Julian Mehnle wrote on Sunday, November 26, 2006 9:09 AM -0500:
Seth Goodman wrote:
Be aware that under Debian, where Exim is the default MTA, the
maintainers have packaged a special version of Exim compiled
without SPF support. Their docs state that they did this to avoid
encouraging the use of SPF, which they do not like.
I reviewed the exim4 source package, and as far as I could see, this
is NOT true for the current packages.
The memo you cite concerns development of future packages. The current
stable release of Debian (sarge) includes Exim 4.50 with upstream
patches. /etc/usr/share/doc/exim4/README.Debian.gz on my Debian sarge
box includes the following:
----------------------------------
Q: What about support for SPF http://spf.pobox.com/?
A: exiscan 4.34-22 introduced support for SPF by means of a
spf ACL condition. This functionality is currently not included in
the official Debian packages.
Rationale:
* SPF imho has not reached the necessary amount of
standardization and acceptance for inclusion in a Debian/stable
release, it is still in flux.
* I do not want to drag in another library dependency.
* Checking with spfd http://packages.debian.org/libmail-spf-query-perl
instead of exiscan's spf-condition offers the same functionality,
afaict.
* spamassassin 3.0 will include SPF support, too.
* I do not want to encourage SPF because I am not convinced of its
benefits. (Discussion and links on benefits and downsides of SPF are
not listed here intentionally.)
----------------------------------
This is what anyone who installs Debian stable (sarge) and accepts Exim
as the default MTA sees today.
The only real problem seems to be that they don't use Exim 4's built-in
SPF support based on libspf2 but use libmail-spf-query-perl's `spfquery`
instead (because they didn't want to introduce another dependency on a
natively compiled library and because the co-maintainer responsible for
the SPF support was more experienced and comfortable with just using
spfquery).
My point is that they removed built-in SPF support in favor of the external
perl program. There was a lot of effort put into those libraries and I don't
know if the perl implementation is the same quality. It's also perl rather
than a compiled language. The version of spfquery in the Debian stable
repository is 1.997-2.
Anyone is free to recompile Exim from source under Debian. IMHO,
most people won't bother,
Probably true.
and in fact they will see a disparaging note in the docs about SPF.
Not true, as far as I can see.
See excerpt from exim4 package README.Debian above.
--
Seth Goodman
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735