How to add a Exim SPF Check Exception

Hey,

Sorry that I'm opening up an older topic, but I figured it'd be better than making a new one.

Anyhow, there's an acl in exim configuration:

# BEGIN INSERT custom_begin_connect

accept delay = 15s

# END INSERT custom_begin_connect

What I'd like to do is to make an exception so that trusted domains/IPs can send e-mails without any delay, in other words I'd like that rule omitted for these domains.

I thought about something like this, but I'm not sure whether it makes any sense as I've barely read about it so far:
accept delay = 15s
deny delay= 15s
condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}

Help appreciated.

 

Eh, can't seem to make it work. Read about it a bit in here and apparently the condition should be first, so I tried setting it up like this:

accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
delay = 15s

If I set it up like this, the delay is omitted for every e-mail.
I probably still don't properly understand how it works.

 

Experimented with this rule today a little bit.

The solution was simply adding another accept before the delay - I didn't realise ACL basically doesn't check other "accepts" if the first one in the specific section has passed. So now it's set up as this:

accept condition = ${if match_ip{$sender_host_address}{iplsearch;/etc/trustedmailhosts}{1}{0}}
accept delay = 15s

Now if it matches an IP in the file, the delay doesn't happen. And happens other way around.

Also got some help from a ticket I have opened - there's a helpful command "exim -bh" (or "exim -bh <IP>" in my case). It's a command which I haven't known or tried, but should have - as it is present in the documentation I have posted.

 

Michael, can this be done in the Exim Advanced Editor? Could you explain what section to edit? Or does exim.conf have to be edited each time exim is updated?

thanks

 

For anyone else who hasn't modified Exim, here are the steps

(from https://features.cpanel.net/topic/exclude-backup-mx-hosts-from-spf-validation-checks)

...it is currently possible to modify Exim (in a cPanel sanctioned and supported way) to exempt Backup MX Hosts from SPF validation checks.

1. Go to WHM
2. Go to "Exim Configuration"
3. Go to the "Advanced Editor" tab
4. Scroll to/locate the section labeled "spf_bl (Reject SPF failures)"
5. If it is checked, uncheck it (this disabled the default SPF behavior)
6. Make sure the section just above it labeled "custom_begin_mailauth" is checked (enabled) and paste the snippet from Michael above in the text box