spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

New spfd based Exim ACL

2003-12-04 10:56:06
from [David Saez] [Permanent Link] 
Hi !!

Here it goes a working Exim 4 ACL to be used with Mail::SPF::Query ver 1.9.1

--
Best regards ...

Swap read error. You lose your mind.

----------------------------------------------------------------
   David Saez Padros                http://www.ols.es
   On-Line Services 2000 S.L.       e-mail  david(_at_)ols(_dot_)es
   Pintor Vayreda 1                 telf    +34 902 50 29 75
   08184 Palau-Solita i Plegamans   movil   +34 670 35 27 53
----------------------------------------------------------------

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡

# SPF Auth test for Exim 4.xx
# Version 2.02 by david(_at_)ols(_dot_)es
#
# Features:
#
#    Full SPF support via spfd socket
#
# Warning:
#
#    Will use acl_m9, acl_m8, acl_m7 and acl_m6
#
# Requires
#
#    Mail::SPF::Query ver 1.9.1
#
# Usage instructions:
#
# 1. copy this file to your exim installation directory
#
# 2. add this line to your exim configuration file after your
#    begin acl:
#
#    .include spf.acl
#
# 3. Grab a copy of Mail::SPF::Query from
#    http://spf.pobox.com/downloads.html and install it
#
# 4. Run spfd -path=/tmp/spfd
#
# 5. Now you can use the test on your RCPT/MAIL ACL this way:
#
#    deny    !acl        = spf_rcpt_acl
#
#    And on your DATA ACL:
#
#    deny    senders     = :
#            !acl        = spf_from_acl

spf_rcpt_acl:

    # Check envelope sender

    warn     set acl_m8  = $sender_address
    deny     !acl        = spf_check
    warn     message     = Received-SPF: $acl_m7
    accept

spf_from_acl:

    # Check header From:

    warn     set acl_m8  = ${address:$h_from:}
    deny     !acl        = spf_check
    warn     message     = Received-SPF: $acl_m7
    accept

spf_check:

    warn     set acl_m9  = ${readsocket{/tmp/spfd}\
                           {ip=$sender_host_address\nhelo=$sender_helo_name\
                           \nsender=$acl_m8\n\n}{20s}{\n}{socket failure}} 

    # Defer on socket error

    defer    condition   = ${if eq{$acl_m9}{socket failure}{yes}{no}}
             message     = Cannot connect to spfd

    # Prepare answer and get results

    warn     set acl_m9  = ${sg{$acl_m9}{\N=(.*)\n\N}{=\"\$1\" }}
             set acl_m8  = ${extract{result}{$acl_m9}{$value}{unknown}}
             set acl_m7  = ${extract{header_comment}{$acl_m9}{$value}{}}

    # Check for fail

    deny     condition   = ${if eq{$acl_m8}{fail}{yes}{no}}
             message     = $acl_m7
             log_message = Not authorized by SPF

    accept

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Eric Allman comments on SPF, Hallam-Baker, Phillip
Next by Date:  RE: Eric Allman comments on SPF, Hallam-Baker, Phillip
Previous by Thread:  Thoughts on complexity and constituencies, Philip Gladstone
Next by Thread:  Re: New spfd based Exim ACL, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]