clearly says, Exim will check SPF record of the sender after the RCPT command if SPF check is enabled and spf-tools-perl is installed. I installed spf-tools-perl and still did not see any Received SPF header. So, this begs two questions.

  1. How to enable SPF checking to enable the execution of this code?
  2. Why spf-tools-perl as the doc clearly says Exim uses libspf. Why two libraries then?
  # Use spfquery to perform a pair of SPF checks.
  #
  # This is quite costly in terms of DNS lookups (~6 lookups per mail).  Do not
  # enable if that's an issue.  Also note that if you enable this, you must
  # install "spf-tools-perl" which provides the spfquery command.
  # Missing spf-tools-perl will trigger the "Unexpected error in
  # SPF check" warning.
  .ifdef CHECK_RCPT_SPF
  deny
    message = [SPF] $sender_host_address is not allowed to send mail from \
              ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.
    log_message = SPF check failed.
    !acl = acl_local_deny_exceptions
    condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
                   ${quote:$sender_host_address} --identity \
                   ${if def:sender_address_domain \
                       {--scope mfrom  --identity ${quote:$sender_address}}\
                       {--scope helo --identity ${quote:$sender_helo_name}}}}\
                   {no}{${if eq {$runrc}{1}{yes}{no}}}}

  defer
    message = Temporary DNS error while checking SPF record.  Try again later.
    !acl = acl_local_deny_exceptions
    condition = ${if eq {$runrc}{5}{yes}{no}}

  warn
    condition = ${if <={$runrc}{6}{yes}{no}}
    add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
                                {${if eq {$runrc}{2}{softfail}\
                                 {${if eq {$runrc}{3}{neutral}\
                  {${if eq {$runrc}{4}{permerror}\
                   {${if eq {$runrc}{6}{none}{error}}}}}}}}}\
                } client-ip=$sender_host_address; \
                ${if def:sender_address_domain \
                   {envelope-from=${sender_address}; }{}}\
                helo=$sender_helo_name

  warn
    log_message = Unexpected error in SPF check.
    condition = ${if >{$runrc}{6}{yes}{no}}
  .endif```
74
0 + 0
spf
Sz. avatar
it flag
Sz.
Have you figured it out eventually?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.