reject SPF failures setting missing

RWH Tech

Well-Known Member
Oct 1, 2015
86
16
8
Brazil
cPanel Access Level
Root Administrator
I just got a piece of mail last night spoofing an AOL address. I was sure AOL used SPF, so I went to double-check the "Reject SPF failures" to make sure it wasn't reset during some update.

"Reject SPF failures" is no longer listed in the Exim Basic Editor

I fired up a clean VM I use for testing and it has the same issue.

Can't be just me.
 

Infopro

Well-Known Member
May 20, 2003
17,076
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
These quotes from the EDGE users mailing list recently that may be of some use:

The Release Notes for version 58 indicate that "Reject SPF Failures enabled by default in Exim"

Looking over the Changelog for 58, I see the following:
* Fixed case CPANEL-7924: Remove unused spf_bl Exim ACL.

Wasn't spf_bl used to reject SPF failures? It was in version 56 and below so I don't think this ACL should have been removed. Looking in the Exim configuration, I am not seeing any ACLs that are actually rejecting SPF failures and it looks like a server running 58 accepted a message that should have failed a SPF check.

It was used to reject SPF failures if SpamAssassin was not already doing SPF lookups. However, in 58, we forced SpamAssassin to always perform SPF lookups (in order to support the KAM rules better), so this ACL became obsolete and code to support it was removed.

We noticed that leaving the ACL file behind without the code to disable it forced it on on all servers, which caused mail delivery problems. SPF functionality is handled by SpamAssassin now.
 
  • Like
Reactions: RWH Tech