2009年2月20日 星期五

exim with DNS SPF

在exim 配置DNS SPF 檢查

在EXIM 上的應用在exim configure acl sector 加入

acl_check_rcpt:
#...

# Use spfquery to perform a pair of SPF checks (for details, see
# http://www.openspf.org/)
#
# This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
# enable if that's an issue. Also note that if you enable this, you must
# install "libmail-spf-query-perl" which provides the spfquery command.
# Missing libmail-spf-query-perl will trigger the "Unexpected error in
# SPF check" warning.

deny
message = [SPF] $sender_host_address is not allowed to send mail from \
${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
Please see http://www.openspf.org/why.html?sender=$sender_address&ip=$sender_host_address
log_message = SPF check failed.
condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\" \
--mail-from \"$sender_address\" --helo \"$sender_helo_name\"} \
{no}{${if eq {$runrc}{1}{yes}{no}}}}

defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}

warn
message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq {$runrc}{2}{softfail}\
{ ${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if le {$runrc}{6}{yes}{no}}

warn
log_message = Unexpected error in SPF check.
condition = ${if gt {$runrc}{6}{yes}{no}}

# Support for best-guess (see http://www.openspf.org/developers-guide.html)
warn
message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip \"$sender_host_address\" \
--mail-from \"$sender_address\" \ --helo \"$sender_helo_name\" --guess true}\
{pass}{${if eq {$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq {$runrc}{4}{unknown}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if le {$runrc}{6}{yes}{no}}

defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}[img][/img]

簡單來說

DNS SPF record 應先配置在dns server 上

而DNS SPF check 則應在該機制成熟後加入,減少spam 信件

沒有留言:

張貼留言