SPF and Exim in Debian 🔗

Turns out the Debian packager doesn't enable SPF in the exim4-daemon-heavy package. But it took me a couple of hours to figure that out. I ended up implementing SPF using the libmail-spf-query-perl package by adding the following rule to my rcpt acl just before greylist stuff:

  accept
    message     = [SPF] $sender_host_address is not allowed to send mail \
                  from $sender_address_domain.
    log_message = SPF check failed.
    set acl_m9  = -ipv4=$sender_host_address \
                  -sender=$sender_address \
                  -helo=$sender_helo_name
    set acl_m9  = ${run{/usr/bin/spfquery $acl_m9}}
    condition   = ${if eq {$runrc}{0}{true}{false}}

The exit codes for spfquery are in the spfquery file (it's a Perl script) and the code for "pass" is 0. So (in theory) this will accept any email that passes the SPF check. Any email that fails the SPF check will go through greylistd. I think that does what I want it to do.

Incidentally, I found the above code (though I inverted the check) here at The Linux Documentation Project.

Want to comment? Send an email to willkg at bluesock dot org. Include the url for the blog entry in your comment so I have some context as to what you're talking about.