integration of SPF checking with exim?

integration of SPF checking with cpanel's exim?

anyone smart managed to do this and want to share knowledge how to do this?


other issue:
spf checking sould be excluded when email is recived from dns clustered server (db file for domain exists in /var/named/) - thats because you dont want to emails from your others servers to be refused with forwarders....

 

I see none. I'm not talking about stupid threats about how to insert txt -spf records into dns. But perhaps I missed some valuable thread...
I'm talking about how to integrate spf record checking in exim

 

right. too bad that cpanel is using exim 4.44 that dont have integrated exiscan yet (from version 4.50) so without serious changes you cant add spf checks to it (I'm not at that level of knowledge yet with exim). and thats why I asked if someone managed to do it, and how. I'm not asking for google asistance really.

half of popular mailservers in my country already implements spf checking, and so not accepting any forwarded mail . So I dont see reason why I should not take advantage of almost no-spam (with exceptions for virus infected users computers) offered by spf records

 

oh. I use stable build and this one have exim-4.43-40. But it is good to know that in near future it will be easy to implement spf checking, because exiscan allready got it (without taking end action - blocking email). thanks

 

your mailserver wont accept forwarded emails anymore, from any server. That would be all...

 

I dont know.
Much spam originates from other mailservers than it sould as for given sender email (email 'spoofed').

Besides if reciving an email from server that posted SPF records, and your server chcecks it.. then you can be 99% sure that it originates from that email adres as pased in email (1% for open mail servers like smtp without auth, or open php, cgi mailers)


And if everyserver would publish its spf, then you could disable reciving emails without spf's - and that would make finally impossible for ppl with dyn ip to send emails - because they cant change dns records under their reverse dns hm - but thats daydream


anyway yeah... spf's wont stop spam, but it can make you more sure about author of email you're reading...

 

Code:

Starting exim: 2005-05-25 21:57:54 Exim configuration error in line 250 of /etc/
exim.conf:
  error in ACL: unknown ACL condition/modifier in "spf         = fail"
                                                           [FAILED]
Starting exim-smtps: 2005-05-25 21:57:54 Exim configuration error in line 250 of
 /etc/exim.conf:
  error in ACL: unknown ACL condition/modifier in "spf         = fail"

I dont think cpanels exim have spf checks integrated really
(I'm using now Exim version 4.50 #1 built 24-Mar-2005 15:00:31)

back to square one. Did anyone managed to integrate spf checks with cpanel exim?

 

Code:

  # Query the SPF information for the sender address domain, if any,
  # to see if the sending host is authorized to deliver its mail.
  # If not, reject the mail.
  #
  deny
    message     = [SPF] $sender_host_address is not allowed to send mail \
                  from $sender_address_domain
    log_message = SPF check failed.
    spf         = fail


  # Add a SPF-Received: header to the message
  warn
    message     = $spf_received

you mean this one or something else? I added as above however
spf = fail
is unknow syntax

 

as far as I understand that spf acl is integrated into exiscan
http://duncanthrax.net/exiscan-acl/

 

http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt

Code:

8. Sender Policy Framework (SPF) support
--------------------------------------------------------------

To learn  more  about  SPF, visit   http://spf.pobox.com. This
document does   not explain  the SPF  fundamentals, you should
read and understand the implications of deploying SPF on  your
system before doing so.

SPF support is added via the libspf2 library. Visit 

  http://www.libspf2.org/
  
to obtain  a copy,  then compile  and install  it. By default,
this will  put headers  in /usr/local/include  and the  static
library in /usr/local/lib.

To compile exim with SPF support, set these additional flags in
Local/Makefile:

CFLAGS=-DSPF -I/usr/local/include
EXTRALIBS_EXIM=-L/usr/local/lib -lspf2

hmm. so I need to compile with spf support I wonder if I manage to run spf checks, will I have means to make ip whitelist for my servers. If not I sould not even go further in this one